Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

COM Surrogate opět útočí

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní: http://forum.viry.cz/viewtopic.php?f=12&t=123975 . Děkujeme za pochopení.
Zpráva
Autor
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: COM Surrogate opět útočí

#16 Příspěvek od Rudy »

OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Felly006
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 28 lis 2016 12:41

Re: COM Surrogate opět útočí

#17 Příspěvek od Felly006 »

Com Surrogate stále v procesech (2x) :o

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: COM Surrogate opět útočí

#18 Příspěvek od Rudy »

Vyhledávačem najděte, kde všude máte soubor Dllhost.exe.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Felly006
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 28 lis 2016 12:41

Re: COM Surrogate opět útočí

#19 Příspěvek od Felly006 »

V příloze screen lokací =)
Přílohy
dllhost.zip
(22.46 KiB) Staženo 141 x

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: COM Surrogate opět útočí

#20 Příspěvek od Rudy »

Myslím, že shora 2. a 4. tam nemá co dělat. Zkuste je otestovat na www.virustotal.com . V přípdě pozitivního nálezu zkuste soubory smazat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Felly006
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 28 lis 2016 12:41

Re: COM Surrogate opět útočí

#21 Příspěvek od Felly006 »

Všechny dllhost.exe jsou v popisu označeny jako COM Surrogate a ani jeden nevykazoval na virustotal pozitivní nález.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: COM Surrogate opět útočí

#22 Příspěvek od Rudy »

Takže zřejmě je vše v pořádku.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Felly006
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 28 lis 2016 12:41

Re: COM Surrogate opět útočí

#23 Příspěvek od Felly006 »

A nemám tedy alespoň ty 2 smazat? Vypadá to jako nějaké dočasné složky nebo aktualizace a nic jiného v těch složkách není než exe soubor.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: COM Surrogate opět útočí

#24 Příspěvek od Rudy »

Jestli myslíte ty, co píši výše, můžete. Ty ostatní tam patří.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Felly006
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 28 lis 2016 12:41

Re: COM Surrogate opět útočí

#25 Příspěvek od Felly006 »

Zálohováno, smazáno, zatím se jeví v pořádku. Teď bych ale rád upravil popisek u zbývajících dllhost aby se ve správci neukazovalo COM Surrogate. Neměl byste nějaký rychlý tip? :)
Pro kontrolu přihodím RSIT log

Logfile of random's system information tool 1.10 (written by random/random)
Run by Felly at 2017-01-18 19:55:56
Microsoft Windows 10 Pro
System drive C: has 69 GB (30%) free of 228 GB
Total RAM: 8075 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:55:57, on 18.01.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\WINDOWS\SysWOW64\RunDll32.exe
C:\Program Files\trend micro\Felly.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ic.loadblanks.ru/c/02037a282dd7fbaf?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Felly\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CNAP2 Launcher] C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Felly\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Felly\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2935431814-3145136583-2795862769-1002\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2935431814-3145136583-2795862769-1002\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Odeslat do zarízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zarízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{54ff5337-5837-4a74-a662-b689417c71d9}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - AppInit_DLLs: C:\WINDOWS\SysWoW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem13.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @oem13.inf,%Lenovo.svcDesc1%;Lenovo Platform Service (LPlatSvc) - Unknown owner - C:\WINDOWS\system32\LPlatSvc.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: Mobile Broadband Service (WMCoreService) - Ericsson AB - C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14343 bytes

======Listing Processes======







winlogon.exe

C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-a426545a-8a0b-40ab-a99c-9165513d5d86 -SystemEventPortName:HostProcess-3b818393-9cda-4349-a03e-baebddfd701e -IoCancelEventPortName:HostProcess-bb254ed4-c1ae-48ee-825b-b771bbf30267 -NonStateChangingEventPortName:HostProcess-63bdd01c-5550-4fb2-8757-96eb671ef002 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b5890f50-0341-4418-9af1-c2e87a43e658 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e50616a9-098e-49a4-ae9a-836172330c38 -SystemEventPortName:HostProcess-5014644d-442a-416e-81a7-74c9229b6e8b -IoCancelEventPortName:HostProcess-dad38e63-b68e-4fcd-a816-bd027a5e7ad0 -NonStateChangingEventPortName:HostProcess-58005d7d-9ac3-47f9-a160-3fb06bce49e9 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:07ba7be8-b62a-4e70-a8fd-d6a5a9e6265c -DeviceGroupId:
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\LPlatSvc.exe
"C:\WINDOWS\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\WINDOWS\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\WINDOWS\system32\nvvsvc.exe -session -first
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\SearchIndexer.exe /Embedding
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k utcsvc
"C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe"
"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe"
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
"C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe"
"C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe" servicemode
dashost.exe {8a508926-a933-40c1-8904c137d8d15037}

"C:\WINDOWS\system32\LPlatSvc.exe" -EM
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
sihost.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
"C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
"C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe"
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca
C:\Windows\System32\smartscreen.exe -Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe"
C:\WINDOWS\system32\AUDIODG.EXE 0x31c
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" -Embedding
"C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe"
"C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe"
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe -Embedding
"C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\WINDOWS\SysWOW64\RunDll32.exe" "C:\Program Files\ThinkPad\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"fontdrvhost.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer
C:\WINDOWS\system32\svchost.exe -k SDRSVC
"C:\WINDOWS\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\WINDOWS\system32\SearchFilterHost.exe" 0 620 516 652 8192 648
"C:\Users\Felly\Downloads\RSITx64.exe"
C:\WINDOWS\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28 214208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28 2888896]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28 151232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-10 462400]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28 1955528]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-10 173120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2016-04-10 183216]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2016-04-10 411056]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2016-04-10 453552]
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2016-04-10 2498368]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-04-10 1795912]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"CNAP2 Launcher"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [2010-10-14 226784]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2016-12-06 176440]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2016-10-13 3942864]
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2016-12-14 2776528]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"=C:\Users\Felly\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-09-10 554184]
"CNAP2 Launcher"=C:\WINDOWS\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [2010-10-14 226784]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2016-08-29 4299968]
"iCloudServices"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [2016-11-17 67384]
"AppleIEDAV"=C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [2016-07-09 1084688]
"iCloudDrive"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [2016-11-17 110392]
"iCloudPhotos"=C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [2016-11-17 356664]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2016-11-17 67896]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-12-21 9292504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Felly\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"=C:\WINDOWS\system32\cmd.exe [2016-07-16 232960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-11-18 9080768]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2013-07-02 113656]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS6ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll, C:\WINDOWS\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2016-04-10 451584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ahcache.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CoreMessagingRegistrar]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SpbCx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\StateRepository]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TileDataModelSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\uefi.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UserManager]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DSCAutomationHostEnabled"=2

