Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Preventivka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
majom246
Návštěvník
Návštěvník
Příspěvky: 75
Registrován: 08 črc 2010 13:33

Preventivka

#1 Příspěvek od majom246 »

Zdravim,

chcel by som poprosit o kontrolu :)


Logfile of random's system information tool 1.10 (written by random/random)
Run by mario at 2017-07-27 12:51:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 43 GB (22%) free of 191 GB
Total RAM: 4000 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:38, on 27. 7. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18739)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\mario.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Printer Dianostics Service - Unknown owner - C:\Windows\system32\\spdsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 10505 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
C:\Windows\system32\WLANExt.exe 2819760
\??\C:\Windows\system32\conhost.exe "-1383110169-567017466-523247778-1755092991829691263-1263807506148786207-552870673
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\SysWOW64\\spdsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
WLIDSvcM.exe 2508
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
"taskhost.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe"
taskeng.exe {D10B897E-3C08-4F96-B869-553DDCD4139D}
"C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe"
"C:\Program Files\ASUS\P4G\BatteryLife.exe"
taskeng.exe {8D802AB6-5A7C-4914-84F1-72857E210EAA}
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
C:\Windows\SysWOW64\ACEngSvr.exe -Embedding
"C:\Windows\system32\igfxpers.exe"
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical

"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe12_ Global\UsGthrCtrlFltPipeMssGthrPipe12 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Users\mario\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf276bb00fdf1f.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d040b98875e7b6.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d091a278dac117.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\baozi57m.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.66.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-25 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-11-30 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-25 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-11-03 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-11-03 392472]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-05-05 2785064]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2011-03-21 361984]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2011-05-05 97064]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-08-16 2277480]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-11-30 983200]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-11-30 800416]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 462712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-09-26 6482200]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-02-21 102568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2012-05-09 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2010-08-20 107816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-09-05 12850792]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2012-02-24 3331312]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-23 318080]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2011-10-25 174720]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2011-10-19 2319536]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-11-03 390144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Program Files (x86)\RasWin\RasWin.exe -script "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2017-07-27 12:51:36 ----D---- C:\rsit
2017-07-12 10:23:29 ----A---- C:\Windows\system32\aitstatic.exe
2017-07-12 10:23:28 ----A---- C:\Windows\system32\generaltel.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\devinv.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\centel.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\appraiser.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\aepic.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\aeinv.dll
2017-07-12 10:23:27 ----A---- C:\Windows\system32\invagent.dll
2017-07-12 10:23:27 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-07-12 10:23:27 ----A---- C:\Windows\system32\acmigration.dll
2017-07-12 10:22:52 ----A---- C:\Windows\system32\mshtml.dll
2017-07-12 10:22:50 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-07-12 10:22:47 ----A---- C:\Windows\system32\ieframe.dll
2017-07-12 10:22:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-07-12 10:22:44 ----A---- C:\Windows\system32\jscript9.dll
2017-07-12 10:22:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-07-12 10:22:42 ----A---- C:\Windows\system32\win32k.sys
2017-07-12 10:22:42 ----A---- C:\Windows\system32\urlmon.dll
2017-07-12 10:22:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-07-12 10:22:41 ----A---- C:\Windows\system32\tquery.dll
2017-07-12 10:22:41 ----A---- C:\Windows\system32\Query.dll
2017-07-12 10:22:40 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-07-12 10:22:40 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-07-12 10:22:40 ----A---- C:\Windows\system32\vbscript.dll
2017-07-12 10:22:40 ----A---- C:\Windows\system32\kerberos.dll
2017-07-12 10:22:39 ----A---- C:\Windows\SYSWOW64\tquery.dll
2017-07-12 10:22:39 ----A---- C:\Windows\SYSWOW64\Query.dll
2017-07-12 10:22:39 ----A---- C:\Windows\system32\ExplorerFrame.dll
2017-07-12 10:22:39 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-07-12 10:22:38 ----A---- C:\Windows\system32\Wldap32.dll
2017-07-12 10:22:38 ----A---- C:\Windows\system32\wininet.dll
2017-07-12 10:22:38 ----A---- C:\Windows\system32\drivers\ntfs.sys
2017-07-12 10:22:38 ----A---- C:\Windows\system32\drivers\netio.sys
2017-07-12 10:22:37 ----A---- C:\Windows\SYSWOW64\Wldap32.dll
2017-07-12 10:22:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-07-12 10:22:37 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2017-07-12 10:22:37 ----A---- C:\Windows\system32\msinfo32.exe
2017-07-12 10:22:36 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-07-12 10:22:36 ----A---- C:\Windows\system32\wdc.dll
2017-07-12 10:22:36 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 10:22:36 ----A---- C:\Windows\system32\drivers\http.sys
2017-07-12 10:22:35 ----A---- C:\Windows\SYSWOW64\wdc.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\pdhui.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\jscript.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\iedkcs32.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\clfs.sys
2017-07-12 10:22:34 ----A---- C:\Windows\SYSWOW64\pdhui.dll
2017-07-12 10:22:34 ----A---- C:\Windows\SYSWOW64\msinfo32.exe
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\bthpan.sys
2017-07-12 10:22:33 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-07-12 10:22:33 ----A---- C:\Windows\system32\wvc.dll
2017-07-12 10:22:33 ----A---- C:\Windows\system32\perfmon.exe
2017-07-12 10:22:33 ----A---- C:\Windows\system32\dxtmsft.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\wvc.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\perfmon.exe
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-07-12 10:22:32 ----A---- C:\Windows\system32\webcheck.dll
2017-07-12 10:22:32 ----A---- C:\Windows\system32\resmon.exe
2017-07-12 10:22:32 ----A---- C:\Windows\system32\msrating.dll
2017-07-12 10:22:32 ----A---- C:\Windows\system32\certcli.dll
2017-07-12 10:22:31 ----A---- C:\Windows\SYSWOW64\resmon.exe
2017-07-12 10:22:31 ----A---- C:\Windows\system32\msfeeds.dll
2017-07-12 10:22:31 ----A---- C:\Windows\system32\dxtrans.dll
2017-07-12 10:22:30 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-07-12 10:22:30 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-07-12 10:22:30 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-07-12 10:22:30 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-07-12 10:22:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-07-12 10:22:29 ----A---- C:\Windows\system32\iertutil.dll
2017-07-12 10:22:28 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\mshtmled.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\ieui.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\iesetup.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\ie4uinit.exe
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-07-12 10:22:27 ----A---- C:\Windows\system32\occache.dll
2017-07-12 10:22:27 ----A---- C:\Windows\system32\jscript9diag.dll
2017-07-12 10:22:27 ----A---- C:\Windows\system32\ieUnatt.exe
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-07-12 10:22:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 10:22:26 ----A---- C:\Windows\system32\inseng.dll
2017-07-12 10:22:26 ----A---- C:\Windows\system32\iernonce.dll
2017-07-12 10:22:25 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-07-12 10:22:25 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\jsproxy.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-07-12 10:22:24 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-07-12 10:22:24 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-07-12 10:22:24 ----A---- C:\Windows\system32\rpcrt4.dll
2017-07-12 10:22:23 ----A---- C:\Windows\system32\mssrch.dll
2017-07-12 10:22:23 ----A---- C:\Windows\system32\ieapfltr.dll
2017-07-12 10:22:22 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-07-12 10:22:22 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-07-12 10:22:22 ----A---- C:\Windows\system32\lsasrv.dll
2017-07-12 10:22:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-07-12 10:22:21 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-07-12 10:22:21 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2017-07-12 10:22:21 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\schannel.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\ncrypt.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\msv1_0.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\mssvp.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\mssph.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-07-12 10:22:20 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-07-12 10:22:20 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-07-12 10:22:20 ----A---- C:\Windows\SYSWOW64\mssph.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\wdigest.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\TSpkg.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\sspicli.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 10:22:20 ----A---- C:\Windows\system32\SearchIndexer.exe
2017-07-12 10:22:20 ----A---- C:\Windows\system32\rpchttp.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\mssprxy.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\mssphtb.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\mssitlb.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-07-12 10:22:20 ----A---- C:\Windows\system32\bcrypt.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2017-07-12 10:22:19 ----A---- C:\Windows\system32\sspisrv.dll
2017-07-12 10:22:19 ----A---- C:\Windows\system32\msscntrs.dll
2017-07-12 10:22:19 ----A---- C:\Windows\system32\lsass.exe
2017-07-12 10:22:19 ----A---- C:\Windows\system32\cryptbase.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-07-12 10:22:18 ----A---- C:\Windows\system32\secur32.dll
2017-07-12 10:22:18 ----A---- C:\Windows\system32\SearchFilterHost.exe
2017-07-12 10:22:18 ----A---- C:\Windows\system32\msshooks.dll
2017-07-12 10:22:18 ----A---- C:\Windows\system32\cdd.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-07-12 10:22:17 ----A---- C:\Windows\system32\credssp.dll
2017-07-12 10:22:17 ----A---- C:\Windows\system32\auditpol.exe
2017-07-12 10:22:14 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-07-12 10:22:14 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-07-12 10:22:14 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-07-12 10:22:14 ----A---- C:\Windows\system32\tzres.dll
2017-07-12 10:22:14 ----A---- C:\Windows\system32\msaudite.dll
2017-07-12 10:22:14 ----A---- C:\Windows\system32\adtschema.dll
2017-07-12 10:22:13 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-07-12 10:22:13 ----A---- C:\Windows\system32\msobjs.dll

