Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

preventivka

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
plasko
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 03 úno 2010 17:57

preventivka

#1 Příspěvek od plasko »

Zdravim, poprosil by som o preventivnu kontrolu:

Logfile of random's system information tool 1.10 (written by random/random)
Run by martin at 2018-05-29 17:53:51
Microsoft Windows 8.1
System drive C: has 393 GB (92%) free of 428 GB
Total RAM: 3941 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:53:53, on 29.5.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18817)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\martin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
O4 - HKLM\..\Run: [Lenovo EasyCamera_Monitor] C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - Startup: Odoslanie do aplikácie OneNote.lnk = C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9110 bytes

======Listing Processes======






wininit.exe
winlogon.exe


C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\WLANExt.exe 743241819808
\??\C:\WINDOWS\system32\conhost.exe 0x4

C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\WINDOWS\System32\svchost.exe -k utcsvc
dashost.exe {5d04b9c2-3674-4836-afec8777e9f27f7c}
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9fb896c3-cbeb-4da1-af59-ddaac6f01dbc -SystemEventPortName:HostProcess-9f77e16d-fffd-4674-a1f8-f802883bb51b -IoCancelEventPortName:HostProcess-eb1a8b6c-8fe3-4e1d-8d48-d832ab7b876c -NonStateChangingEventPortName:HostProcess-cddeb442-349a-42bc-8fde-3a9a027dc25a -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a86deb06-00af-4d0a-b189-256dab95e57a -DeviceGroupId:WudfDefaultDevicePool

C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\WINDOWS\Explorer.EXE
taskhostex.exe
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
AvastUI.exe /nogui
"C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\martin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\martin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\martin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=66.0.3359.181 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ffefcb43218,0x7ffefcb43228,0x7ffefcb43238
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3576 --on-initialized-event-handle=468 --parent-handle=472 /prefetch:6
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1140,1630551802628492489,11085291948415782678,131072 --gpu-preferences=KAAAAAAAAACAAwCAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=505DEAF72D45D724FA05CB9049A912DE --mojo-platform-channel-handle=1156 --ignored=" --type=renderer " /prefetch:2
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1630551802628492489,11085291948415782678,131072 --service-pipe-token=106D3EE4733253315B66CC1B36B3E4AB --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --enable-compositor-image-animations --service-request-channel-token=106D3EE4733253315B66CC1B36B3E4AB --renderer-client-id=3 --mojo-platform-channel-handle=2344 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1630551802628492489,11085291948415782678,131072 --service-pipe-token=DDE7F4318C21E88966C073A56B5FA5D3 --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --enable-compositor-image-animations --service-request-channel-token=DDE7F4318C21E88966C073A56B5FA5D3 --renderer-client-id=4 --mojo-platform-channel-handle=2536 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1630551802628492489,11085291948415782678,131072 --service-pipe-token=91C4D9BC8D35E8C915FB2796B2EB6DDA --lang=sk --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --enable-compositor-image-animations --service-request-channel-token=91C4D9BC8D35E8C915FB2796B2EB6DDA --renderer-client-id=5 --mojo-platform-channel-handle=2576 /prefetch:1
C:\WINDOWS\System32\svchost.exe -k WerSvcGroup

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1630551802628492489,11085291948415782678,131072 --service-pipe-token=67AF457D87A6C1463CAEA375400ACBD5 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --enable-compositor-image-animations --service-request-channel-token=67AF457D87A6C1463CAEA375400ACBD5 --renderer-client-id=14 --mojo-platform-channel-handle=3548 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1630551802628492489,11085291948415782678,131072 --service-pipe-token=892FA1CD5EA0168CB01A50B4E8D0238C --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --enable-compositor-image-animations --service-request-channel-token=892FA1CD5EA0168CB01A50B4E8D0238C --renderer-client-id=20 --mojo-platform-channel-handle=5436 /prefetch:1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1630551802628492489,11085291948415782678,131072 --service-pipe-token=9177F1BC6C9F9C86F8A2F8128A58C561 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --enable-compositor-image-animations --service-request-channel-token=9177F1BC6C9F9C86F8A2F8128A58C561 --renderer-client-id=22 --mojo-platform-channel-handle=2928 /prefetch:1
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1140,1630551802628492489,11085291948415782678,131072 --service-pipe-token=A55F5A99F3A0D249F9F1CBEBFD96FCF8 --lang=sk --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=1 --enable-compositor-image-animations --service-request-channel-token=A55F5A99F3A0D249F9F1CBEBFD96FCF8 --renderer-client-id=27 --mojo-platform-channel-handle=6752 /prefetch:1