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"vidc.i420"=iyuv_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.vorbis"=vorbis.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2017-01-18 19:55:56 ----D---- C:\rsit
2017-01-18 19:33:53 ----D---- C:\Users\Felly\AppData\Roaming\SPI
2017-01-18 19:33:53 ----D---- C:\Users\Felly\AppData\Roaming\Browsers
2017-01-18 19:12:54 ----D---- C:\COM
2017-01-17 18:51:44 ----D---- C:\Program Files\CCleaner
2017-01-14 11:42:15 ----SHD---- C:\$RECYCLE.BIN
2017-01-14 11:41:12 ----D---- C:\WINDOWS\Temp
2017-01-14 11:41:12 ----A---- C:\WINDOWS\zoek-delete.exe
2017-01-12 15:52:43 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-12 15:52:43 ----A---- C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-12 15:52:42 ----A---- C:\WINDOWS\system32\Windows.Media.dll
2017-01-12 15:52:42 ----A---- C:\WINDOWS\system32\mfcore.dll
2017-01-12 15:52:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Logon.dll
2017-01-12 15:52:41 ----A---- C:\WINDOWS\SYSWOW64\Windows.Storage.ApplicationData.dll
2017-01-12 15:52:41 ----A---- C:\WINDOWS\SYSWOW64\StoreAgent.dll
2017-01-12 15:52:41 ----A---- C:\WINDOWS\SYSWOW64\InstallAgentUserBroker.exe
2017-01-12 15:52:41 ----A---- C:\WINDOWS\SYSWOW64\InstallAgent.exe
2017-01-12 15:52:41 ----A---- C:\WINDOWS\system32\mfnetsrc.dll
2017-01-12 15:52:41 ----A---- C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-12 15:52:41 ----A---- C:\WINDOWS\system32\d2d1.dll
2017-01-12 15:52:40 ----A---- C:\WINDOWS\system32\rdpcore.dll
2017-01-12 15:52:40 ----A---- C:\WINDOWS\system32\mstscax.dll
2017-01-12 15:52:40 ----A---- C:\WINDOWS\system32\mfnetcore.dll
2017-01-12 15:52:40 ----A---- C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-12 15:52:40 ----A---- C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-12 15:52:40 ----A---- C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-12 15:52:40 ----A---- C:\WINDOWS\system32\aeinv.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.CredDialogController.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Cred.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BlockedShutdown.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.BioFeedback.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\SYSWOW64\offlinesam.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\system32\wuuhext.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\system32\wuaueng.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\system32\winlogon.exe
2017-01-12 15:52:39 ----A---- C:\WINDOWS\system32\sppobjs.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\system32\samsrv.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\system32\rdpencom.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-12 15:52:39 ----A---- C:\WINDOWS\system32\D3D12.dll
2017-01-12 15:52:38 ----A---- C:\WINDOWS\SYSWOW64\msmpeg2vdec.dll
2017-01-12 15:52:38 ----A---- C:\WINDOWS\SYSWOW64\aclui.dll
2017-01-12 15:52:38 ----A---- C:\WINDOWS\system32\shell32.dll
2017-01-12 15:52:38 ----A---- C:\WINDOWS\system32\offlinesam.dll
2017-01-12 15:52:38 ----A---- C:\WINDOWS\system32\lsasrv.dll
2017-01-12 15:52:37 ----A---- C:\WINDOWS\SYSWOW64\shell32.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\SYSWOW64\updatepolicy.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\SYSWOW64\MSVP9DEC.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\SYSWOW64\kerberos.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\SYSWOW64\cryptui.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\system32\wuapi.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\system32\wow64.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\system32\WinSCard.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\system32\updatepolicy.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\system32\msv1_0.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\system32\kerberos.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\system32\ImplatSetup.dll
2017-01-12 15:52:36 ----A---- C:\WINDOWS\system32\drivers\cng.sys
2017-01-12 15:52:36 ----A---- C:\WINDOWS\system32\cryptui.dll
2017-01-12 15:52:35 ----A---- C:\WINDOWS\SYSWOW64\WinSCard.dll
2017-01-12 15:52:35 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.Resources.dll
2017-01-12 15:52:35 ----A---- C:\WINDOWS\SYSWOW64\indexeddbserver.dll
2017-01-12 15:52:35 ----A---- C:\WINDOWS\SYSWOW64\AudioSes.dll
2017-01-12 15:52:35 ----A---- C:\WINDOWS\SYSWOW64\AUDIOKSE.dll
2017-01-12 15:52:35 ----A---- C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-12 15:52:35 ----A---- C:\WINDOWS\system32\certprop.dll
2017-01-12 15:52:34 ----A---- C:\WINDOWS\SYSWOW64\mshtml.dll
2017-01-12 15:52:34 ----A---- C:\WINDOWS\SYSWOW64\Chakradiag.dll
2017-01-12 15:52:33 ----A---- C:\WINDOWS\SYSWOW64\Windows.UI.Xaml.dll
2017-01-12 15:52:32 ----A---- C:\WINDOWS\SYSWOW64\Chakra.dll
2017-01-12 15:52:32 ----A---- C:\WINDOWS\SYSWOW64\edgehtml.dll
2017-01-12 15:52:32 ----A---- C:\WINDOWS\SYSWOW64\AzureSettingSyncProvider.dll
2017-01-12 15:52:32 ----A---- C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-12 15:52:31 ----A---- C:\WINDOWS\SYSWOW64\mspaint.exe
2017-01-12 15:52:31 ----A---- C:\WINDOWS\system32\win32kbase.sys
2017-01-12 15:52:31 ----A---- C:\WINDOWS\system32\Chakra.dll
2017-01-12 15:52:31 ----A---- C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-12 15:52:30 ----A---- C:\WINDOWS\SYSWOW64\winmde.dll
2017-01-12 15:52:30 ----A---- C:\WINDOWS\SYSWOW64\twinui.dll
2017-01-12 15:52:30 ----A---- C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-12 15:52:30 ----A---- C:\WINDOWS\system32\mspaint.exe
2017-01-12 15:52:30 ----A---- C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-12 15:52:29 ----A---- C:\WINDOWS\system32\twinui.dll
2017-01-12 15:52:29 ----A---- C:\WINDOWS\system32\mshtml.dll
2017-01-12 15:52:29 ----A---- C:\WINDOWS\system32\indexeddbserver.dll
2017-01-12 15:52:28 ----A---- C:\WINDOWS\system32\winmde.dll
2017-01-12 15:52:28 ----A---- C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-12 15:52:28 ----A---- C:\WINDOWS\system32\edgehtml.dll
2017-01-12 15:52:28 ----A---- C:\WINDOWS\system32\aadcloudap.dll
2017-01-12 15:52:26 ----A---- C:\WINDOWS\system32\aadtb.dll
2017-01-12 15:52:25 ----A---- C:\WINDOWS\SYSWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-12 15:52:25 ----A---- C:\WINDOWS\system32\usocore.dll
2017-01-12 15:52:25 ----A---- C:\WINDOWS\system32\rdpcorets.dll
2017-01-12 15:52:25 ----A---- C:\WINDOWS\system32\AppVPublishing.dll
2017-01-12 15:52:25 ----A---- C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-12 15:52:25 ----A---- C:\WINDOWS\system32\AppVIntegration.dll
