http://prntscr.com/4jtg9w
Logfile of random's system information tool 1.10 (written by random/random)
Run by Emise 2 at 2014-09-05 07:05:55
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 429 GB (90%) free of 477 GB
Total RAM: 2985 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:06:17, on 5.9.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Users\Emise 2\AppData\Local\Skillbrains\lightshot\5.1.2.5\Lightshot.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\BOSCH_PR\DSA_4_15\Runtime\DSA.exe
C:\Program Files\DownloadManager\jre6\bin\javaw.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\BOSCH_PR\DSA_4_15\Runtime\DDB\F10HookApp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Windows\system32\msiexec.exe
C:\ESA\ESA.exe
C:\Bosch_pr\rbser32\rbser32.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\EMISE2~1\AppData\Local\Temp\KB00147545.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Emise 2\Downloads\RSIT.exe
C:\Program Files\trend micro\Emise 2.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [DSA_F10TimeoutSetter] C:\BOSCH_PR\DSA_4_15\Runtime\DDB\F10TimeoutSetter.exe
O4 - HKLM\..\Run: [DSA_AutoBackup] C:\BOSCH_PR\DSA_4_15\Runtime\AutoBackup.exe
O4 - HKLM\..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [StartDDM] C:\Program Files\DownloadManager\bin\runDDM.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [LightShot] C:\Users\Emise 2\AppData\Local\Skillbrains\lightshot\Lightshot.exe Flags: uninsdeletevalue
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E37C3E4F25E4BA82E96E7D838561D3D1] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [SYS_UPDATE_A894C1F8BECBD4D484FA642] C:\Users\Emise 2\AppData\Roaming\WinRAR\sysnaaxdn.exe
O4 - HKLM\..\Policies\Explorer\Run: [709600822] C:\PROGRA~2\msaoncza.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O4 - Global Startup: Diagnostics - Software.lnk = C:\BOSCH_PR\DSA_4_15\Runtime\DSA.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: ESItronic 2.0 Database Service - Transaction Software, D 81829 Munich - C:\Program Files\Bosch\ESItronic 2.0\ESItronic\transbase\tbmux32.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
--
End of file - 7509 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\update-S-1-5-21-4070848095-3095224985-2879604794-1000.job - C:\Program Files\Skillbrains\Updater\Updater.exe -runmode=checkupdate
C:\Windows\tasks\update-sys.job - C:\Program Files\Skillbrains\Updater\Updater.exe -runmode=checkupdate
=========Mozilla firefox=========
ProfilePath - C:\Users\Emise 2\AppData\Roaming\Mozilla\Firefox\Profiles\zd0ef08m.default
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-06-28 10127976]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-08-31 142616]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-08-31 177432]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-08-31 176408]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"DSA_F10TimeoutSetter"=C:\BOSCH_PR\DSA_4_15\Runtime\DDB\F10TimeoutSetter.exe [2010-08-10 359936]
"DSA_AutoBackup"=C:\BOSCH_PR\DSA_4_15\Runtime\AutoBackup.exe [2011-02-28 45056]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2009-07-22 83336]
"BrStsMon00"=C:\Program Files\Browny02\Brother\BrStMonW.exe [2010-06-10 2621440]
"StartDDM"=C:\Program Files\DownloadManager\bin\runDDM.exe [2012-02-10 260608]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-05-08 959904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"709600822"=C:\PROGRA~2\msaoncza.exe [2014-09-05 154112]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightShot"=C:\Users\Emise 2\AppData\Local\Skillbrains\lightshot\Lightshot.exe [2014-03-12 226592]
"GoogleChromeAutoLaunch_E37C3E4F25E4BA82E96E7D838561D3D1"=C:\Program Files\Google\Chrome\Application\chrome.exe [2014-08-30 852808]
"SYS_UPDATE_A894C1F8BECBD4D484FA642"=C:\Users\Emise 2\AppData\Roaming\WinRAR\sysnaaxdn.exe [2014-09-05 194048]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
CodeMeter Control Center.lnk - C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
Diagnostics - Software.lnk - C:\BOSCH_PR\DSA_4_15\Runtime\DSA.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-08-31 294400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"TaskbarNoNotification"=0
"HideSCAHealth"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"TaskbarNoNotification"=0
"HideSCAHealth"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe"="C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe"="C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-09-05 07:05:55 ----D---- C:\rsit
2014-09-05 07:05:55 ----D---- C:\Program Files\trend micro
2014-08-28 12:13:50 ----A---- C:\Windows\system32\MSVBVM50.dll