======List of files/folders modified in the last 1 month======

2017-07-27 12:51:37 ----D---- C:\Program Files\trend micro
2017-07-27 12:51:36 ----D---- C:\Windows\Temp
2017-07-27 11:33:04 ----D---- C:\Windows\system32\config
2017-07-27 11:25:26 ----D---- C:\Users\mario\AppData\Roaming\uTorrent
2017-07-27 11:25:25 ----D---- C:\Windows
2017-07-27 10:02:14 ----HD---- C:\ASUS.DAT
2017-07-27 07:31:46 ----A---- C:\Windows\SYSWOW64\log.txt
2017-07-26 21:14:03 ----D---- C:\Users\mario\AppData\Roaming\vlc
2017-07-26 14:57:35 ----D---- C:\Windows\System32
2017-07-26 14:57:35 ----D---- C:\Windows\inf
2017-07-26 14:57:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-07-26 11:18:22 ----D---- C:\Users\mario\AppData\Roaming\ChessBase
2017-07-25 17:48:48 ----SHD---- C:\System Volume Information
2017-07-22 15:53:30 ----HD---- C:\ProgramData
2017-07-22 13:53:36 ----D---- C:\Windows\debug
2017-07-22 13:46:30 ----D---- C:\Program Files\Fotolab
2017-07-21 23:10:16 ----D---- C:\Windows\system32\catroot2
2017-07-16 13:08:26 ----D---- C:\ProgramData\tmp
2017-07-16 11:40:45 ----D---- C:\ProgramData\hps
2017-07-16 11:32:01 ----SHD---- C:\Windows\Installer
2017-07-16 11:32:01 ----HD---- C:\Config.Msi
2017-07-13 17:40:46 ----D---- C:\Windows\winsxs
2017-07-13 17:35:01 ----D---- C:\Windows\system32\appraiser
2017-07-13 17:34:44 ----D---- C:\Program Files (x86)\Internet Explorer
2017-07-13 17:34:40 ----D---- C:\Program Files\Internet Explorer
2017-07-13 17:34:36 ----D---- C:\Windows\SYSWOW64\sk-SK
2017-07-13 17:34:36 ----D---- C:\Windows\SYSWOW64\migration
2017-07-13 17:34:34 ----D---- C:\Windows\SYSWOW64\en-US
2017-07-13 17:34:32 ----D---- C:\Windows\SysWOW64
2017-07-13 17:34:22 ----D---- C:\Windows\system32\sk-SK
2017-07-13 17:34:22 ----D---- C:\Windows\system32\migration
2017-07-13 17:34:22 ----D---- C:\Windows\system32\drivers
2017-07-13 17:34:20 ----D---- C:\Windows\system32\en-US
2017-07-13 17:34:06 ----D---- C:\Windows\AppPatch
2017-07-13 17:33:53 ----D---- C:\Windows\system32\DriverStore
2017-07-12 23:04:22 ----D---- C:\ProgramData\Microsoft Help
2017-07-12 23:02:56 ----D---- C:\Windows\system32\MRT
2017-07-12 22:52:07 ----AC---- C:\Windows\system32\MRT.exe
2017-07-11 21:37:42 ----RD---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-11-23 84616]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-04-26 557848]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-07-10 834544]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-11-23 262792]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-11-23 197248]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-11-23 208520]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-11-23 61568]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-11-23 153216]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2013-11-26 11576]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-11-23 130024]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-11-23 395752]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-11-30 36000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-10-04 2770944]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-11-30 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-11-30 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-11-30 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-11-30 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-11-30 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-11-30 280992]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-11-30 533152]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\drivers\bthpan.sys [2017-07-06 119296]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2012-02-24 80384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-11-03 12310112]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-09-06 3074536]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-05-05 1439792]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-14 48488]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-03-04 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2011-11-21 80512]
R2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-17 277120]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-11-30 106144]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-11-23 2771848]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
R2 Samsung Printer Dianostics Service;Samsung Printer Dianostics Service; C:\Windows\syswow64\\spdsvc.exe [2016-07-17 499000]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-26 125064]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-26 51320]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-14 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-06-29 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-27 147624]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-11 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivka

#2 Příspěvek od Rudy »

Zdravím!
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

majom246
Návštěvník
Návštěvník
Příspěvky: 75
Registrován: 08 črc 2010 13:33

Re: Preventivka

#3 Příspěvek od majom246 »

# AdwCleaner 7.0.0.0 - Logfile created on Fri Jul 28 15:53:27 2017
# Updated on 2017/17/07 by Malwarebytes
# Running on Windows 7 Home Premium (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Program Files\Enigma Software Group


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKU\S-1-5-21-438247265-350696904-1170458401-1000\Software\distromatic
Deleted: [Key] - HKCU\Software\distromatic
Deleted: [Key] - HKU\S-1-5-21-438247265-350696904-1170458401-1000\Software\Conduit
Deleted: [Key] - HKCU\Software\Conduit
Deleted: [Key] - HKLM\SOFTWARE\EnigmaSoftwareGroup


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1326 B] - [2017/7/28 15:52:21]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivka

#4 Příspěvek od Rudy »

Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

majom246
Návštěvník
Návštěvník
Příspěvky: 75
Registrován: 08 črc 2010 13:33

Re: Preventivka

#5 Příspěvek od majom246 »

Po reštartovaní pc mi ESET vypísal Ochrana online platieb nefunkčná.

Logfile of random's system information tool 1.10 (written by random/random)
Run by mario at 2017-07-28 18:06:48
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 47 GB (25%) free of 191 GB
Total RAM: 4000 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:06:54, on 28. 7. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18739)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\trend micro\mario.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Printer Dianostics Service - Unknown owner - C:\Windows\system32\\spdsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 10505 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
C:\Windows\system32\WLANExt.exe 25043072
\??\C:\Windows\system32\conhost.exe "616421628-1555854021-1563922222114429210968141178217322003141669467606459267341
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe"
C:\Windows\System32\svchost.exe -k utcsvc
taskeng.exe {18D419FB-D1B3-468E-8D12-29774C99AAC7}
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files\ASUS\P4G\BatteryLife.exe"
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe"
C:\Windows\SysWOW64\\spdsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
taskeng.exe {67B89029-477A-43A7-95B6-C0E894F20D22}
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
WLIDSvcM.exe 2316
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
C:\Windows\SysWOW64\ACEngSvr.exe -Embedding
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\system32\igfxpers.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 2"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\mario\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\mario\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=59.0.3071.115 --initial-client-data=0x80,0x84,0x88,0x7c,0x8c,0x7feee0619d0,0x7feee0619b8,0x7feee0619e8
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=4184 --on-initialized-event-handle=312 --parent-handle=316 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1120 --disable-d3d11 --disable-direct-composition --supports-dual-gpus=false --gpu-driver-bug-workarounds=7,10,11,17,19,20,21,24,26,43,63,76 --disable-gl-extensions="GL_KHR_blend_equation_advanced GL_KHR_blend_equation_advanced_coherent" --gpu-vendor-id=0x8086 --gpu-device-id=0x0106 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2559 --gpu-driver-date=10-21-2011 --service-request-channel-token=CBEDEA1BB2229D78C812D55F878C2F41 --mojo-platform-channel-handle=1132 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120 --primordial-pipe-token=727ED7F57AE1877542B5F88B7558D9A8 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --service-request-channel-token=727ED7F57AE1877542B5F88B7558D9A8 --renderer-client-id=4 --mojo-platform-channel-handle=2116 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120 --primordial-pipe-token=CF00A429584A3A65E1EF0E71BD4D478A --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --service-request-channel-token=CF00A429584A3A65E1EF0E71BD4D478A --renderer-client-id=5 --mojo-platform-channel-handle=2176 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1120 --primordial-pipe-token=5AF28A38C91700E51A69FC5072F6C8E1 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=disallowFetchForDocWrittenScriptsInMainFrame=false,disallowFetchForDocWrittenScriptsInMainFrameOnSlowConnections=true --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553 --disable-accelerated-video-decode --service-request-channel-token=5AF28A38C91700E51A69FC5072F6C8E1 --renderer-client-id=8 --mojo-platform-channel-handle=2912 /prefetch:1
taskhost.exe $(Arg0)
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Users\mario\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf276bb00fdf1f.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d040b98875e7b6.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d091a278dac117.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\baozi57m.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.66.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-25 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-11-30 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-25 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-11-03 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-11-03 392472]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-05-05 2785064]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2011-03-21 361984]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2011-05-05 97064]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-08-16 2277480]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-11-30 983200]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-11-30 800416]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 462712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-09-26 6482200]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-02-21 102568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2012-05-09 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2010-08-20 107816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-09-05 12850792]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2012-02-24 3331312]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-23 318080]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2011-10-25 174720]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2011-10-19 2319536]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-11-03 390144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Program Files (x86)\RasWin\RasWin.exe -script "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2017-07-28 17:47:32 ----D---- C:\AdwCleaner
2017-07-27 12:51:36 ----D---- C:\rsit
2017-07-12 10:23:29 ----A---- C:\Windows\system32\aitstatic.exe
2017-07-12 10:23:28 ----A---- C:\Windows\system32\generaltel.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\devinv.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\centel.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\appraiser.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\aepic.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\aeinv.dll
2017-07-12 10:23:27 ----A---- C:\Windows\system32\invagent.dll
2017-07-12 10:23:27 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-07-12 10:23:27 ----A---- C:\Windows\system32\acmigration.dll
2017-07-12 10:22:52 ----A---- C:\Windows\system32\mshtml.dll
2017-07-12 10:22:50 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-07-12 10:22:47 ----A---- C:\Windows\system32\ieframe.dll