2017-01-12 15:52:25 ----A---- C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-12 15:52:25 ----A---- C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-12 15:52:25 ----A---- C:\WINDOWS\system32\AppVClient.exe
2017-01-12 15:52:25 ----A---- C:\WINDOWS\system32\AppVCatalog.dll
2017-01-12 15:52:24 ----A---- C:\WINDOWS\SYSWOW64\remoteaudioendpoint.dll
2017-01-12 15:52:24 ----A---- C:\WINDOWS\SYSWOW64\rdpcore.dll
2017-01-12 15:52:24 ----A---- C:\WINDOWS\SYSWOW64\LaunchWinApp.exe
2017-01-12 15:52:24 ----A---- C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 15:52:24 ----A---- C:\WINDOWS\system32\updatehandlers.dll
2017-01-12 15:52:24 ----A---- C:\WINDOWS\system32\TransportDSA.dll
2017-01-12 15:52:24 ----A---- C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-12 15:52:24 ----A---- C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-12 15:52:24 ----A---- C:\WINDOWS\system32\AppVScripting.dll
2017-01-12 15:52:24 ----A---- C:\WINDOWS\system32\AppVReporting.dll
2017-01-12 15:52:24 ----A---- C:\WINDOWS\system32\AppVManifest.dll
2017-01-12 15:52:24 ----A---- C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-12 15:52:24 ----A---- C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-12 15:52:23 ----A---- C:\WINDOWS\SYSWOW64\SyncSettings.dll
2017-01-12 15:52:23 ----A---- C:\WINDOWS\SYSWOW64\rdpencom.dll
2017-01-12 15:52:23 ----A---- C:\WINDOWS\SYSWOW64\MSVPXENC.dll
2017-01-12 15:52:23 ----A---- C:\WINDOWS\SYSWOW64\mstscax.dll
2017-01-12 15:52:23 ----A---- C:\WINDOWS\SYSWOW64\CloudBackupSettings.dll
2017-01-12 15:52:23 ----A---- C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-12 15:52:23 ----A---- C:\WINDOWS\system32\win32k.sys
2017-01-12 15:52:23 ----A---- C:\WINDOWS\system32\rdpudd.dll
2017-01-12 15:52:23 ----A---- C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-12 15:52:23 ----A---- C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-12 15:52:23 ----A---- C:\WINDOWS\system32\AppVShNotify.exe
2017-01-12 15:52:23 ----A---- C:\WINDOWS\system32\AppVPolicy.dll
2017-01-12 15:52:23 ----A---- C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-12 15:52:22 ----A---- C:\WINDOWS\SYSWOW64\Windows.Media.dll
2017-01-12 15:52:22 ----A---- C:\WINDOWS\SYSWOW64\mfcore.dll
2017-01-12 15:52:22 ----A---- C:\WINDOWS\SYSWOW64\LogonController.dll
2017-01-12 15:52:22 ----A---- C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-12 15:52:22 ----A---- C:\WINDOWS\system32\win32kfull.sys
2017-01-12 15:52:22 ----A---- C:\WINDOWS\system32\SRHInproc.dll
2017-01-12 15:52:22 ----A---- C:\WINDOWS\system32\SRH.dll
2017-01-12 15:52:21 ----A---- C:\WINDOWS\SYSWOW64\mfmp4srcsnk.dll
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\StoreAgent.dll
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\InstallAgent.exe
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\dosvc.dll
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\domgmt.dll
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\ClipUp.exe
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\audiosrv.dll
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\AudioSes.dll
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\AudioEng.dll
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-12 15:52:21 ----A---- C:\WINDOWS\system32\aclui.dll
2017-01-12 15:52:20 ----A---- C:\WINDOWS\SYSWOW64\wuapi.dll
2017-01-12 15:52:20 ----A---- C:\WINDOWS\SYSWOW64\mfnetsrc.dll
2017-01-12 15:52:20 ----A---- C:\WINDOWS\SYSWOW64\mfasfsrcsnk.dll
2017-01-12 15:52:20 ----A---- C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-12 15:52:20 ----A---- C:\WINDOWS\system32\wbiosrvc.dll
2017-01-12 15:52:20 ----A---- C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-12 15:52:20 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2017-01-12 15:52:20 ----A---- C:\WINDOWS\system32\drivers\vhdmp.sys
2017-01-12 15:52:19 ----A---- C:\WINDOWS\SYSWOW64\mfnetcore.dll
2017-01-12 15:52:19 ----A---- C:\WINDOWS\SYSWOW64\mfmpeg2srcsnk.dll
2017-01-12 15:52:19 ----A---- C:\WINDOWS\SYSWOW64\MCRecvSrc.dll
2017-01-12 15:52:19 ----A---- C:\WINDOWS\system32\winsrv.dll
2017-01-12 15:52:19 ----A---- C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-12 15:52:19 ----A---- C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-12 15:52:19 ----A---- C:\WINDOWS\system32\SyncSettings.dll
2017-01-12 15:52:19 ----A---- C:\WINDOWS\system32\securekernel.exe
2017-01-12 15:52:19 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2017-01-12 15:52:19 ----A---- C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-12 15:52:19 ----A---- C:\WINDOWS\system32\fhcfg.dll
2017-01-12 15:52:19 ----A---- C:\WINDOWS\system32\drivers\pci.sys
2017-01-12 15:52:19 ----A---- C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-12 15:52:19 ----A---- C:\WINDOWS\system32\cloudAP.dll
2017-01-12 15:52:14 ----A---- C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-12 15:52:13 ----A---- C:\WINDOWS\SYSWOW64\win32kfull.sys
2017-01-12 15:52:13 ----A---- C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-12 15:52:12 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncHost.exe
2017-01-12 15:52:12 ----A---- C:\WINDOWS\SYSWOW64\SettingSyncCore.dll
2017-01-12 15:52:12 ----A---- C:\WINDOWS\SYSWOW64\d2d1.dll
2017-01-12 15:52:12 ----A---- C:\WINDOWS\SYSWOW64\aadtb.dll
2017-01-12 15:52:12 ----A---- C:\WINDOWS\system32\LogonController.dll
2017-01-12 15:52:11 ----A---- C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-12 15:52:11 ----A---- C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-12 15:52:10 ----A---- C:\WINDOWS\SYSWOW64\win32k.sys
2017-01-12 15:52:10 ----A---- C:\WINDOWS\SYSWOW64\msv1_0.dll
2017-01-12 15:52:10 ----A---- C:\WINDOWS\SYSWOW64\D3DCompiler_47.dll
2017-01-12 15:52:10 ----A---- C:\WINDOWS\SYSWOW64\AppVEntSubsystems32.dll
2017-01-12 15:52:10 ----A---- C:\WINDOWS\system32\MSVPXENC.dll
2017-01-12 15:52:09 ----A---- C:\WINDOWS\SYSWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-12 15:52:09 ----A---- C:\WINDOWS\system32\provengine.dll
2017-01-12 15:52:09 ----A---- C:\WINDOWS\system32\KnobsCore.dll
2017-01-12 15:52:08 ----A---- C:\WINDOWS\SYSWOW64\D3D12.dll
2017-01-12 15:52:08 ----A---- C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-12 15:52:08 ----A---- C:\WINDOWS\system32\KnobsCsp.dll
2017-01-12 15:26:59 ----A---- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
2017-01-12 15:26:53 ----A---- C:\WINDOWS\system32\drivers\mbae64.sys
2017-01-12 15:26:49 ----D---- C:\Program Files\Malwarebytes
2017-01-11 16:19:29 ----D---- C:\Hry
2017-01-11 16:17:41 ----D---- C:\Music
2016-12-19 18:29:35 ----D---- C:\Program Files\iPod
2016-12-19 18:29:35 ----AD---- C:\Program Files\iTunes