"C:\Program Files\Internet Explorer\IELowutil.exe" -PID:123













C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\WINDOWS\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\martin\Desktop\RSITx64.exe"




======Scheduled tasks folder======

C:\WINDOWS\tasks\Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2018-05-17 958328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-29 149168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17 820672]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2018-04-29 2201264]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-07-02 12921488]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2012-06-13 1212560]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2012-06-26 366720]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2012-10-16 17079376]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2012-10-16 191568]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-16 2916152]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2015-06-01 183216]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2015-06-01 411056]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2015-06-01 453552]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2018-05-17 242904]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2017-02-07 4701888]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Dolby Advanced Audio v2"=C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-04-23 508256]
"Lenovo EasyCamera_Monitor"=C:\Program Files (x86)\Lenovo EasyCamera\monitor.exe [2010-08-24 257224]

C:\Users\martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odoslanie do aplikácie OneNote.lnk - C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2015-06-01 451584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcapexe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McNaiAnn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-05-29 17:51:14 ----D---- C:\rsit
2018-05-29 17:51:14 ----D---- C:\Program Files\trend micro
2018-05-28 11:43:41 ----D---- C:\Program Files\CCleaner
2018-05-19 02:28:51 ----D---- C:\Program Files\Common Files\DESIGNER
2018-05-17 06:42:12 ----A---- C:\WINDOWS\system32\aswBoot.exe
2018-05-09 04:34:00 ----A---- C:\WINDOWS\system32\mshtml.dll
2018-05-09 04:33:57 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2018-05-09 04:33:53 ----A---- C:\WINDOWS\system32\ieframe.dll
2018-05-09 04:33:51 ----A---- C:\WINDOWS\SYSWOW64\ieframe.dll
2018-05-09 04:33:50 ----A---- C:\WINDOWS\system32\jscript9.dll
2018-05-09 04:33:49 ----A---- C:\WINDOWS\system32\mstscax.dll
2018-05-09 04:33:48 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2018-05-09 04:33:48 ----A---- C:\WINDOWS\SYSWOW64\jscript9.dll
2018-05-09 04:33:47 ----A---- C:\WINDOWS\system32\wuaueng.dll
2018-05-09 04:33:46 ----A---- C:\WINDOWS\SYSWOW64\wininet.dll
2018-05-09 04:33:46 ----A---- C:\WINDOWS\SYSWOW64\iertutil.dll
2018-05-09 04:33:46 ----A---- C:\WINDOWS\system32\win32k.sys
2018-05-09 04:33:46 ----A---- C:\WINDOWS\system32\rpcrt4.dll
2018-05-09 04:33:45 ----A---- C:\WINDOWS\system32\wininet.dll
2018-05-09 04:33:45 ----A---- C:\WINDOWS\system32\msdtctm.dll
2018-05-09 04:33:45 ----A---- C:\WINDOWS\system32\iertutil.dll
2018-05-09 04:33:44 ----A---- C:\WINDOWS\SYSWOW64\urlmon.dll
2018-05-09 04:33:44 ----A---- C:\WINDOWS\system32\urlmon.dll
2018-05-09 04:33:44 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2018-05-09 04:33:43 ----A---- C:\WINDOWS\SYSWOW64\vbscript.dll
2018-05-09 04:33:43 ----A---- C:\WINDOWS\SYSWOW64\msdtcprx.dll
2018-05-09 04:33:43 ----A---- C:\WINDOWS\SYSWOW64\jscript.dll
2018-05-09 04:33:43 ----A---- C:\WINDOWS\system32\oleaut32.dll