2017-07-12 10:22:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-07-12 10:22:44 ----A---- C:\Windows\system32\jscript9.dll
2017-07-12 10:22:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-07-12 10:22:42 ----A---- C:\Windows\system32\win32k.sys
2017-07-12 10:22:42 ----A---- C:\Windows\system32\urlmon.dll
2017-07-12 10:22:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-07-12 10:22:41 ----A---- C:\Windows\system32\tquery.dll
2017-07-12 10:22:41 ----A---- C:\Windows\system32\Query.dll
2017-07-12 10:22:40 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-07-12 10:22:40 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-07-12 10:22:40 ----A---- C:\Windows\system32\vbscript.dll
2017-07-12 10:22:40 ----A---- C:\Windows\system32\kerberos.dll
2017-07-12 10:22:39 ----A---- C:\Windows\SYSWOW64\tquery.dll
2017-07-12 10:22:39 ----A---- C:\Windows\SYSWOW64\Query.dll
2017-07-12 10:22:39 ----A---- C:\Windows\system32\ExplorerFrame.dll
2017-07-12 10:22:39 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-07-12 10:22:38 ----A---- C:\Windows\system32\Wldap32.dll
2017-07-12 10:22:38 ----A---- C:\Windows\system32\wininet.dll
2017-07-12 10:22:38 ----A---- C:\Windows\system32\drivers\ntfs.sys
2017-07-12 10:22:38 ----A---- C:\Windows\system32\drivers\netio.sys
2017-07-12 10:22:37 ----A---- C:\Windows\SYSWOW64\Wldap32.dll
2017-07-12 10:22:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-07-12 10:22:37 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2017-07-12 10:22:37 ----A---- C:\Windows\system32\msinfo32.exe
2017-07-12 10:22:36 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-07-12 10:22:36 ----A---- C:\Windows\system32\wdc.dll
2017-07-12 10:22:36 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 10:22:36 ----A---- C:\Windows\system32\drivers\http.sys
2017-07-12 10:22:35 ----A---- C:\Windows\SYSWOW64\wdc.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\pdhui.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\jscript.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\iedkcs32.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\clfs.sys
2017-07-12 10:22:34 ----A---- C:\Windows\SYSWOW64\pdhui.dll
2017-07-12 10:22:34 ----A---- C:\Windows\SYSWOW64\msinfo32.exe
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\bthpan.sys
2017-07-12 10:22:33 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-07-12 10:22:33 ----A---- C:\Windows\system32\wvc.dll
2017-07-12 10:22:33 ----A---- C:\Windows\system32\perfmon.exe
2017-07-12 10:22:33 ----A---- C:\Windows\system32\dxtmsft.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\wvc.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\perfmon.exe
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-07-12 10:22:32 ----A---- C:\Windows\system32\webcheck.dll
2017-07-12 10:22:32 ----A---- C:\Windows\system32\resmon.exe
2017-07-12 10:22:32 ----A---- C:\Windows\system32\msrating.dll
2017-07-12 10:22:32 ----A---- C:\Windows\system32\certcli.dll
2017-07-12 10:22:31 ----A---- C:\Windows\SYSWOW64\resmon.exe
2017-07-12 10:22:31 ----A---- C:\Windows\system32\msfeeds.dll
2017-07-12 10:22:31 ----A---- C:\Windows\system32\dxtrans.dll
2017-07-12 10:22:30 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-07-12 10:22:30 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-07-12 10:22:30 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-07-12 10:22:30 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-07-12 10:22:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-07-12 10:22:29 ----A---- C:\Windows\system32\iertutil.dll
2017-07-12 10:22:28 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\mshtmled.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\ieui.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\iesetup.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\ie4uinit.exe
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-07-12 10:22:27 ----A---- C:\Windows\system32\occache.dll
2017-07-12 10:22:27 ----A---- C:\Windows\system32\jscript9diag.dll
2017-07-12 10:22:27 ----A---- C:\Windows\system32\ieUnatt.exe
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-07-12 10:22:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 10:22:26 ----A---- C:\Windows\system32\inseng.dll
2017-07-12 10:22:26 ----A---- C:\Windows\system32\iernonce.dll
2017-07-12 10:22:25 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-07-12 10:22:25 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\jsproxy.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-07-12 10:22:24 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-07-12 10:22:24 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-07-12 10:22:24 ----A---- C:\Windows\system32\rpcrt4.dll
2017-07-12 10:22:23 ----A---- C:\Windows\system32\mssrch.dll
2017-07-12 10:22:23 ----A---- C:\Windows\system32\ieapfltr.dll
2017-07-12 10:22:22 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-07-12 10:22:22 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-07-12 10:22:22 ----A---- C:\Windows\system32\lsasrv.dll
2017-07-12 10:22:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-07-12 10:22:21 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-07-12 10:22:21 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2017-07-12 10:22:21 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\schannel.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\ncrypt.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\msv1_0.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\mssvp.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\mssph.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-07-12 10:22:20 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-07-12 10:22:20 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-07-12 10:22:20 ----A---- C:\Windows\SYSWOW64\mssph.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\wdigest.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\TSpkg.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\sspicli.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 10:22:20 ----A---- C:\Windows\system32\SearchIndexer.exe
2017-07-12 10:22:20 ----A---- C:\Windows\system32\rpchttp.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\mssprxy.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\mssphtb.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\mssitlb.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-07-12 10:22:20 ----A---- C:\Windows\system32\bcrypt.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2017-07-12 10:22:19 ----A---- C:\Windows\system32\sspisrv.dll
2017-07-12 10:22:19 ----A---- C:\Windows\system32\msscntrs.dll
2017-07-12 10:22:19 ----A---- C:\Windows\system32\lsass.exe
2017-07-12 10:22:19 ----A---- C:\Windows\system32\cryptbase.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-07-12 10:22:18 ----A---- C:\Windows\system32\secur32.dll
2017-07-12 10:22:18 ----A---- C:\Windows\system32\SearchFilterHost.exe
2017-07-12 10:22:18 ----A---- C:\Windows\system32\msshooks.dll
2017-07-12 10:22:18 ----A---- C:\Windows\system32\cdd.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-07-12 10:22:17 ----A---- C:\Windows\system32\credssp.dll
2017-07-12 10:22:17 ----A---- C:\Windows\system32\auditpol.exe
2017-07-12 10:22:14 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-07-12 10:22:14 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-07-12 10:22:14 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-07-12 10:22:14 ----A---- C:\Windows\system32\tzres.dll
2017-07-12 10:22:14 ----A---- C:\Windows\system32\msaudite.dll
2017-07-12 10:22:14 ----A---- C:\Windows\system32\adtschema.dll
2017-07-12 10:22:13 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-07-12 10:22:13 ----A---- C:\Windows\system32\msobjs.dll