2014-08-28 12:13:50 ----A---- C:\Windows\ST5UNST.EXE
2014-08-28 06:19:48 ----A---- C:\Windows\system32\win32k.sys
2014-08-28 06:19:48 ----A---- C:\Windows\system32\gdi32.dll
2014-08-13 06:51:55 ----A---- C:\Windows\system32\infocardapi.dll
2014-08-13 06:51:51 ----A---- C:\Windows\system32\icardres.dll
2014-08-13 06:51:46 ----A---- C:\Windows\system32\icardagt.exe
2014-08-13 06:51:41 ----A---- C:\Windows\system32\TsWpfWrp.exe
2014-08-13 06:07:44 ----A---- C:\Windows\system32\rpcrt4.dll
2014-08-13 06:07:43 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2014-08-13 06:07:43 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2014-08-13 06:07:43 ----A---- C:\Windows\system32\cdd.dll
2014-08-13 06:07:41 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 06:07:41 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-08-13 06:07:41 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-08-13 06:07:40 ----A---- C:\Windows\system32\urlmon.dll
2014-08-13 06:07:40 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-13 06:07:40 ----A---- C:\Windows\system32\jsproxy.dll
2014-08-13 06:07:40 ----A---- C:\Windows\system32\iernonce.dll
2014-08-13 06:07:40 ----A---- C:\Windows\system32\iedkcs32.dll
2014-08-13 06:07:39 ----A---- C:\Windows\system32\msfeeds.dll
2014-08-13 06:07:39 ----A---- C:\Windows\system32\ieUnatt.exe
2014-08-13 06:07:39 ----A---- C:\Windows\system32\dxtmsft.dll
2014-08-13 06:07:38 ----A---- C:\Windows\system32\vbscript.dll
2014-08-13 06:07:38 ----A---- C:\Windows\system32\msrating.dll
2014-08-13 06:07:38 ----A---- C:\Windows\system32\iesetup.dll
2014-08-13 06:07:38 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-08-13 06:07:38 ----A---- C:\Windows\system32\ie4uinit.exe
2014-08-13 06:07:37 ----A---- C:\Windows\system32\wininet.dll
2014-08-13 06:07:37 ----A---- C:\Windows\system32\ieapfltr.dll
2014-08-13 06:07:37 ----A---- C:\Windows\system32\dxtrans.dll
2014-08-13 06:07:36 ----A---- C:\Windows\system32\ieui.dll
2014-08-13 06:07:36 ----A---- C:\Windows\system32\ieframe.dll
2014-08-13 06:07:35 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-08-13 06:07:35 ----A---- C:\Windows\system32\mshtmled.dll
2014-08-13 06:07:35 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-08-13 06:07:35 ----A---- C:\Windows\system32\iertutil.dll
2014-08-13 06:07:34 ----A---- C:\Windows\system32\jscript9diag.dll
2014-08-13 06:07:34 ----A---- C:\Windows\system32\jscript9.dll
2014-08-13 06:07:33 ----A---- C:\Windows\system32\mshtml.dll
2014-08-13 06:06:33 ----A---- C:\Windows\system32\tzres.dll
2014-08-13 06:06:24 ----A---- C:\Windows\system32\msihnd.dll
2014-08-13 06:06:24 ----A---- C:\Windows\system32\msi.dll
2014-08-13 06:06:24 ----A---- C:\Windows\system32\consent.exe
2014-08-13 06:06:24 ----A---- C:\Windows\system32\authui.dll
2014-08-13 06:06:15 ----A---- C:\Windows\system32\aepdu.dll
2014-08-13 06:06:14 ----A---- C:\Windows\system32\shell32.dll
2014-08-13 06:06:14 ----A---- C:\Windows\system32\aeinv.dll
2014-08-13 06:06:12 ----A---- C:\Windows\system32\KBDYAK.DLL
2014-08-13 06:06:12 ----A---- C:\Windows\system32\KBDTAT.DLL
2014-08-13 06:06:12 ----A---- C:\Windows\system32\KBDRU1.DLL
2014-08-13 06:06:12 ----A---- C:\Windows\system32\KBDRU.DLL
2014-08-13 06:06:11 ----A---- C:\Windows\system32\KBDBASH.DLL
======List of files/folders modified in the last 1 month======
2014-09-05 07:06:14 ----D---- C:\Windows\Temp
2014-09-05 07:06:06 ----D---- C:\Windows\Prefetch
2014-09-05 07:05:55 ----RD---- C:\Program Files
2014-09-05 06:58:24 ----D---- C:\Windows\system32\drivers
2014-09-05 06:58:24 ----AD---- C:\Windows
2014-09-05 06:47:32 ----D---- C:\3f0613709d902db9095adab726db5aee
2014-09-05 06:47:00 ----D---- C:\Program Files\WinRAR
2014-09-05 06:46:33 ----D---- C:\Program Files\Internet Explorer
2014-09-05 06:46:11 ----D---- C:\Windows\System32
2014-09-05 06:46:03 ----D---- C:\Program Files\Windows Media Player
2014-09-05 06:45:56 ----D---- C:\Windows\system32\wbem
2014-09-05 06:45:43 ----D---- C:\Windows\system32\Wat
2014-09-05 06:44:37 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-09-05 06:43:54 ----D---- C:\Windows\ehome
2014-09-05 06:40:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-09-05 06:38:03 ----D---- C:\Users\Emise 2\AppData\Roaming\WinRAR
2014-09-05 06:37:56 ----ASH---- C:\ProgramData\msaoncza.exe
2014-09-05 06:37:54 ----A---- C:\Windows\system32\log.txt
2014-09-05 06:36:16 ----D---- C:\Windows\system32\catroot2
2014-09-05 06:35:44 ----HD---- C:\ProgramData
2014-09-05 06:34:09 ----D---- C:\Windows\system32\config
2014-09-04 14:46:12 ----D---- C:\servis
2014-09-04 14:12:58 ----D---- C:\ESA_KDB
2014-09-03 10:24:33 ----A---- C:\Windows\ESIDATA.ini