2018-05-09 04:33:43 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2018-05-09 04:33:43 ----A---- C:\WINDOWS\system32\jscript.dll
2018-05-09 04:33:42 ----A---- C:\WINDOWS\SYSWOW64\rdvidcrl.dll
2018-05-09 04:33:42 ----A---- C:\WINDOWS\system32\schannel.dll
2018-05-09 04:33:42 ----A---- C:\WINDOWS\system32\drivers\srv2.sys
2018-05-09 04:33:41 ----A---- C:\WINDOWS\SYSWOW64\schannel.dll
2018-05-09 04:33:41 ----A---- C:\WINDOWS\SYSWOW64\rpcrt4.dll
2018-05-09 04:33:41 ----A---- C:\WINDOWS\SYSWOW64\oleaut32.dll
2018-05-09 04:33:41 ----A---- C:\WINDOWS\system32\rdvidcrl.dll
2018-05-09 04:33:41 ----A---- C:\WINDOWS\system32\netlogon.dll
2018-05-09 04:33:40 ----A---- C:\WINDOWS\SYSWOW64\netlogon.dll
2018-05-09 04:33:40 ----A---- C:\WINDOWS\SYSWOW64\msfeeds.dll
2018-05-09 04:33:40 ----A---- C:\WINDOWS\system32\mstsc.exe
2018-05-09 04:33:40 ----A---- C:\WINDOWS\system32\comsvcs.dll
2018-05-09 04:33:39 ----A---- C:\WINDOWS\system32\wucltux.dll
2018-05-09 04:33:39 ----A---- C:\WINDOWS\system32\winload.exe
2018-05-09 04:33:39 ----A---- C:\WINDOWS\system32\msfeeds.dll
2018-05-09 04:33:38 ----A---- C:\WINDOWS\SYSWOW64\msdtcuiu.dll
2018-05-09 04:33:38 ----A---- C:\WINDOWS\SYSWOW64\comsvcs.dll
2018-05-09 04:33:38 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2018-05-09 04:33:37 ----A---- C:\WINDOWS\system32\WUSettingsProvider.dll
2018-05-09 04:33:37 ----A---- C:\WINDOWS\system32\vbscript.dll
2018-05-09 04:33:37 ----A---- C:\WINDOWS\system32\ncrypt.dll
2018-05-09 04:33:36 ----AC---- C:\WINDOWS\system32\drivers\msiscsi.sys
2018-05-09 04:33:36 ----A---- C:\WINDOWS\SYSWOW64\itss.dll
2018-05-09 04:33:36 ----A---- C:\WINDOWS\system32\itss.dll
2018-05-09 04:33:36 ----A---- C:\WINDOWS\system32\itircl.dll
2018-05-09 04:33:36 ----A---- C:\WINDOWS\system32\drivers\clfs.sys
2018-05-09 04:33:35 ----A---- C:\WINDOWS\SYSWOW64\ncrypt.dll
2018-05-09 04:33:35 ----A---- C:\WINDOWS\SYSWOW64\itircl.dll
2018-05-09 04:33:35 ----A---- C:\WINDOWS\system32\wudriver.dll
2018-05-09 04:33:35 ----A---- C:\WINDOWS\system32\catsrvut.dll
2018-05-09 04:33:29 ----A---- C:\WINDOWS\SYSWOW64\wudriver.dll
2018-05-09 04:33:29 ----A---- C:\WINDOWS\system32\wuauclt.exe
2018-05-09 04:33:26 ----A---- C:\WINDOWS\SYSWOW64\mstsc.exe
2018-05-09 04:33:26 ----A---- C:\WINDOWS\SYSWOW64\catsrvut.dll
2018-05-09 04:33:26 ----A---- C:\WINDOWS\system32\webcheck.dll
2018-05-09 04:33:26 ----A---- C:\WINDOWS\system32\jscript9diag.dll
2018-05-09 04:33:24 ----A---- C:\WINDOWS\SYSWOW64\webcheck.dll
2018-05-09 04:33:23 ----A---- C:\WINDOWS\SYSWOW64\certcli.dll
2018-05-09 04:33:23 ----A---- C:\WINDOWS\system32\certcli.dll
2018-05-09 04:33:21 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2018-05-09 04:33:21 ----A---- C:\WINDOWS\SYSWOW64\inetcomm.dll
2018-05-09 04:33:21 ----A---- C:\WINDOWS\SYSWOW64\iedkcs32.dll
2018-05-09 04:33:21 ----A---- C:\WINDOWS\system32\wups.dll
2018-05-09 04:33:21 ----A---- C:\WINDOWS\system32\wuapi.dll
2018-05-09 04:33:21 ----A---- C:\WINDOWS\system32\inetcomm.dll
2018-05-09 04:33:20 ----A---- C:\WINDOWS\SYSWOW64\xolehlp.dll
2018-05-09 04:33:20 ----A---- C:\WINDOWS\SYSWOW64\TSpkg.dll
2018-05-09 04:33:20 ----A---- C:\WINDOWS\system32\wuwebv.dll
2018-05-09 04:33:20 ----A---- C:\WINDOWS\system32\wups2.dll
2018-05-09 04:33:20 ----A---- C:\WINDOWS\system32\wu.upgrade.ps.dll
2018-05-09 04:33:20 ----A---- C:\WINDOWS\system32\TSpkg.dll
2018-05-09 04:33:19 ----A---- C:\WINDOWS\SYSWOW64\wuwebv.dll
2018-05-09 04:33:19 ----A---- C:\WINDOWS\SYSWOW64\wuapp.exe
2018-05-09 04:33:19 ----A---- C:\WINDOWS\SYSWOW64\jscript9diag.dll
2018-05-09 04:33:19 ----A---- C:\WINDOWS\SYSWOW64\ieapfltr.dll
2018-05-09 04:33:19 ----A---- C:\WINDOWS\system32\wuapp.exe
2018-05-09 04:33:19 ----A---- C:\WINDOWS\system32\ieapfltr.dll