======List of files/folders modified in the last 1 month======

2017-01-18 19:55:57 ----D---- C:\Program Files\trend micro
2017-01-18 19:52:06 ----D---- C:\WINDOWS\System32
2017-01-18 19:52:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-18 19:48:17 ----A---- C:\WINDOWS\SYSWOW64\log.txt
2017-01-18 19:47:22 ----D---- C:\WINDOWS\Prefetch
2017-01-18 19:46:39 ----D---- C:\ProgramData\NVIDIA
2017-01-18 19:46:10 ----D---- C:\WINDOWS\system32\sru
2017-01-18 19:44:32 ----D---- C:\WINDOWS\INF
2017-01-18 19:44:32 ----D---- C:\Windows
2017-01-18 19:09:21 ----HD---- C:\Program Files\WindowsApps
2017-01-18 19:09:21 ----D---- C:\WINDOWS\AppReadiness
2017-01-18 19:05:02 ----D---- C:\WINDOWS\LiveKernelReports
2017-01-18 14:15:19 ----D---- C:\WINDOWS\system32\SleepStudy
2017-01-17 20:53:35 ----D---- C:\Users\Felly\AppData\Roaming\vlc
2017-01-17 19:24:55 ----SHD---- C:\System Volume Information
2017-01-17 18:52:13 ----D---- C:\Users\Felly\AppData\Roaming\DAEMON Tools Lite
2017-01-17 18:52:10 ----D---- C:\WINDOWS\debug
2017-01-17 18:51:45 ----D---- C:\WINDOWS\system32\Tasks
2017-01-17 18:51:44 ----RD---- C:\Program Files
2017-01-16 11:17:06 ----HD---- C:\ProgramData
2017-01-14 11:38:33 ----D---- C:\WINDOWS\SYSWOW64\GroupPolicy
2017-01-14 11:38:33 ----D---- C:\WINDOWS\system32\GroupPolicy
2017-01-14 11:38:33 ----AD---- C:\WINDOWS\SysWOW64
2017-01-14 11:26:15 ----RD---- C:\Program Files (x86)
2017-01-14 11:24:53 ----D---- C:\WINDOWS\system32\drivers\etc
2017-01-14 10:18:06 ----SHDC---- C:\WINDOWS\Installer
2017-01-13 14:20:52 ----RD---- C:\WINDOWS\Microsoft.NET
2017-01-13 12:12:37 ----D---- C:\WINDOWS\system32\config
2017-01-13 12:07:15 ----D---- C:\WINDOWS\WinSxS
2017-01-13 12:06:55 ----D---- C:\WINDOWS\system32\DriverStore
2017-01-13 12:06:07 ----D---- C:\WINDOWS\system32\catroot2
2017-01-13 12:05:56 ----D---- C:\WINDOWS\system32\WinBioPlugIns
2017-01-13 12:05:56 ----D---- C:\WINDOWS\system32\wbem
2017-01-13 12:05:56 ----D---- C:\WINDOWS\system32\oobe
2017-01-13 12:05:55 ----RD---- C:\WINDOWS\ImmersiveControlPanel
2017-01-13 12:05:55 ----D---- C:\WINDOWS\ShellExperiences
2017-01-13 12:05:55 ----D---- C:\WINDOWS\Provisioning
2017-01-13 12:05:55 ----D---- C:\WINDOWS\PolicyDefinitions
2017-01-13 12:05:55 ----D---- C:\Program Files\Internet Explorer
2017-01-13 12:05:55 ----D---- C:\Program Files (x86)\Internet Explorer
2017-01-13 12:05:54 ----D---- C:\WINDOWS\system32\drivers
2017-01-13 04:01:53 ----AD---- C:\ProgramData\regid.1991-06.com.microsoft
2017-01-13 04:00:44 ----D---- C:\Program Files (x86)\Common Files
2017-01-13 04:00:16 ----AD---- C:\Program Files (x86)\Microsoft Office
2017-01-12 15:57:15 ----D---- C:\WINDOWS\CbsTemp
2017-01-12 15:26:49 ----D---- C:\ProgramData\Malwarebytes
2017-01-11 18:14:56 ----D---- C:\WINDOWS\system32\MRT
2017-01-11 18:13:20 ----AC---- C:\WINDOWS\system32\MRT.exe
2017-01-11 16:28:32 ----D---- C:\WINDOWS\SYSWOW64\en-US
2017-01-11 16:28:32 ----D---- C:\WINDOWS\SYSWOW64\cs-CZ
2017-01-11 16:28:32 ----D---- C:\WINDOWS\system32\en-US
2017-01-11 16:28:32 ----D---- C:\WINDOWS\system32\cs-CZ
2017-01-11 16:26:25 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2016-12-31 16:29:04 ----D---- C:\Users\Felly\AppData\Roaming\Mp3tag
2016-12-30 17:18:38 ----D---- C:\Users\Felly\AppData\Roaming\Skype
2016-12-30 14:29:27 ----D---- C:\ProgramData\Skype
2016-12-30 14:29:25 ----RD---- C:\Program Files (x86)\Skype
2016-12-24 12:04:28 ----RD---- C:\WINDOWS\assembly
2016-12-24 09:52:25 ----RSD---- C:\WINDOWS\Fonts
2016-12-23 00:13:26 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2016-12-21 11:06:53 ----D---- C:\WINDOWS\Tasks
2016-12-20 11:28:54 ----D---- C:\WINDOWS\rescache
2016-12-19 21:47:40 ----D---- C:\ProgramData\TrackMania
2016-12-19 18:29:35 ----D---- C:\Program Files\Common Files\Apple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2016-09-10 74544]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2016-10-13 293352]
R0 iorate;@%SystemRoot%\system32\drivers\iorate.sys,-100; C:\WINDOWS\system32\drivers\iorate.sys [2016-11-02 48992]
R0 nvpciflt;nvpciflt; C:\WINDOWS\system32\DRIVERS\nvpciflt.sys [2016-04-10 40080]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [2016-09-10 103064]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2016-09-21 969184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2016-10-03 513632]
R1 FileCrypt;@%systemroot%\system32\drivers\filecrypt.sys,-100; C:\WINDOWS\system32\drivers\filecrypt.sys [2016-07-16 88576]
R1 GpuEnergyDrv;@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100; C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-07-16 8192]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2016-09-10 108816]
R2 aswStm;aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [2016-09-10 163416]
R2 clreg;@%SystemRoot%\system32\drivers\registry.sys,-100; C:\WINDOWS\System32\drivers\registry.sys [2016-07-16 70144]
R2 MMCSS;@%systemroot%\system32\drivers\mmcss.sys,-100; C:\WINDOWS\system32\drivers\mmcss.sys [2016-07-16 48128]
R2 risdxc;risdxc; C:\WINDOWS\system32\DRIVERS\risdxc64.sys [2011-05-26 101888]
R2 speedfan;speedfan; \??\C:\WINDOWS\SysWOW64\speedfan.sys [2012-12-29 28664]
R2 storqosflt;@%SystemRoot%\System32\drivers\storqosflt.sys,-101; C:\WINDOWS\system32\drivers\storqosflt.sys [2016-07-16 78336]
R3 dtlitescsibus;@oem1.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-10-03 30264]
R3 dtliteusbbus;@oem43.inf,%DTLITEUSBBUS.DeviceDesc%;DAEMON Tools Lite Virtual USB Bus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-10-03 47672]
R3 e1cexpress;@oem9.inf,%e1cExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\WINDOWS\system32\DRIVERS\e1c64x64.sys [2016-04-10 468752]
R3 ecnssndis;@oem21.inf,%Ericsson.SvcDesc%; Mobile Broadband Driver; C:\WINDOWS\System32\Drivers\wwuss64.sys [2011-06-14 26664]
R3 ecnssndisfltr;@oem21.inf,%Ericsson.FltSvcDesc%; Mobile Broadband Driver Filter; C:\WINDOWS\System32\Drivers\wwussf64.sys [2011-06-14 30248]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2016-04-10 82240]
R3 igfx;igfx; C:\WINDOWS\system32\DRIVERS\igdkmd64.sys [2016-04-10 5384176]
R3 l36wgps;@oem27.inf,%ServiceName%; Mobile Broadband GPS Port; C:\WINDOWS\system32\DRIVERS\l36wgps64.sys [2011-07-01 101416]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [2017-01-18 250816]