======List of files/folders modified in the last 1 month======

2017-07-28 18:06:52 ----D---- C:\Program Files\trend micro
2017-07-28 18:06:51 ----D---- C:\Windows\Temp
2017-07-28 17:57:34 ----A---- C:\Windows\SYSWOW64\log.txt
2017-07-28 17:55:35 ----D---- C:\Windows\system32\config
2017-07-28 17:55:30 ----HD---- C:\ASUS.DAT
2017-07-28 17:53:18 ----RD---- C:\Program Files
2017-07-28 09:01:57 ----SHD---- C:\System Volume Information
2017-07-28 08:10:31 ----D---- C:\Users\mario\AppData\Roaming\vlc
2017-07-28 07:15:49 ----D---- C:\Windows
2017-07-27 11:25:26 ----D---- C:\Users\mario\AppData\Roaming\uTorrent
2017-07-26 14:57:35 ----D---- C:\Windows\System32
2017-07-26 14:57:35 ----D---- C:\Windows\inf
2017-07-26 14:57:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-07-26 11:18:22 ----D---- C:\Users\mario\AppData\Roaming\ChessBase
2017-07-22 15:53:30 ----HD---- C:\ProgramData
2017-07-22 13:53:36 ----D---- C:\Windows\debug
2017-07-22 13:46:30 ----D---- C:\Program Files\Fotolab
2017-07-21 23:10:16 ----D---- C:\Windows\system32\catroot2
2017-07-16 13:08:26 ----D---- C:\ProgramData\tmp
2017-07-16 11:40:45 ----D---- C:\ProgramData\hps
2017-07-16 11:32:01 ----SHD---- C:\Windows\Installer
2017-07-16 11:32:01 ----HD---- C:\Config.Msi
2017-07-13 17:40:46 ----D---- C:\Windows\winsxs
2017-07-13 17:35:01 ----D---- C:\Windows\system32\appraiser
2017-07-13 17:34:44 ----D---- C:\Program Files (x86)\Internet Explorer
2017-07-13 17:34:40 ----D---- C:\Program Files\Internet Explorer
2017-07-13 17:34:36 ----D---- C:\Windows\SYSWOW64\sk-SK
2017-07-13 17:34:36 ----D---- C:\Windows\SYSWOW64\migration
2017-07-13 17:34:34 ----D---- C:\Windows\SYSWOW64\en-US
2017-07-13 17:34:32 ----D---- C:\Windows\SysWOW64
2017-07-13 17:34:22 ----D---- C:\Windows\system32\sk-SK
2017-07-13 17:34:22 ----D---- C:\Windows\system32\migration
2017-07-13 17:34:22 ----D---- C:\Windows\system32\drivers
2017-07-13 17:34:20 ----D---- C:\Windows\system32\en-US
2017-07-13 17:34:06 ----D---- C:\Windows\AppPatch
2017-07-13 17:33:53 ----D---- C:\Windows\system32\DriverStore
2017-07-12 23:04:22 ----D---- C:\ProgramData\Microsoft Help
2017-07-12 23:02:56 ----D---- C:\Windows\system32\MRT
2017-07-12 22:52:07 ----AC---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-11-23 84616]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-04-26 557848]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-07-10 834544]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-11-23 262792]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-11-23 197248]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-11-23 208520]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-11-23 61568]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-11-23 153216]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2013-11-26 11576]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-11-23 130024]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-11-23 395752]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-11-30 36000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-10-04 2770944]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-11-30 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-11-30 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-11-30 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-11-30 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-11-30 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-11-30 280992]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-11-30 533152]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\drivers\bthpan.sys [2017-07-06 119296]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2012-02-24 80384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-11-03 12310112]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-09-06 3074536]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-05-05 1439792]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-14 48488]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-03-04 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2011-11-21 80512]
R2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-17 277120]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-11-30 106144]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-11-23 2771848]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Samsung Printer Dianostics Service;Samsung Printer Dianostics Service; C:\Windows\syswow64\\spdsvc.exe [2016-07-17 499000]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-26 125064]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-26 51320]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-14 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-06-29 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-27 147624]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-11 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivka

#6 Příspěvek od Rudy »

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf276bb00fdf1f.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d040b98875e7b6.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA1d091a278dac117.job

:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

majom246
Návštěvník
Návštěvník
Příspěvky: 75
Registrován: 08 črc 2010 13:33

Re: Preventivka

#7 Příspěvek od majom246 »

Logfile of random's system information tool 1.10 (written by random/random)
Run by mario at 2017-07-28 20:00:14
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 47 GB (25%) free of 191 GB
Total RAM: 4000 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:00:29, on 28. 7. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18739)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files\trend micro\mario.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Printer Dianostics Service - Unknown owner - C:\Windows\system32\\spdsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 10104 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Program Files\ESET\ESET Smart Security\ekrn.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
C:\Windows\system32\WLANExt.exe 26026112
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
\??\C:\Windows\system32\conhost.exe "-19275084471821843619-1002256341-201274617911885388901703619421-1588641292-535677549
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe"
"taskhost.exe"
"C:\Program Files (x86)\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k utcsvc
taskeng.exe {466FE9BB-BDD5-4F06-B069-15970CAC86FF}
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files\ASUS\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\\spdsvc.exe
taskeng.exe {0906D995-0B86-4ED3-871C-4EB5E916C556}
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 2352
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
"C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
"C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
"C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
taskhost.exe $(Arg0)

"C:\Users\mario\Desktop\RSITx64.exe"