======List of files/folders modified in the last 1 month======

2018-05-29 17:53:34 ----D---- C:\WINDOWS\Prefetch
2018-05-29 17:52:49 ----D---- C:\WINDOWS\Temp
2018-05-29 17:51:14 ----RD---- C:\Program Files
2018-05-29 17:48:25 ----D---- C:\WINDOWS\system32\sru
2018-05-28 13:42:34 ----D---- C:\Windows
2018-05-28 13:40:42 ----SHD---- C:\WINDOWS\Installer
2018-05-28 13:40:15 ----D---- C:\WINDOWS\AppReadiness
2018-05-28 13:39:26 ----D---- C:\WINDOWS\SoftwareDistribution
2018-05-28 12:12:03 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2018-05-28 12:09:27 ----D---- C:\Program Files\Common Files\McAfee
2018-05-28 12:09:26 ----D---- C:\Program Files\TrueKey
2018-05-28 12:07:42 ----D---- C:\Program Files (x86)\Lenovo
2018-05-28 12:06:43 ----D---- C:\Program Files\Lenovo
2018-05-28 12:06:32 ----HD---- C:\ProgramData
2018-05-28 12:06:32 ----D---- C:\Users\martin\AppData\Roaming\Lenovo
2018-05-28 12:04:02 ----D---- C:\ProgramData\McAfee
2018-05-28 12:04:01 ----D---- C:\WINDOWS\system32\Tasks
2018-05-28 12:03:58 ----D---- C:\Program Files\Common Files\Intel
2018-05-28 12:02:33 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2018-05-28 11:54:24 ----RD---- C:\Program Files (x86)
2018-05-28 11:54:24 ----D---- C:\ProgramData\AVAST Software
2018-05-28 11:53:38 ----D---- C:\Program Files (x86)\Amazon
2018-05-28 11:53:24 ----SHD---- C:\System Volume Information
2018-05-28 11:52:33 ----D---- C:\Users\martin\AppData\Roaming\DAEMON Tools Lite
2018-05-28 11:52:18 ----DC---- C:\WINDOWS\Panther
2018-05-28 11:52:18 ----D---- C:\WINDOWS\Minidump
2018-05-28 11:52:18 ----D---- C:\WINDOWS\LiveKernelReports
2018-05-28 11:52:18 ----D---- C:\WINDOWS\Inf
2018-05-28 11:52:18 ----D---- C:\WINDOWS\debug
2018-05-28 03:21:08 ----D---- C:\WINDOWS\Microsoft.NET
2018-05-24 14:46:02 ----D---- C:\Program Files\Common Files\AV
2018-05-24 14:45:56 ----D---- C:\Program Files (x86)\McAfee
2018-05-19 02:29:32 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2018-05-19 02:28:51 ----D---- C:\Program Files\Common Files\microsoft shared
2018-05-19 02:28:51 ----D---- C:\Program Files\Common Files
2018-05-19 02:27:42 ----D---- C:\Program Files\Microsoft Office
2018-05-19 02:22:41 ----D---- C:\WINDOWS\system32\config
2018-05-17 10:23:18 ----D---- C:\WINDOWS\system32\drivers
2018-05-17 08:03:08 ----D---- C:\WINDOWS\system32\DriverStore
2018-05-17 07:45:50 ----D---- C:\WINDOWS\WinSxS
2018-05-17 06:42:12 ----RD---- C:\WINDOWS\System32
2018-05-16 11:38:45 ----D---- C:\WINDOWS\system32\NDF
2018-05-15 01:33:43 ----D---- C:\WINDOWS\SysWOW64
2018-05-13 02:07:39 ----RSD---- C:\WINDOWS\assembly
2018-05-13 02:00:17 ----D---- C:\WINDOWS\rescache
2018-05-12 07:46:35 ----D---- C:\WINDOWS\SYSWOW64\sk-SK
2018-05-12 07:46:35 ----D---- C:\WINDOWS\SYSWOW64\en-US
2018-05-12 07:46:35 ----D---- C:\Program Files\Internet Explorer
2018-05-12 07:46:35 ----D---- C:\Program Files (x86)\Internet Explorer
2018-05-12 07:46:33 ----D---- C:\WINDOWS\system32\sk-SK
2018-05-12 07:46:33 ----D---- C:\WINDOWS\system32\en-US
2018-05-12 07:46:33 ----D---- C:\WINDOWS\system32\Boot
2018-05-12 03:40:38 ----D---- C:\WINDOWS\CbsTemp
2018-05-09 05:31:19 ----D---- C:\WINDOWS\system32\MRT
2018-05-09 05:27:31 ----AC---- C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-09 05:27:21 ----AC---- C:\WINDOWS\system32\MRT.exe
2018-05-09 04:17:44 ----D---- C:\WINDOWS\system32\catroot2
2018-05-01 00:39:00 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswbidsh;aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [2018-03-14 199440]
R0 aswblog;aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [2018-03-14 343752]
R0 aswbuniv;aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [2018-03-14 57680]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2018-05-17 85968]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2018-05-17 381552]