R3 Mbm3CBus;@oem23.inf,%l36g.Service.Desc.4%;F5521gw Mobile Broadband Device (WDM); C:\WINDOWS\System32\drivers\Mbm3CBus.sys [2011-04-29 419400]
R3 Mbm3DevMt;@oem40.inf,%l36g.Service.Name%; Mobile Broadband Device Management Driver (WDM); C:\WINDOWS\system32\DRIVERS\Mbm3DevMt.sys [2011-04-29 430664]
R3 Mbm3mdfl;@oem3.inf,%l36g.Filter.Name%; Mobile Broadband Modem Port Filter; C:\WINDOWS\system32\DRIVERS\Mbm3mdfl.sys [2011-04-29 19528]
R3 Mbm3Mdm;@oem3.inf,%l36g.Service.Name%; Mobile Broadband Modem Port Driver; C:\WINDOWS\system32\DRIVERS\Mbm3Mdm.sys [2011-04-29 483400]
R3 MEIx64;@oem6.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\WINDOWS\System32\drivers\HECIx64.sys [2012-11-09 57376]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\WINDOWS\System32\drivers\NETwew01.sys [2016-07-16 3343872]
R3 nvlddmkm;nvlddmkm; C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys [2016-04-10 11204240]
R3 SynTP;@oem61.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2016-10-03 642144]
S0 LSI_SAS2i;LSI_SAS2i; C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-07-16 105824]
S0 LSI_SAS3i;LSI_SAS3i; C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-07-16 101216]
S0 megasas2i;megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-05 64352]
S0 percsas2i;percsas2i; C:\WINDOWS\System32\drivers\percsas2i.sys [2016-07-16 58720]
S0 percsas3i;percsas3i; C:\WINDOWS\System32\drivers\percsas3i.sys [2016-07-16 61792]
S0 scmbus;@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver; C:\WINDOWS\System32\drivers\scmbus.sys [2016-07-16 88416]
S0 storufs;@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver; C:\WINDOWS\System32\drivers\storufs.sys [2016-07-16 32096]
S3 AcpiDev;@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver; C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-07-16 18432]
S3 applockerfltr;@%systemroot%\system32\srpapi.dll,-102; C:\WINDOWS\system32\drivers\applockerfltr.sys [2016-07-16 15360]
S3 AppvStrm;@%systemroot%\system32\drivers\AppvStrm.sys,-101; C:\WINDOWS\system32\drivers\AppvStrm.sys [2016-09-15 127328]
S3 AppvVemgr;@%systemroot%\system32\drivers\AppvVemgr.sys,-101; C:\WINDOWS\system32\drivers\AppvVemgr.sys [2016-07-16 157024]
S3 AppvVfs;@%systemroot%\system32\drivers\AppvVfs.sys,-101; C:\WINDOWS\system32\drivers\AppvVfs.sys [2016-07-16 141152]
S3 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2016-09-10 37656]
S3 BazisPortableCDBus;Portable WinCDEmu driver; C:\WINDOWS\system32\drivers\BazisPortableCDBus.sys [2016-04-10 283480]
S3 bcmfn;@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service; C:\WINDOWS\System32\drivers\bcmfn.sys [2016-07-16 9728]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\WINDOWS\System32\drivers\bthpan.sys [2016-10-05 128512]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\WINDOWS\System32\drivers\BTHport.sys [2016-11-11 967168]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\WINDOWS\System32\drivers\BTHUSB.sys [2016-09-10 84992]
S3 btwaudio;Bluetooth Audio Device Service; C:\WINDOWS\system32\drivers\btwaudio.sys [2011-10-17 146984]
S3 btwavdt;Bluetooth AVDT Service; C:\WINDOWS\System32\drivers\btwavdt.sys [2011-10-17 164392]
S3 btwl2cap;Bluetooth L2CAP Service; C:\WINDOWS\system32\DRIVERS\btwl2cap.sys [2011-10-17 39976]
S3 btwrchid;btwrchid; C:\WINDOWS\System32\drivers\btwrchid.sys [2011-10-17 21544]
S3 buttonconverter;@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices; C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-07-16 38912]
S3 CapImg;@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen; C:\WINDOWS\System32\drivers\capimg.sys [2016-09-10 118272]
S3 genericusbfn;@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class; C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-07-16 20480]
S3 hidinterrupt;@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts; C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-07-16 50016]
S3 hvservice;@%SystemRoot%\system32\drivers\hvservice.sys,-16; C:\WINDOWS\system32\drivers\hvservice.sys [2016-08-06 73568]
S3 cht4iscsi;cht4iscsi; C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-07-16 346976]
S3 cht4vbd;@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver; C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-07-16 2104160]
S3 iagpio;@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver; C:\WINDOWS\System32\drivers\iagpio.sys [2016-07-16 33280]
S3 iai2c;@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller; C:\WINDOWS\System32\drivers\iai2c.sys [2016-07-16 81408]
S3 iaLPSS2i_GPIO2;@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-07-16 64512]
S3 iaLPSS2i_I2C;@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2; C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-07-16 176384]
S3 ibbus;@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver); C:\WINDOWS\System32\drivers\ibbus.sys [2016-07-16 526176]
S3 IndirectKmd;@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100; C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-07-16 35840]
S3 irda;IrDA; C:\WINDOWS\system32\drivers\irda.sys [2016-07-16 120320]
S3 mlx4_bus;@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator; C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-07-16 842584]
S3 MsSecFlt;@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001; C:\WINDOWS\system32\drivers\mssecflt.sys [2016-07-16 179040]
S3 ndfltr;@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service; C:\WINDOWS\System32\drivers\ndfltr.sys [2016-07-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library; C:\WINDOWS\system32\drivers\NetAdapterCx.sys [2016-07-16 90624]
S3 niks4m2audio;@oem33.inf,%MediaDevice.Desc%;Traktor Kontrol S4 MK2 WDM Audio; C:\WINDOWS\System32\Drivers\niks4m2audio.sys [2015-09-04 382920]
S3 niks4m2usb;@oem22.inf,%USBDriver.SvcDesc%;Traktor Kontrol S4 MK2; C:\WINDOWS\system32\DRIVERS\niks4m2usb.sys [2015-09-04 104304]
S3 niks8audio;Traktor Kontrol S8 WDM Audio; C:\WINDOWS\System32\Drivers\niks8audio.sys [2015-09-03 375208]
S3 niks8usb;Traktor Kontrol S8; C:\WINDOWS\system32\DRIVERS\niks8usb.sys [2015-09-03 95584]