2014-09-01 12:26:17 ----SHD---- C:\System Volume Information
2014-08-28 07:20:08 ----D---- C:\Windows\winsxs
2014-08-28 06:19:07 ----D---- C:\Windows\system32\catroot
2014-08-26 06:10:43 ----SHD---- C:\Windows\Installer
2014-08-26 06:10:42 ----SHD---- C:\Config.Msi
2014-08-13 12:14:09 ----D---- C:\Windows\rescache
2014-08-13 11:43:09 ----D---- C:\Windows\Microsoft.NET
2014-08-13 11:42:51 ----RSD---- C:\Windows\assembly
2014-08-13 11:33:55 ----D---- C:\Windows\system32\en-US
2014-08-13 11:33:55 ----D---- C:\Windows\system32\cs-CZ
2014-08-13 11:33:55 ----D---- C:\Windows\PolicyDefinitions
2014-08-13 11:33:54 ----SD---- C:\Windows\system32\CompatTel
2014-08-13 11:33:53 ----RSD---- C:\Windows\Fonts
2014-08-13 06:56:55 ----D---- C:\ProgramData\Microsoft Help
2014-08-13 06:56:11 ----D---- C:\Windows\system32\MRT
2014-08-13 06:54:06 ----A---- C:\Windows\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 MpKslc97966ee;MpKslc97966ee; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C042408A-5667-4716-8FFB-8018FD92EA3A}\MpKslc97966ee.sys [2014-09-05 39464]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-07-28 69480]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-06-02 101352]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-06-02 317416]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-08-31 10855424]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-06-28 3525352]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
R3 MEI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
R3 SNXPCARD;Multi-I/O Card Driver; C:\Windows\system32\DRIVERS\snxpcard.sys [2009-12-03 59272]
R3 SNXPSERX;Multi-I/O Serial Port Driver; C:\Windows\system32\DRIVERS\snxpserx.sys [2009-12-03 60808]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 46984]
R3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2009-09-24 169320]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-06-19 79872]
R3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2009-09-14 49400]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-06-19 42472]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 21608]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2009-08-05 61168]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-05-08 65432]
R2 CodeMeter.exe;CodeMeter Runtime Server; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2013-11-15 3105144]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ESItronic 2.0 Database Service;ESItronic 2.0 Database Service; C:\Program Files\Bosch\ESItronic 2.0\ESItronic\transbase\tbmux32.exe [2014-04-18 354064]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-20 325656]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R3 BrYNSvc;BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [2010-01-25 245760]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2009-10-21 148848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-02 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 262320]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-02 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-07-25 108032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-03 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-19 1343400]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Něco jsem nechtě stáhl do firemního počítač prosím kontrolu
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Re: Něco jsem nechtě stáhl do firemního počítač prosím kontr
Mbamb našel trojan ransom.ed
Re: Něco jsem nechtě stáhl do firemního počítač prosím kontr
Zdravim 
Tak firemni PC sverte vasemu IT nebo odpovednemu managementu
Tak firemni PC sverte vasemu IT nebo odpovednemu managementu
6. Fórum viry.cz se nezabývá odvirováním firemních PC - na toto jsou ve firmách placení (a někdy až hodně nadstandardně) IT technici, případně si je firma může najmout. My jsme tu zdarma a ve svém volném čase, nehodláme dělat práci za někoho jiného, kdo si pak jen slízne smetánku a plat. Taktéž ani neposkytujeme poradenství v oblasti zabezpečení firemních sítí či nastavení firemních sítí. Zkrátka a jednoduše, naše fórum poskytuje podporu pouze domácím uživatelům.
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Něco jsem nechtě stáhl do firemního počítač prosím kontr
Žádné nemáme , ale i tak děkuju za Váš čas
Re: Něco jsem nechtě stáhl do firemního počítač prosím kontr
Nečetl jsem tyhle stanovy omlouvám se
Re: Něco jsem nechtě stáhl do firemního počítač prosím kontr
Pokud nemate IT, tak si muzete objednat servis. Pripadne je veci managementu firmy, jak se po to stara. My ale vyplatni pasky od vasi firmy nedostavame...
V poradku, tema uzaviram
V poradku, tema uzaviram
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?