=========Mozilla firefox=========

ProfilePath - C:\Users\mario\AppData\Roaming\Mozilla\Firefox\Profiles\baozi57m.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.66.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-16 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-25 460384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}]
CIESpeechBHO Class - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-11-30 51872]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-25 172640]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-11-03 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-11-03 392472]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-05-05 2785064]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2011-03-21 361984]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2011-05-05 97064]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-08-16 2277480]
"AtherosBtStack"=C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [2011-11-30 983200]
"AthBtTray"=C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [2011-11-30 800416]
"CDAServer"=C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [2012-03-09 462712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-09-26 6482200]
"Xvid"=C:\Program Files (x86)\Xvid\CheckUpdate.exe [2011-01-17 8192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACMON]
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-02-21 102568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2012-05-09 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2010-08-20 107816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-09-05 12850792]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2012-02-24 3331312]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-12-23 318080]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2011-10-25 174720]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2011-10-19 2319536]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-11-03 390144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"midi2"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Program Files (x86)\RasWin\RasWin.exe -script "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2017-07-28 19:41:43 ----D---- C:\_OTM
2017-07-28 17:47:32 ----D---- C:\AdwCleaner
2017-07-27 12:51:36 ----D---- C:\rsit
2017-07-12 10:23:29 ----A---- C:\Windows\system32\aitstatic.exe
2017-07-12 10:23:28 ----A---- C:\Windows\system32\generaltel.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\devinv.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\centel.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\appraiser.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\aepic.dll
2017-07-12 10:23:28 ----A---- C:\Windows\system32\aeinv.dll
2017-07-12 10:23:27 ----A---- C:\Windows\system32\invagent.dll
2017-07-12 10:23:27 ----A---- C:\Windows\system32\CompatTelRunner.exe
2017-07-12 10:23:27 ----A---- C:\Windows\system32\acmigration.dll
2017-07-12 10:22:52 ----A---- C:\Windows\system32\mshtml.dll
2017-07-12 10:22:50 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2017-07-12 10:22:47 ----A---- C:\Windows\system32\ieframe.dll
2017-07-12 10:22:45 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2017-07-12 10:22:44 ----A---- C:\Windows\system32\jscript9.dll
2017-07-12 10:22:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2017-07-12 10:22:42 ----A---- C:\Windows\system32\win32k.sys
2017-07-12 10:22:42 ----A---- C:\Windows\system32\urlmon.dll
2017-07-12 10:22:41 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2017-07-12 10:22:41 ----A---- C:\Windows\system32\tquery.dll
2017-07-12 10:22:41 ----A---- C:\Windows\system32\Query.dll
2017-07-12 10:22:40 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2017-07-12 10:22:40 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2017-07-12 10:22:40 ----A---- C:\Windows\system32\vbscript.dll
2017-07-12 10:22:40 ----A---- C:\Windows\system32\kerberos.dll
2017-07-12 10:22:39 ----A---- C:\Windows\SYSWOW64\tquery.dll
2017-07-12 10:22:39 ----A---- C:\Windows\SYSWOW64\Query.dll
2017-07-12 10:22:39 ----A---- C:\Windows\system32\ExplorerFrame.dll
2017-07-12 10:22:39 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2017-07-12 10:22:38 ----A---- C:\Windows\system32\Wldap32.dll
2017-07-12 10:22:38 ----A---- C:\Windows\system32\wininet.dll
2017-07-12 10:22:38 ----A---- C:\Windows\system32\drivers\ntfs.sys
2017-07-12 10:22:38 ----A---- C:\Windows\system32\drivers\netio.sys
2017-07-12 10:22:37 ----A---- C:\Windows\SYSWOW64\Wldap32.dll
2017-07-12 10:22:37 ----A---- C:\Windows\SYSWOW64\wininet.dll
2017-07-12 10:22:37 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2017-07-12 10:22:37 ----A---- C:\Windows\system32\msinfo32.exe
2017-07-12 10:22:36 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2017-07-12 10:22:36 ----A---- C:\Windows\system32\wdc.dll
2017-07-12 10:22:36 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2017-07-12 10:22:36 ----A---- C:\Windows\system32\drivers\http.sys
2017-07-12 10:22:35 ----A---- C:\Windows\SYSWOW64\wdc.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\pdhui.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\jscript.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\iedkcs32.dll
2017-07-12 10:22:35 ----A---- C:\Windows\system32\clfs.sys
2017-07-12 10:22:34 ----A---- C:\Windows\SYSWOW64\pdhui.dll
2017-07-12 10:22:34 ----A---- C:\Windows\SYSWOW64\msinfo32.exe
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2017-07-12 10:22:34 ----A---- C:\Windows\system32\drivers\bthpan.sys
2017-07-12 10:22:33 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2017-07-12 10:22:33 ----A---- C:\Windows\system32\wvc.dll
2017-07-12 10:22:33 ----A---- C:\Windows\system32\perfmon.exe
2017-07-12 10:22:33 ----A---- C:\Windows\system32\dxtmsft.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\wvc.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\perfmon.exe
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\msrating.dll
2017-07-12 10:22:32 ----A---- C:\Windows\SYSWOW64\certcli.dll
2017-07-12 10:22:32 ----A---- C:\Windows\system32\webcheck.dll
2017-07-12 10:22:32 ----A---- C:\Windows\system32\resmon.exe
2017-07-12 10:22:32 ----A---- C:\Windows\system32\msrating.dll
2017-07-12 10:22:32 ----A---- C:\Windows\system32\certcli.dll
2017-07-12 10:22:31 ----A---- C:\Windows\SYSWOW64\resmon.exe
2017-07-12 10:22:31 ----A---- C:\Windows\system32\msfeeds.dll
2017-07-12 10:22:31 ----A---- C:\Windows\system32\dxtrans.dll
2017-07-12 10:22:30 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2017-07-12 10:22:30 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2017-07-12 10:22:30 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2017-07-12 10:22:30 ----A---- C:\Windows\system32\mshtmlmedia.dll
2017-07-12 10:22:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2017-07-12 10:22:29 ----A---- C:\Windows\system32\iertutil.dll
2017-07-12 10:22:28 ----A---- C:\Windows\SYSWOW64\ieui.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\mshtmled.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\ieui.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\iesetup.dll
2017-07-12 10:22:28 ----A---- C:\Windows\system32\ie4uinit.exe
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\occache.dll
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2017-07-12 10:22:27 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2017-07-12 10:22:27 ----A---- C:\Windows\system32\occache.dll
2017-07-12 10:22:27 ----A---- C:\Windows\system32\jscript9diag.dll
2017-07-12 10:22:27 ----A---- C:\Windows\system32\ieUnatt.exe
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\inseng.dll
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2017-07-12 10:22:26 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2017-07-12 10:22:26 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-07-12 10:22:26 ----A---- C:\Windows\system32\inseng.dll
2017-07-12 10:22:26 ----A---- C:\Windows\system32\iernonce.dll
2017-07-12 10:22:25 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2017-07-12 10:22:25 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\MshtmlDac.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\jsproxy.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\ieetwproxystub.dll
2017-07-12 10:22:25 ----A---- C:\Windows\system32\ieetwcollector.exe
2017-07-12 10:22:24 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2017-07-12 10:22:24 ----A---- C:\Windows\SYSWOW64\jscript.dll
2017-07-12 10:22:24 ----A---- C:\Windows\system32\rpcrt4.dll
2017-07-12 10:22:23 ----A---- C:\Windows\system32\mssrch.dll
2017-07-12 10:22:23 ----A---- C:\Windows\system32\ieapfltr.dll
2017-07-12 10:22:22 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2017-07-12 10:22:22 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2017-07-12 10:22:22 ----A---- C:\Windows\system32\lsasrv.dll
2017-07-12 10:22:22 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2017-07-12 10:22:21 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2017-07-12 10:22:21 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2017-07-12 10:22:21 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\schannel.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\ncrypt.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\msv1_0.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\mssvp.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\mssph.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2017-07-12 10:22:21 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2017-07-12 10:22:20 ----A---- C:\Windows\SYSWOW64\schannel.dll
2017-07-12 10:22:20 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2017-07-12 10:22:20 ----A---- C:\Windows\SYSWOW64\mssph.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\wdigest.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\TSpkg.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\sspicli.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2017-07-12 10:22:20 ----A---- C:\Windows\system32\SearchIndexer.exe
2017-07-12 10:22:20 ----A---- C:\Windows\system32\rpchttp.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\mssprxy.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\mssphtb.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\mssitlb.dll
2017-07-12 10:22:20 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2017-07-12 10:22:20 ----A---- C:\Windows\system32\bcrypt.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2017-07-12 10:22:19 ----A---- C:\Windows\SYSWOW64\mssitlb.dll
2017-07-12 10:22:19 ----A---- C:\Windows\system32\sspisrv.dll
2017-07-12 10:22:19 ----A---- C:\Windows\system32\msscntrs.dll
2017-07-12 10:22:19 ----A---- C:\Windows\system32\lsass.exe
2017-07-12 10:22:19 ----A---- C:\Windows\system32\cryptbase.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\mssprxy.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2017-07-12 10:22:18 ----A---- C:\Windows\SYSWOW64\bcrypt.dll
2017-07-12 10:22:18 ----A---- C:\Windows\system32\secur32.dll
2017-07-12 10:22:18 ----A---- C:\Windows\system32\SearchFilterHost.exe
2017-07-12 10:22:18 ----A---- C:\Windows\system32\msshooks.dll
2017-07-12 10:22:18 ----A---- C:\Windows\system32\cdd.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\secur32.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\msshooks.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\msscntrs.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\credssp.dll
2017-07-12 10:22:17 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2017-07-12 10:22:17 ----A---- C:\Windows\system32\credssp.dll
2017-07-12 10:22:17 ----A---- C:\Windows\system32\auditpol.exe
2017-07-12 10:22:14 ----A---- C:\Windows\SYSWOW64\tzres.dll
2017-07-12 10:22:14 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2017-07-12 10:22:14 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2017-07-12 10:22:14 ----A---- C:\Windows\system32\tzres.dll
2017-07-12 10:22:14 ----A---- C:\Windows\system32\msaudite.dll
2017-07-12 10:22:14 ----A---- C:\Windows\system32\adtschema.dll
2017-07-12 10:22:13 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2017-07-12 10:22:13 ----A---- C:\Windows\system32\msobjs.dll