S3 NVHDA;@oem2.inf,%NVHDA.SvcDesc%;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda64v.sys [2016-04-10 214168]
S3 ReFSv1;ReFSv1; C:\WINDOWS\system32\drivers\ReFSv1.sys [2016-07-16 928608]
S3 scmdisk0101;@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver; C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-07-16 123904]
S3 SmbDrvI;SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [2016-04-10 52912]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 Apple Mobile Device Service;Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-09-22 83768]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-09-10 197128]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe [2011-10-17 970016]
R2 CDPSvc;@%SystemRoot%\system32\cdpsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 CDPUserSvc_59a92;CDPUserSvc_59a92; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2016-12-28 3699904]
R2 CoreMessagingRegistrar;@%SystemRoot%\system32\coremessaging.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 DiagTrack;@%SystemRoot%\system32\diagtrack.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R2 IBMPMSVC;@oem13.inf,%ibm.svcDesc0%;Lenovo PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2016-04-10 180736]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service; C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2014-07-09 214464]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-07-02 327672]
R2 LPlatSvc;@oem13.inf,%Lenovo.svcDesc1%;Lenovo Platform Service; C:\WINDOWS\system32\LPlatSvc.exe [2016-04-10 710144]
R2 MBAMService;Malwarebytes Service; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [2016-12-14 4317648]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2016-03-04 14136944]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvvsvc.exe [2015-11-05 1255544]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-10-29 1260320]
R2 OneSyncSvc_59a92;Sync Host_59a92; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 SmsRouter;@%SystemRoot%\System32\SmsRouterSvc.dll,-10001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-07-23 410768]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2016-10-03 259176]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2016-08-29 1467072]
R3 LicenseManager;@%SystemRoot%\system32\licensemanagersvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
R3 StateRepository;@%SystemRoot%\system32\windows.staterepository.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 CDPUserSvc;@%SystemRoot%\system32\cdpusersvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 dmwappushservice;@%SystemRoot%\system32\dmwappushsvc.dll,-200; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 DoSvc;@%systemroot%\system32\dosvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-18 154440]
S2 MapsBroker;@%SystemRoot%\System32\moshost.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S2 MessagingService;@%SystemRoot%\system32\MessagingService.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 MessagingService_59a92;MessagingService_59a92; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 OneSyncSvc;@%SystemRoot%\system32\APHostRes.dll,-10002; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-09-20 324224]
S3 AJRouter;@%SystemRoot%\system32\AJRouter.dll,-2; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 ClipSVC;@%SystemRoot%\system32\ClipSVC.dll,-103; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 cphs;Intel(R) Content Protection HECI Service; C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe [2016-04-10 290224]
S3 DcpSvc;@%SystemRoot%\system32\dcpsvc.dll,-3001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 DevQueryBroker;@%SystemRoot%\system32\DevQueryBroker.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 diagnosticshub.standardcollector.service;@%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000; C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-07-16 93184]
S3 DmEnrollmentSvc;@%systemroot%\system32\Windows.Internal.Management.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 DsSvc;@%SystemRoot%\system32\dssvc.dll,-10003; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 embeddedmode;@%SystemRoot%\system32\embeddedmodesvc.dll,-201; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 EntAppSvc;@EnterpriseAppMgmtSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2016-05-25 43696]
S3 FrameServer;@%systemroot%\system32\FrameServer.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-18 154440]
S3 HvHost;@%SystemRoot%\system32\hvhostsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 icssvc;@%SystemRoot%\System32\tetheringservice.dll,-4097; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2016-12-06 651576]
S3 irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NetSetupSvc;@%SystemRoot%\system32\NetSetupSvc.dll,-3; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 NgcCtnrSvc;@%SystemRoot%\System32\NgcCtnrSvc.dll,-1; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 NgcSvc;@%SystemRoot%\System32\ngcsvc.dll,-100; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2016-12-28 209096]
S3 PhoneSvc;@%SystemRoot%\system32\PhoneserviceRes.dll,-10000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc;@%SystemRoot%\system32\UserDataAccessRes.dll,-15001; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 PimIndexMaintenanceSvc_59a92;Contact Data_59a92; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 RetailDemo;@%SystemRoot%\System32\RDXService.dll,-256; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 RmSvc;@%SystemRoot%\system32\RMapi.dll,-1001; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]
S3 Sense;@%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-09-15 2889896]
S3 SensorDataService;@%SystemRoot%\system32\SensorDataService.exe,-101; C:\WINDOWS\System32\SensorDataService.exe [2016-09-07 1312768]
S3 SensorService;@%SystemRoot%\System32\sensorservice.dll,-1000; C:\WINDOWS\system32\svchost.exe [2016-07-16 44496]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 AppVClient;@%systemroot%\system32\AppVClient.exe,-102; C:\WINDOWS\system32\AppVClient.exe [2016-12-14 822624]
S4 shpamsvc;@%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100; C:\WINDOWS\System32\svchost.exe [2016-07-16 44496]

-----------------EOF-----------------

Felly006
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 28 lis 2016 12:41

Re: COM Surrogate opět útočí

#26 Příspěvek od Felly006 »

info.txt logfile of random's system information tool 1.10 2017-01-18 19:56:00

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F850E0183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731CFE4E11750C807E00800F848A00B280EB845532E48A5600CD135DEB9E813EFE7D55AA756EFF7600E88D007517FAB0D1E664E88300B0DFE660E87C00B0FFE664E87500FBB800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C007409BB0700B40ECD10EBF2F4EBFD2BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D000000637B9AE62D643400008020210007FEFFFF0008000000A00F0000DD1F3F07FEFFFF00A80F000098D31B000DCAFF27FEFFFF0040E31B00000F000000000000000000000000000000000055AA

======Uninstall list======

-->C:\ProgramData\{001400D9-8BC8-4B5C-892D-B224C94ECAF0}\Traktor Audio 10 Driver Setup PC.exe
-->C:\ProgramData\{018F1C44-00D1-417B-B251-92A5634F74AE}\Traktor Kontrol X1 Driver Setup PC.exe
-->C:\ProgramData\{033B4844-E9C3-45D2-88D9-34DDF3F91100}\Audio 2 DJ Driver Setup PC.exe
-->C:\ProgramData\{1A60280D-28AA-4D0E-9E05-8E115B994BEF}\Traktor Audio 2 MK2 Driver Setup PC.exe
-->C:\ProgramData\{219191E6-6846-4329-889D-7956C487D9A6}\Traktor Kontrol F1 Driver Setup PC.exe
-->C:\ProgramData\{4682E4CB-7209-4099-8AA1-580ABCCCE731}\Audio 4 DJ Driver Setup PC.exe
-->C:\ProgramData\{4D0E48A9-ECF9-4029-9600-9F629A79750C}\Traktor Kontrol S8 Driver Setup PC.exe
-->C:\ProgramData\{4FB3245C-1B65-4959-A8DA-A365D75D0AF4}\Traktor Audio 6 Driver Setup PC.exe
-->C:\ProgramData\{526CA30B-D871-406E-A018-ABE05E66D65B}\Traktor Kontrol Z1 Driver Setup PC.exe
-->C:\ProgramData\{571BB2D7-5EB2-4D33-9E0D-0D95E2CB9AE0}\Traktor Kontrol S2 MK2 Driver Setup PC.exe
-->C:\ProgramData\{5BEDCDDD-6193-41E1-8C9B-C688715F85CD}\Traktor Kontrol S4 MK2 Driver Setup PC.exe
-->C:\ProgramData\{8D4C602D-E844-4297-BB00-303F1AFBDCBE}\Traktor Kontrol D2 Driver Setup PC.exe
-->C:\ProgramData\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe
-->C:\ProgramData\{9B09061B-0A4F-42DA-9987-7D3F452DCB09}\Traktor Kontrol X1 MK2 Driver Setup PC.exe
-->C:\ProgramData\{9F570B21-E27A-40BE-A508-292899A7D042}\Traktor Kontrol S2 Driver Setup PC.exe
-->C:\ProgramData\{A198E666-CBDA-4466-B380-109F6AA58D3B}\Controller Editor Setup PC.exe
-->C:\ProgramData\{B7C85E99-2AC6-455D-B4D1-752A56403757}\Traktor Kontrol S4 Driver Setup PC.exe
-->C:\ProgramData\{D2030082-F62A-402A-9456-8009276FD896}\Audio 8 DJ Driver Setup PC.exe
-->C:\ProgramData\{DB2B4DA2-022F-4A27-A450-A6EB6677CA43}\Traktor Audio 2 Driver Setup PC.exe
-->C:\ProgramData\{E08B3CF8-17F6-42A9-822C-B111A3E743A6}\Traktor Kontrol S5 Driver Setup PC.exe
-->C:\ProgramData\{EB9C1D32-304E-4E8E-8D44-C4102A190A39}\Traktor 2 Setup PC.exe
-->C:\ProgramData\{EBAC69E7-D48F-4CC3-BD51-4AA55B9E55DC}\Traktor Kontrol Z2 Driver Setup PC.exe
Adobe Acrobat Reader DC - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AC0F074E4100}
Adobe Photoshop CS6-->C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}"
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001824211354}
Apple Mobile Device Support-->MsiExec.exe /I{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}
Apple Software Update-->MsiExec.exe /I{56EC47AA-5813-4FF6-8E75-544026FBEA83}
ASIO4ALL-->C:\Program Files (x86)\ASIO4ALL v2\uninstall.exe
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
Balíček ovladače systému Windows - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000)-->C:\PROGRA~1\DIFX\D29FE547208FE130\DPInst_x64.exe /u C:\WINDOWS\System32\DriverStore\FileRepository\android_winusb.inf_amd64_bd75d06c56998078\android_winusb.inf
Bonjour-->MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}
Canon LBP3010/LBP3018/LBP3050-->C:\Program Files\Canon\PrnUninstall\Canon LBP3010 LBP3018 LBP3050\CNAB8UND.EXE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Lite-->C:\Program Files\DAEMON Tools Lite\uninst.exe
FL Studio 12-->C:\Program Files (x86)\Image-Line\FL Studio 12\uninstall.exe
FL Studio ASIO-->C:\Program Files (x86)\Image-Line\FL Studio ASIO\uninstall.exe
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
iCloud-->MsiExec.exe /I{4BB313CE-D3D1-424C-8823-15CF85B00B05}
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Identity Protection Technology 1.2.32.0-->MsiExec.exe /X{2D793E41-F598-1014-9984-F3B169A93F79}
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
iTunes-->MsiExec.exe /I{81C96689-EA5B-4B7D-A04F-16326EC51BC2}
Java 8 Update 77-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218077F0}
Lenovo Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
Logitech Unifying Software 2.50-->C:\Program Files\Common Files\LogiShrd\Unifying\UnifyingUnInstaller.exe
Malwarebytes verze 3.0.5.1299-->"C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"
Mathcad 14.0 M020-->MsiExec.exe /I{8796E14E-2031-463F-8A9A-31062B2652B4}
Microsoft Audio Enhancement Troubleshooter installer-->MsiExec.exe /I{6E0351FF-6A71-45C5-A041-D4D9D8067EAF}
Microsoft Office 365 Business - cs-cz-->"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=O365BusinessRetail.16_cs-cz_x-none culture=cs-cz version.16=16.0
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005-->"C:\ProgramData\Package Cache\{7f51bdb9-ee21-49ee-94d6-90afc321780e}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005-->"C:\ProgramData\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe" /uninstall
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005-->MsiExec.exe /X{929FBD26-9020-399B-9A7A-751D61F0B942}
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005-->MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005-->MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Mobile Broadband Drivers-->"C:\Program Files (x86)\InstallShield Installation Information\{EA9640BE-414E-4195-B53B-7905BF1A5A09}\setup.exe" -runfromtemp -l0x0009 -removeonly
Mp3tag v2.79-->C:\Program Files (x86)\Mp3tag\Mp3tagUninstall.EXE
MSVCRT Redists-->MsiExec.exe /I{D4BD27CF-BFBC-11E3-9B8F-F04DA23A5C58}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Native Instruments Controller Editor-->"C:\ProgramData\{A198E666-CBDA-4466-B380-109F6AA58D3B}\Controller Editor Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Service Center-->"C:\ProgramData\{90D8CE90-3E6B-4034-A281-BC9F19B60A5B}\Service Center Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor 2-->"C:\ProgramData\{EB9C1D32-304E-4E8E-8D44-C4102A190A39}\Traktor 2 Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor Kontrol S4 MK2 Driver-->"C:\ProgramData\{5BEDCDDD-6193-41E1-8C9B-C688715F85CD}\Traktor Kontrol S4 MK2 Driver Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
Native Instruments Traktor Kontrol S8 Driver-->"C:\ProgramData\{4D0E48A9-ECF9-4029-9600-9F629A79750C}\Traktor Kontrol S8 Driver Setup PC.exe" REMOVE=TRUE MODIFY=FALSE
NVIDIA 3D Vision Driver 353.62-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Graphics Driver 353.62-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA nView 146.33-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NView
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Office 16 Click-to-Run Extensibility Component 64-bit Registration-->MsiExec.exe /X{90160000-00DD-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Extensibility Component-->MsiExec.exe /X{90160000-008C-0000-0000-0000000FF1CE}
Office 16 Click-to-Run Licensing Component-->MsiExec.exe /I{90160000-008F-0000-1000-0000000FF1CE}
Office 16 Click-to-Run Localization Component-->MsiExec.exe /X{90160000-008C-0405-0000-0000000FF1CE}
PDF Settings CS6-->MsiExec.exe /I{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}
Podpora aplikací Apple (32bitová)-->MsiExec.exe /I{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}
Podpora aplikací Apple (64bitová)-->MsiExec.exe /I{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}
RICOH_Media_Driver_v2.14.18.01-->"C:\Program Files (x86)\InstallShield Installation Information\{FE041B02-234C-4AAA-9511-80DF6482A458}\setup.exe" -runfromtemp -l0x0009 anything -removeonly
Skype™ 7.30-->MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6}
SpeedFan (remove only)-->"C:\Program Files (x86)\SpeedFan\uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}
Vegas Pro 13.0 (64-bit)-->MsiExec.exe /X{CDA02BF0-BFBC-11E3-AFA0-F04DA23A5C58}
VLC media player-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Warcraft III-->C:\WINDOWS\War3Unin.exe C:\WINDOWS\War3Unin.dat
WinRAR 5.20 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======


127.0.0.1 localhost
127.0.0.1 clients2.google.com
127.0.0.1 v1.ff.avast.com
127.0.0.1 vlcproxy.ff.avast.com

======System event log======

Computer Name: FIRENTB
Event Code: 27
Message: Typ spuštění byl 0x0.
Record Number: 5
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20160910073620.611018-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: FIRENTB
Event Code: 153
Message: Zabezpečení založené na virtualizaci (zásady: 0) je zakázáno se stavem STATUS_SUCCESS.
Record Number: 4
Source Name: Microsoft-Windows-Kernel-Boot
Time Written: 20160910073620.610865-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: FIRENTB
Event Code: 6005
Message: Služba Event Log byla spuštěna.
Record Number: 3
Source Name: EventLog
Time Written: 20160910073653.452561-000
Event Type: Informace
User:

Computer Name: FIRENTB
Event Code: 6009
Message: Microsoft (R) Windows (R) 10.00. 14393 Multiprocessor Free.
Record Number: 2
Source Name: EventLog
Time Written: 20160910073653.452561-000
Event Type: Informace
User:

Computer Name: FIRENTB
Event Code: 12
Message: Operační systém se spustil v systémovém čase ‎2016‎-‎09‎-‎10T07:36:20.486189700Z.
Record Number: 1
Source Name: Microsoft-Windows-Kernel-General
Time Written: 20160910073620.610811-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: FIRENTB
Event Code: 5
Message: Služba Windows Search úspěšně vytvořila výchozí konfiguraci pro nového uživatele FIRENTB\UpdatusUser.

Record Number: 7
Source Name: Microsoft-Windows-Search-ProfileNotify
Time Written: 20160910073828.912163-000
Event Type: Informace
User:

Computer Name: FIRENTB
Event Code: 5617
Message: Subsystémy služby WMI (Windows Management Instrumentation) byly úspěšně inicializovány.
Record Number: 6
Source Name: Microsoft-Windows-WMI
Time Written: 20160910073715.500643-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: FIRENTB
Event Code: 5615
Message: Služba WMI (Windows Management Instrumentation) byla úspěšně spuštěna.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20160910073653.975166-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: FIRENTB
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20160910073653.496676-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: FIRENTB
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20160910073653.499431-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: FIRENTB
Event Code: 4907
Message: Nastavení auditu objektu se změnila.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: FIRENTB$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: \Device\HarddiskVolume1\Boot\lv-LV\bootmgr.exe.mui
ID popisovače: 0x324

Informace o procesu:
ID procesu: 0x6c0
Název procesu: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

Nastavení auditu:
Původní popisovač zabezpečení: S:AINO_ACCESS_CONTROL
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 54087
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161210141257.926236-000
Event Type: Úspěšný audit
User:

Computer Name: FIRENTB
Event Code: 4907
Message: Nastavení auditu objektu se změnila.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: FIRENTB$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: \Device\HarddiskVolume1\Boot\lt-LT\bootmgr.exe.mui
ID popisovače: 0x324

Informace o procesu:
ID procesu: 0x6c0
Název procesu: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

Nastavení auditu:
Původní popisovač zabezpečení: S:AINO_ACCESS_CONTROL
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 54086
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161210141257.923070-000
Event Type: Úspěšný audit
User:

Computer Name: FIRENTB
Event Code: 4907
Message: Nastavení auditu objektu se změnila.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: FIRENTB$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: \Device\HarddiskVolume1\Boot\ko-KR\memtest.exe.mui
ID popisovače: 0x324

Informace o procesu:
ID procesu: 0x6c0
Název procesu: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

Nastavení auditu:
Původní popisovač zabezpečení: S:AINO_ACCESS_CONTROL
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 54085
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161210141257.919815-000
Event Type: Úspěšný audit
User:

Computer Name: FIRENTB
Event Code: 4907
Message: Nastavení auditu objektu se změnila.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: FIRENTB$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: \Device\HarddiskVolume1\Boot\ko-KR\bootmgr.exe.mui
ID popisovače: 0x324

Informace o procesu:
ID procesu: 0x6c0
Název procesu: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

Nastavení auditu:
Původní popisovač zabezpečení: S:AINO_ACCESS_CONTROL
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 54084
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161210141257.917268-000
Event Type: Úspěšný audit
User:

Computer Name: FIRENTB
Event Code: 4907
Message: Nastavení auditu objektu se změnila.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: FIRENTB$
Doména účtu: WORKGROUP
ID přihlášení: 0x3E7

Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: \Device\HarddiskVolume1\Boot\ja-JP\memtest.exe.mui
ID popisovače: 0x324

Informace o procesu:
ID procesu: 0x6c0
Název procesu: C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

Nastavení auditu:
Původní popisovač zabezpečení: S:AINO_ACCESS_CONTROL
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 54083
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20161210141257.913887-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"Path"=C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Services\IPT\;C:\Program Files\ThinkPad\Bluetooth Software\;C:\Program Files\ThinkPad\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Users\Felly\AppData\Local\Microsoft\WindowsApps;C:\adb
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"asl.log"=Destination=file

-----------------EOF-----------------

Projel jsem ještě PC MBamem a byl jsem nemile překvapen :shock:

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 18.01.17
Čas skenování: 19:59
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.5.1299
Verze komponentů: 1.0.43
Aktualizovat verzi balíku komponent: 1.0.1050
Licence: Bezplatný

-Systémová informace-
OS: Windows 10
CPU: x64
Systém souborů: NTFS
Uživatel: FIRENTB\Felly

-Shrnutí skenování-
Typ skenování: Skenování hrozeb (Threat Scan)
Výsledek: Dokončeno
Skenované objekty: 430811
Uplynulý čas: 2 min, 6 sek

-Možnosti skenování-
Paměť: Povoleno
Start: Povoleno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Zakázáno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 1
PUP.Optional.StartPage, HKU\S-1-5-21-2935431814-3145136583-2795862769-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Žádná uživatelská akce, [79], [359297],1.0.1050

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 1
PUP.Optional.Browsers.Generic, C:\USERS\FELLY\APPDATA\ROAMING\BROWSERS, Žádná uživatelská akce, [2504], [357611],1.0.1050

Soubor: 6
PUP.Optional.Browsers.Generic, C:\USERS\FELLY\APPDATA\ROAMING\BROWSERS\EXE.EROLPXEI.BAT, Žádná uživatelská akce, [2504], [357611],1.0.1050
PUP.Optional.Browsers.Generic, C:\Users\Felly\AppData\Roaming\Browsers\chrome.bat.exe, Žádná uživatelská akce, [2504], [357611],1.0.1050
PUP.Optional.Browsers.Generic, C:\Users\Felly\AppData\Roaming\Browsers\exe.emorhc.bat, Žádná uživatelská akce, [2504], [357611],1.0.1050
Hijack.HostFile, C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS, Žádná uživatelská akce, [212], [329328],1.0.1050
Adware.InstallMonster, C:\USERS\FELLY\APPDATA\LOCAL\TEMP\RAR$EXA0.478\RESEDIT_64EXE.EXE, Žádná uživatelská akce, [182], [361558],1.0.1050
Adware.InstallMonster, C:\USERS\FELLY\DOWNLOADS\RESEDIT_64EXE_9814991.ZIP, Žádná uživatelská akce, [182], [361558],1.0.1050

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: COM Surrogate opět útočí

#27 Příspěvek od Rudy »

Na tohle, bohužel, tip nemám. Názvy systémových souborů musí mít standardní tvar, jinak nebude systém řádně fungovat. Nálezy MBAM smažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Felly006
Návštěvník
Návštěvník
Příspěvky: 22
Registrován: 28 lis 2016 12:41

Re: COM Surrogate opět útočí

#28 Příspěvek od Felly006 »

Dobře, děkuji za obsáhlou pomoc! :worship:

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118192
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: COM Surrogate opět útočí

#29 Příspěvek od Rudy »

Rádo se stalo! :)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Zamčeno