R0 iaStorA;iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [2012-07-09 645952]
R0 LHDmgr;LHDmgr; C:\WINDOWS\System32\DRIVERS\LhdX64.sys [2012-10-16 39008]
R1 aswArPot;aswArPot; C:\WINDOWS\system32\drivers\aswArPot.sys [2018-05-17 196640]
R1 aswbidsdriver;aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [2018-03-14 227504]
R1 aswHdsKe;aswHdsKe; C:\WINDOWS\system32\drivers\aswHdsKe.sys [2018-05-17 234560]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2018-05-17 111360]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2018-05-17 1027720]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2018-05-17 460520]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\WINDOWS\system32\DRIVERS\vwififlt.sys [2016-08-13 71680]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2018-05-17 159120]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2018-05-17 205976]
R3 ACPIVPC;@oem5.inf,%ACPIVPC.SvcDesc%;Lenovo Virtual Power Controller Driver; C:\WINDOWS\System32\drivers\AcpiVpc.sys [2012-10-16 33560]
R3 AmUStor;@oem12.inf,%AmUStor.SvcDesc%;AM USB Stroage Driver; C:\WINDOWS\system32\drivers\AmUStor.SYS [2012-06-13 100992]
R3 BCM43XX;@oem14.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 - ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl63a.sys [2012-10-16 6822984]
R3 dtlitescsibus;@oem53.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2017-04-16 30264]
R3 dtliteusbbus;@oem54.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2017-04-16 47672]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2015-06-01 5384176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKVHD64.sys [2012-07-03 4074256]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 MEIx64;@oem9.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2012-08-16 43832]
R3 SPUVCbv;@oem15.inf,%SPUVCb.ServiceName%;SPUVCb Driver Service; C:\WINDOWS\System32\Drivers\SPUVCbv_x64.sys [2012-08-24 1059064]
R3 SynTP;@oem4.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2012-08-16 447800]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\WINDOWS\system32\DRIVERS\vwifimp.sys [2016-08-13 38912]
S0 mfeelamk;McAfee Inc. mfeelamk; C:\WINDOWS\system32\drivers\mfeelamk.sys [2015-11-25 83096]
S3 aswHwid;aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [2018-05-17 46968]
S3 NuidFltr;@oem7.inf,%NuidFltr.SvcDesc%;NUID filter driver; C:\WINDOWS\System32\drivers\NuidFltr.sys [2007-08-31 20392]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2014-11-21 44544]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\WINDOWS\system32\DRIVERS\WinUsb.sys [2015-10-10 78848]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2018-02-09 83984]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2018-05-17 317280]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusti; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2018-05-12 8566448]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\WINDOWS\System32\svchost.exe [2014-11-21 38792]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-04-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-17 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-17 165760]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-17 276864]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 364416]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [2018-05-17 7620096]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-14 144200]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2014-11-21 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2015-06-01 290224]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-02-07 1471168]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-14 144200]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2018-05-12 262832]

-----------------EOF-----------------

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: preventivka

#2 Příspěvek od Conder »

Ahoj :)

:arrow: Stiahni AdwCleaner: https://toolslib.net/downloads/finish/1/
  • Uloz na plochu a ukonci vsetky programy
  • Spusti AdwCleaner ako spravca
  • Odsuhlas licencne podmienky
  • Klikni na Skenovat nyni (Scan now) a pockaj na dokoncenie
  • Klikni na Cisteni a opravy (Clean and Repair) a potvrd restart PC teraz
  • Po restartovani PC sa otvori AdwCleaner, klikni na Zobrazit soubor protokolu
  • Otvori sa log, jeho obsah sem skopiruj
:arrow: Odporucam odinstalovat vsetko od McAfee - zbytocnost, kedze tam uz mas Avast. Takisto TrueKey, ak nepouzivas, je zbytocny. Potom este odporucam to prejst cez McAfee Removal Tool: http://download.mcafee.com/products/lic ... s/MCPR.exe
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

plasko
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 03 úno 2010 17:57

Re: preventivka

#3 Příspěvek od plasko »

macaffee som sa snazil odinstalovat klasickym odinstalovanim ale zrejme v nom nieco este zostalo :/ true key som ale nenasiel medzi "pridat a odstranit programy". Rad by som sa este opytal ci je mozne inym sposobom deaktivovat popupy avastu ako hernym rezimom? lebo iba strasi s nimi o kolko viac ochrany by bolo keby zaplatim/rozsirim.

prikladam log z adw:

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build: 04-27-2018
# Database: 2018-05-30.1
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-31-2018
# Duration: 00:00:02
# OS: Windows 8.1
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Program Files (x86)\Amazon\ABB

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************


########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: preventivka

#4 Příspěvek od Conder »

:arrow: Avast nepouzivam takze z hlavy to neviem, ale zajtra (piatok) to mozem vyskusat a dam vediet.

:arrow: True Key by mal byt v zozname programov pod nazvom "Intel Security True Key". Na McAfee pouzi ten odinstalator z predosleho prispevku a restartuj PC.

:arrow: Poprosim o obidva logy z FRST podla tohto navodu (FRST.txt a Addition.txt): https://forum.viry.cz/viewtopic.php?f=13&t=152707

:arrow: V pripade, ze sa FRSTLauncher nebude dat stiahnut alebo spustit, pouzi iba samotny FRST.

:arrow: Ak sa logy nezmestia do jedneho prispevku, zabal ich do archivu RAR alebo ZIP a posli ako prilohu.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

plasko
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 03 úno 2010 17:57

Re: preventivka

#5 Příspěvek od plasko »

za avast dakujem, true key aj tak v zozname nemam (vid obrazok v prilohe)
screenshot.zip
(130.29 KiB) Staženo 88 x

plasko
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 03 úno 2010 17:57

Re: preventivka

#6 Příspěvek od plasko »

logy z frst
Přílohy
logy.zip
(15.78 KiB) Staženo 82 x

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: preventivka

#7 Příspěvek od Conder »

:arrow: Vies poslat aj screen avast popup okien?

:arrow: Otvor poznamkovy blok (Win+R -> notepad -> enter)
  • Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

    Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    CMD: type "I:\setupx64.bat"
    
    HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\...\MountPoints2: I - "I:\setupx64.bat" 
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
    HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/
    HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
    HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
    SearchScopes: HKU\S-1-5-21-1934902440-2840789632-1883801875-1001 -> DefaultScope {EF3ADE30-9A08-4F78-88BD-5559631D5576} URL = 
    SearchScopes: HKU\S-1-5-21-1934902440-2840789632-1883801875-1001 -> {EF3ADE30-9A08-4F78-88BD-5559631D5576} URL = 
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
    2018-05-29 17:51 - 2018-05-29 17:53 - 000000000 ____D C:\Program Files\trend micro
    2018-05-29 17:51 - 2018-05-29 17:51 - 000000000 ____D C:\rsit
    2018-05-29 17:50 - 2018-05-29 17:50 - 001222144 _____ C:\Users\martin\Desktop\RSITx64.exe
    2018-05-28 12:09 - 2017-04-16 13:38 - 000000000 ____D C:\Program Files\TrueKey
    
    C:\Users\martin\Downloads\*.crdownload
    C:\Program Files\McAfee Security Scan
    
    Hosts:
    EmptyTemp:
    End
  • Uloz na plochu s nazvom fixlist.txt
  • Spusti znovu FRST a klikni na Fix
  • Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
  • Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

plasko
Návštěvník
Návštěvník
Příspěvky: 66
Registrován: 03 úno 2010 17:57

Re: preventivka

#8 Příspěvek od plasko »

Vyskusam ho zachytit ked vyskoci :O prikladam fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by martin (01-06-2018 15:36:29) Run:1
Running from C:\Users\martin\Desktop
Loaded Profiles: martin (Available Profiles: martin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

CMD: type "I:\setupx64.bat"

HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\...\MountPoints2: I - "I:\setupx64.bat"
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/
HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1934902440-2840789632-1883801875-1001 -> DefaultScope {EF3ADE30-9A08-4F78-88BD-5559631D5576} URL =
SearchScopes: HKU\S-1-5-21-1934902440-2840789632-1883801875-1001 -> {EF3ADE30-9A08-4F78-88BD-5559631D5576} URL =
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
2018-05-29 17:51 - 2018-05-29 17:53 - 000000000 ____D C:\Program Files\trend micro
2018-05-29 17:51 - 2018-05-29 17:51 - 000000000 ____D C:\rsit
2018-05-29 17:50 - 2018-05-29 17:50 - 001222144 _____ C:\Users\martin\Desktop\RSITx64.exe
2018-05-28 12:09 - 2017-04-16 13:38 - 000000000 ____D C:\Program Files\TrueKey

C:\Users\martin\Downloads\*.crdownload
C:\Program Files\McAfee Security Scan

Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.

========= type "I:\setupx64.bat" =========

Syst‚m nem“§e n jsś zadanŁ cestu.

========= End of CMD: =========

"HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I" => removed successfully
HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => value restored successfully
HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages" => removed successfully
"HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-1934902440-2840789632-1883801875-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EF3ADE30-9A08-4F78-88BD-5559631D5576}" => removed successfully
HKLM\Software\Classes\CLSID\{EF3ADE30-9A08-4F78-88BD-5559631D5576} => not found
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki" => removed successfully
C:\Program Files\trend micro => moved successfully
C:\rsit => moved successfully
C:\Users\martin\Desktop\RSITx64.exe => moved successfully
C:\Program Files\TrueKey => moved successfully

=========== "C:\Users\martin\Downloads\*.crdownload" ==========

not found

========= End -> "C:\Users\martin\Downloads\*.crdownload" ========

"C:\Program Files\McAfee Security Scan" => not found
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 30711317 B
Java, Flash, Steam htmlcache => 524 B
Windows/system/drivers => 3717702 B
Edge => 0 B
Chrome => 100147472 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 22696095 B
systemprofile32 => 128 B
LocalService => 8244 B
NetworkService => 0 B
martin => 51290494 B

RecycleBin => 0 B
EmptyTemp: => 206.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:38:00 ====

Conder
VIP
VIP
Příspěvky: 4399
Registrován: 30 pro 2013 22:29
Bydliště: Bratislava

Re: preventivka

#9 Příspěvek od Conder »

:arrow: Vyzera to ciste. Co sa tyka toho avastu, pockam teda na ten screen.
Absolvent skoly pre novacikov :)
E-mail: conder (zavinac) forum.viry.cz

Ak nieco nie je jasne, pytaj sa. Odporucam mat vzdy zalohovat dolezite data (dokumenty, fotky a ine).

Fixlisty a ine scripty su pisane len pre konkretny PC. Nepouzivajte ich na inych zariadeniach, inak hrozi poskodenie systemu alebo strata dat.
Ak mate podobny problem ako iny uzivatel, prosim, zalozte si vlastnu temu.

V pripade spokojnosti je mozne podporit forum. Dakujeme!

Odpovědět