======List of files/folders modified in the last 1 month======

2017-07-28 20:00:24 ----D---- C:\Windows\Temp
2017-07-28 20:00:24 ----D---- C:\Program Files\trend micro
2017-07-28 19:56:40 ----A---- C:\Windows\SYSWOW64\log.txt
2017-07-28 19:54:59 ----HD---- C:\ASUS.DAT
2017-07-28 19:54:41 ----D---- C:\Windows\system32\config
2017-07-28 19:41:46 ----D---- C:\Windows\Tasks
2017-07-28 19:38:58 ----D---- C:\Users\mario\AppData\Roaming\vlc
2017-07-28 17:53:18 ----RD---- C:\Program Files
2017-07-28 09:01:57 ----SHD---- C:\System Volume Information
2017-07-28 07:15:49 ----D---- C:\Windows
2017-07-27 11:25:26 ----D---- C:\Users\mario\AppData\Roaming\uTorrent
2017-07-26 14:57:35 ----D---- C:\Windows\System32
2017-07-26 14:57:35 ----D---- C:\Windows\inf
2017-07-26 14:57:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-07-26 11:18:22 ----D---- C:\Users\mario\AppData\Roaming\ChessBase
2017-07-22 15:53:30 ----HD---- C:\ProgramData
2017-07-22 13:53:36 ----D---- C:\Windows\debug
2017-07-22 13:46:30 ----D---- C:\Program Files\Fotolab
2017-07-21 23:10:16 ----D---- C:\Windows\system32\catroot2
2017-07-16 13:08:26 ----D---- C:\ProgramData\tmp
2017-07-16 11:40:45 ----D---- C:\ProgramData\hps
2017-07-16 11:32:01 ----SHD---- C:\Windows\Installer
2017-07-16 11:32:01 ----HD---- C:\Config.Msi
2017-07-13 17:40:46 ----D---- C:\Windows\winsxs
2017-07-13 17:35:01 ----D---- C:\Windows\system32\appraiser
2017-07-13 17:34:44 ----D---- C:\Program Files (x86)\Internet Explorer
2017-07-13 17:34:40 ----D---- C:\Program Files\Internet Explorer
2017-07-13 17:34:36 ----D---- C:\Windows\SYSWOW64\sk-SK
2017-07-13 17:34:36 ----D---- C:\Windows\SYSWOW64\migration
2017-07-13 17:34:34 ----D---- C:\Windows\SYSWOW64\en-US
2017-07-13 17:34:32 ----D---- C:\Windows\SysWOW64
2017-07-13 17:34:22 ----D---- C:\Windows\system32\sk-SK
2017-07-13 17:34:22 ----D---- C:\Windows\system32\migration
2017-07-13 17:34:22 ----D---- C:\Windows\system32\drivers
2017-07-13 17:34:20 ----D---- C:\Windows\system32\en-US
2017-07-13 17:34:06 ----D---- C:\Windows\AppPatch
2017-07-13 17:33:53 ----D---- C:\Windows\system32\DriverStore
2017-07-12 23:04:22 ----D---- C:\ProgramData\Microsoft Help
2017-07-12 23:02:56 ----D---- C:\Windows\system32\MRT
2017-07-12 22:52:07 ----AC---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-11-23 84616]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-04-26 557848]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-07-10 834544]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-11-23 262792]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-11-23 197248]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-11-23 208520]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-11-23 61568]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-11-23 153216]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2013-11-26 11576]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-11-23 130024]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-11-23 395752]
R3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2011-11-30 36000]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-10-04 2770944]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2011-11-30 330912]
R3 btath_avdt;Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2011-11-30 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys [2011-11-30 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys [2011-11-30 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2011-11-30 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys [2011-11-30 280992]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2011-11-30 533152]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\drivers\bthpan.sys [2017-07-06 119296]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2012-02-24 80384]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-11-03 12310112]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-09-06 3074536]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-11-03 317440]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-05-05 1439792]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2011-03-18 74840]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-14 48488]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-03-04 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2011-11-21 80512]
R2 ASUS InstantOn;ASUS InstantOn Service; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [2012-02-17 277120]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [2011-11-30 106144]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-11-23 2771848]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-21 325656]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 Samsung Printer Dianostics Service;Samsung Printer Dianostics Service; C:\Windows\syswow64\\spdsvc.exe [2016-07-17 499000]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-03-26 105096]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2017-03-26 125064]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2017-03-26 51320]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-14 1492840]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30 144200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-06-29 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-27 147624]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-12 271920]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-07-11 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2017-03-26 135800]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivka

#8 Příspěvek od Rudy »

Dvouklikem na soubor C:\Program Files\trend micro\mario.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.bing.com/search?q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

majom246
Návštěvník
Návštěvník
Příspěvky: 75
Registrován: 08 črc 2010 13:33

Re: Preventivka

#9 Příspěvek od majom246 »

Hotovo :)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivka

#10 Příspěvek od Rudy »

Tím by měl být log OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

majom246
Návštěvník
Návštěvník
Příspěvky: 75
Registrován: 08 črc 2010 13:33

Re: Preventivka

#11 Příspěvek od majom246 »

Dakujem pekne :)

:closed:

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Preventivka

#12 Příspěvek od Rudy »

Nemáte zač! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno