Dobry vecer!
Pisem sem uz po tretikrat, predtym ste mi velmi pomohli, takze sa na Vas obraciam opat. Pri mojom poslednom vypnuti notebooku, ma system odhlasil, vypla sa obrazovka, ale pocitac dalej bezal a to az do rana. Ked som vstal, tak som ho vypol natvrdo, pridrzanim tlacidla zapnutia. Po dalsom zapnuti pocitac nabiehal neuveritelne dlho bez toho aby podaval hlasku o nejakej aktualizacii Windowsu, ked som siel na net, stranka sa velmi dlho nacitala a objavila sa mi chybova sprava o flash playeri. Pred nedavnom som stahoval nejaku aktualizaciu flashu, kedze sa mi objavila sprava na ploche ohladne aktualizacie. Ked som zakazal v mozille zasuvny modul flash player a kodek OpenH264 video - zasuvny modul o ktorom vobec neviem, ze by som ho instaloval do mozilli, internet ide tak ako predtym. Odinstaloval som flash player a nainstaloval nanovo z oficialnych stranok adobe.
Mozte sa prosim pozriet na to, ci nemam v pocitaci spyware? A chcel som sa este opytat, ak je spyware v pocitaci, moze hacker sledovat aktivitu, len pri pripojeni pocitaca k internetu, alebo aj bez pripojenia? (Existuju programy, ktore umoznuju sledovat aktivitu na inych pocitacoch, ak sme v spolocnej sieti / aj bey pripojenia na internet?) Nevyznam sa v tom, len by som to rad vedel. Velmi pekne dakujem za odpoved.
Tu je log y RSIT
Logfile of random's system information tool 1.10 (written by random/random)
Run by Greg at 2015-01-05 19:04:08
Microsoft Windows 8
System drive C: has 141 GB (20%) free of 698 GB
Total RAM: 3979 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:07:45, on 5.1.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17183)
Boot mode: Normal
Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberGhost 5\CyberGhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Greg.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{2575023E-98B4-44F1-AD9C-818A9B5A1A0C}: NameServer = 95.169.183.219,89.41.60.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{8626304B-BA45-41E4-9483-662E63AF411F}: NameServer = 95.169.183.219,89.41.60.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem7.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10831 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\CyberGhost 5\Service.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-565fbf49-e23a-4e2b-a231-ac13009d6c0b -SystemEventPortName:HostProcess-8a151c4e-8077-4a24-b5b4-a584bfb71b44 -IoCancelEventPortName:HostProcess-f87946e1-3b7b-4c7b-8e65-300196b2e8ef -NonStateChangingEventPortName:HostProcess-1b257a1e-0fc4-4b00-b82e-f449d2755963 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:daf19ba1-b553-452a-b3cc-b5861f1f2a87 -DeviceGroupId:
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1b0dbaf3-315a-430f-8eb8-b067b7ba6855 -SystemEventPortName:HostProcess-d10c1f25-7214-42ec-8a15-0452da48bda4 -IoCancelEventPortName:HostProcess-7834b2ff-adf2-4020-bcb1-8717ab4e0c13 -NonStateChangingEventPortName:HostProcess-1cfc1a54-6117-401a-baab-6c88ba8d82d7 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:802340fd-738c-4ff9-95dd-b0ed155ad918 -DeviceGroupId:WudfDefaultDevicePool
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\System32\WinLogon.exe -SpecialSession
C:\Windows\system32\svchost.exe -k GPSvcGroup
-hiberboot
atieclxx
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
taskhostex.exe
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\Windows\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe" Restart Start EEU 52 avastui.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\CyberGhost 5\CyberGhost.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "https://rest.cyberghostvpn.com/cg/links ... =1&lang=en"
"C:\Program Files\CyberGhost 5\Data\OpenVPN\openvpn.exe" --remote 79.141.163.11 80 --service CyberGhost5OVPNQuit --management 127.0.0.1 48116 --management-hold --management-query-passwords --ca "C:\Users\Greg\AppData\Local\CyberGhost\ca.crt" --cert "C:\Users\Greg\AppData\Local\CyberGhost\QXEDQEEEZNBEHQBSTGQEELDXRNJCFK.crt" --key "C:\Users\Greg\AppData\Local\CyberGhost\QXEDQEEEZNBEHQBSTGQEELDXRNJCFK.key" --redirect-gateway def1 --dev tun --auth-user-pass --client --proto udp --dhcp-renew --dhcp-release --resolv-retry infinite --persist-key --persist-tun --nobind --cipher AES-256-CBC --auth MD5 --ping 15 --ping-exit 90 --ping-restart 0 --explicit-exit-notify 2 --script-security 2 --remote-cert-tls server --tun-mtu 1500 --fragment 1300 --mssfix 1300 --verb 4 --comp-lzo --route-delay 5 20 --mute-replay-warnings
\??\C:\Windows\system32\conhost.exe 0x4
"C:\ukoly_2013\pocitac\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\HPCeeScheduleForGreg.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForGreg (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default
prefs.js - "browser.startup.homepage" - "https://startpage.com"
prefs.js - "keyword.URL" - "https://startpage.com/do/metasearch.pl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\extensions\
isreaditlater@ideashower.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\searchplugins\
startpage-avast.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-19 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-19 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-08-23 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-08-23 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-08-23 441152]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-09-20 1664000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-12-16 21720]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-09-26 6482200]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-08-31 56128]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2012-07-17 684064]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-08-29 334240]
""= []
"BtTray"=c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-08-16 364032]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08 111120]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-24 491120]
"RemoteControl10"=c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"YouCam Mirage"=c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-08-31 136488]
"YouCam Tray"=c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2012-08-31 167024]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-19 5227112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-08-23 441856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-01-05 19:04:08 ----D---- C:\rsit
2015-01-05 19:04:08 ----D---- C:\Program Files\trend micro
2015-01-03 17:29:42 ----D---- C:\Program Files\TAP-Windows
2015-01-03 17:29:32 ----D---- C:\Program Files\CyberGhost 5
2015-01-01 19:15:50 ----D---- C:\Users\Greg\AppData\Roaming\VitySoft
2014-12-19 09:25:20 ----D---- C:\Users\Greg\AppData\Roaming\AVAST Software
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswSP.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswsnx.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-12-19 09:18:37 ----A---- C:\Windows\system32\aswBoot.exe
2014-12-19 09:18:33 ----A---- C:\Windows\avastSS.scr
2014-12-19 09:17:54 ----A---- C:\Windows\system32\drivers\aswTap.sys
2014-12-19 09:14:57 ----D---- C:\Program Files\AVAST Software
2014-12-19 09:10:17 ----D---- C:\ProgramData\AVAST Software
2014-12-13 17:53:16 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-12-12 06:11:07 ----A---- C:\Windows\SYSWOW64\vsstrace.dll
2014-12-12 06:11:07 ----A---- C:\Windows\SYSWOW64\vssapi.dll
2014-12-12 06:11:07 ----A---- C:\Windows\system32\VSSVC.exe
2014-12-12 06:11:07 ----A---- C:\Windows\system32\vsstrace.dll
2014-12-12 06:11:07 ----A---- C:\Windows\system32\vssapi.dll
2014-12-12 05:56:53 ----A---- C:\Windows\system32\mshtml.dll
2014-12-12 05:56:49 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-12 05:56:48 ----A---- C:\Windows\system32\ieframe.dll
2014-12-12 05:56:47 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-12 05:56:47 ----A---- C:\Windows\system32\iertutil.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\wininet.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\uxtheme.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\urlmon.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\jscript9.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\jscript.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\iesysprep.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\uxtheme.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\UXInit.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\UXInit.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\msrating.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iesetup.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iernonce.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-12 05:56:45 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-12 05:54:48 ----A---- C:\Windows\system32\shell32.dll
2014-12-12 05:54:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-12-12 05:54:45 ----A---- C:\Windows\SYSWOW64\mfmpeg2srcsnk.dll
2014-12-12 05:54:45 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2014-12-12 05:54:45 ----A---- C:\Windows\system32\mfmpeg2srcsnk.dll
2014-12-12 05:54:45 ----A---- C:\Windows\system32\dnsapi.dll
2014-12-12 05:54:44 ----A---- C:\Windows\system32\dnsrslvr.dll
2014-12-11 20:41:43 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-11 20:41:43 ----A---- C:\Windows\system32\WindowsCodecs.dll
======List of files/folders modified in the last 1 month======
2015-01-05 19:04:20 ----D---- C:\Windows\Prefetch
2015-01-05 19:04:08 ----RD---- C:\Program Files
2015-01-05 18:35:25 ----D---- C:\Windows\Temp
2015-01-05 18:24:18 ----D---- C:\Windows
2015-01-05 18:23:49 ----D---- C:\Windows\debug
2015-01-05 18:15:41 ----D---- C:\Windows\Tasks
2015-01-05 18:15:41 ----D---- C:\Windows\system32\Tasks
2015-01-05 18:13:07 ----SHD---- C:\Windows\Installer
2015-01-05 18:13:06 ----RD---- C:\Program Files (x86)
2015-01-05 18:10:38 ----D---- C:\Windows\SoftwareDistribution
2015-01-05 18:10:38 ----D---- C:\Windows\Inf
2015-01-05 18:00:00 ----D---- C:\Windows\system32\sru
2015-01-05 14:55:29 ----D---- C:\Program Files (x86)\Common Files
2015-01-05 14:55:23 ----D---- C:\ProgramData\Adobe
2015-01-05 14:55:01 ----D---- C:\Windows\SysWOW64
2015-01-05 14:54:50 ----SHD---- C:\System Volume Information
2015-01-05 14:52:05 ----D---- C:\USB-HDD
2015-01-05 14:49:20 ----A---- C:\Windows\SYSWOW64\log.txt
2015-01-05 14:47:18 ----D---- C:\ProgramData\PDFC
2015-01-05 14:46:42 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-01-04 11:53:54 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-04 04:50:24 ----D---- C:\Windows\Microsoft.NET
2015-01-03 17:30:07 ----D---- C:\Windows\system32\Drivers
2015-01-03 17:30:06 ----D---- C:\Windows\system32\DriverStore
2015-01-03 14:14:20 ----D---- C:\Windows\system32\NDF
2015-01-03 13:34:31 ----D---- C:\ukoly_2013
2014-12-26 17:23:52 ----D---- C:\Program Files (x86)\Hewlett-Packard
2014-12-26 17:23:26 ----D---- C:\swsetup
2014-12-22 14:36:39 ----D---- C:\Windows\SYSWOW64\SupportAppCB
2014-12-22 14:36:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 07:17:53 ----HD---- C:\Program Files\WindowsApps
2014-12-22 07:17:53 ----D---- C:\Windows\AUInstallAgent
2014-12-19 16:04:29 ----D---- C:\Windows\system32\config
2014-12-19 15:33:42 ----D---- C:\Windows\WinSxS
2014-12-19 15:32:00 ----RSD---- C:\Windows\assembly
2014-12-19 09:29:06 ----RD---- C:\Windows\System32
2014-12-19 09:29:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-19 09:23:00 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 09:21:12 ----HD---- C:\ProgramData
2014-12-13 18:18:09 ----D---- C:\Windows\rescache
2014-12-13 18:09:06 ----D---- C:\Windows\system32\MRT
2014-12-13 18:06:34 ----A---- C:\Windows\system32\MRT.exe
2014-12-13 17:18:34 ----D---- C:\Windows\system32\wdi
2014-12-13 08:42:28 ----RD---- C:\Windows\ToastData
2014-12-13 08:42:25 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-13 08:42:22 ----D---- C:\Program Files\Internet Explorer
2014-12-12 06:12:04 ----D---- C:\Windows\CbsTemp
2014-12-12 06:11:17 ----D---- C:\Windows\system32\catroot2
2014-12-09 20:53:51 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdkmpfd;@oem19.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2012-07-09 35496]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-19 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-19 267632]
R0 hpdskflt;@oem7.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-08-22 31040]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2012-08-28 646712]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-19 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-19 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-19 436624]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-19 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-19 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-19 116728]
R3 Accelerometer;@oem7.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-08-22 43328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-08-01 10280960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-08-01 368640]
R3 BtAudioBusSrv;@oem15.inf,%SvcDesc%;IVT Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 clwvd;@oem26.inf,%clwvd.DeviceDesc%;CyberLink Webcam Sharing Manager; C:\Windows\system32\DRIVERS\clwvd.sys [2012-08-28 40944]
R3 HpqKbFiltr;@oem5.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2012-08-27 26504]
R3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-08-23 9000256]
R3 JMCR;JMCR; C:\Windows\System32\drivers\jmcr.sys [2014-08-29 176880]
R3 MEIx64;@oem9.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 netr28x;@oem31.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 rtbth;@oem30.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem6.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-06-13 683664]
R3 SensorsServiceDriver;@sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%;UMDF Reflector service for SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
R3 SNP2UVC;@oem22.inf,%SERVICE_DISPLAY_NAME%;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-10-04 1864328]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-09-20 543744]
R3 SynTP;@oem32.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 tap0901;@oem34.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S3 aswTap;@oem33.inf,%DeviceDescription%;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2014-12-19 44640]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-20 56904]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-08-14 48736]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2012-07-25 64832]
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-08-23 9000256]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-08-15 41272]
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-08-15 43832]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-01 43008]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-05 210560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-08-01 239616]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-19 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-08-14 1578496]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 CGVPNCliService;CyberGhost 5 Client Service; C:\Program Files\CyberGhost 5\Service.exe [2014-11-03 64616]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-08-25 488824]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-08-29 523680]
R2 hpsrv;@oem7.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2012-08-22 33600]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-08-28 7168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-06-20 634632]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-19 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-19 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-19 277824]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-07-17 1134624]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-09-20 323072]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-19 365376]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-07-19 2714232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-08-14 138752]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05 267440]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-08-23 276288]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2012-08-01 477088]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-13 114800]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
spyware z flash playera?
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119679
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: spyware z flash playera?
Zdravím!
Spusťte nejprve tuto utilitu:
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
benjamin777
- Návštěvník
- Příspěvky: 39
- Registrován: 20 črc 2013 07:26
Re: spyware z flash playera?
Dakujem, tu je log:
# AdwCleaner v4.106 - Report created 05/01/2015 at 20:33:51
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 8 (64 bits)
# Username : Greg - ADONAI
# Running from : C:\Users\Greg\Desktop\adwcleaner_4.106.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\Extensions\isreaditlater@ideashower.com
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.17183
-\\ Mozilla Firefox v34.0.5 (x86 sk)
*************************
AdwCleaner[R0].txt - [1627 octets] - [08/08/2014 18:28:32]
AdwCleaner[R1].txt - [973 octets] - [05/01/2015 20:31:24]
AdwCleaner[S0].txt - [1689 octets] - [08/08/2014 18:32:43]
AdwCleaner[S1].txt - [897 octets] - [05/01/2015 20:33:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [956 octets] ##########
# AdwCleaner v4.106 - Report created 05/01/2015 at 20:33:51
# Updated 21/12/2014 by Xplode
# Database : 2014-12-21.4 [Local]
# Operating System : Windows 8 (64 bits)
# Username : Greg - ADONAI
# Running from : C:\Users\Greg\Desktop\adwcleaner_4.106.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\Extensions\isreaditlater@ideashower.com
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.17183
-\\ Mozilla Firefox v34.0.5 (x86 sk)
*************************
AdwCleaner[R0].txt - [1627 octets] - [08/08/2014 18:28:32]
AdwCleaner[R1].txt - [973 octets] - [05/01/2015 20:31:24]
AdwCleaner[S0].txt - [1689 octets] - [08/08/2014 18:32:43]
AdwCleaner[S1].txt - [897 octets] - [05/01/2015 20:33:51]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [956 octets] ##########
-
Rudy
- Site Admin
- Příspěvky: 119679
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: spyware z flash playera?
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
benjamin777
- Návštěvník
- Příspěvky: 39
- Registrován: 20 črc 2013 07:26
Re: spyware z flash playera?
Logfile of random's system information tool 1.10 (written by random/random)
Run by Greg at 2015-01-05 21:21:32
Microsoft Windows 8
System drive C: has 141 GB (20%) free of 698 GB
Total RAM: 3979 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:21:33, on 5.1.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17183)
Boot mode: Normal
Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberGhost 5\CyberGhost.exe
C:\Program Files\trend micro\Greg.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{2575023E-98B4-44F1-AD9C-818A9B5A1A0C}: NameServer = 95.169.183.219,89.41.60.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{8626304B-BA45-41E4-9483-662E63AF411F}: NameServer = 95.169.183.219,89.41.60.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem7.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10779 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\Windows\system32\atiesrxx.exe
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\CyberGhost 5\Service.exe"
C:\Windows\system32\wbem\wmiprvse.exe
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\Explorer.EXE
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-28648817-ef16-45a5-b682-e76411168d29 -SystemEventPortName:HostProcess-b1856d6f-7d4a-4461-bd1c-9162d5b79ff6 -IoCancelEventPortName:HostProcess-7d947e0e-a125-4ac8-bfac-2272e60d1601 -NonStateChangingEventPortName:HostProcess-1134a62a-f5ad-456d-b92f-084b06c1b8c0 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:14b8ac09-0885-4a19-a44b-131c6a3de8bc -DeviceGroupId:
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-351cd02b-a521-4258-8f9e-fa4b9dd05f5c -SystemEventPortName:HostProcess-bf1c9125-6608-4b95-b308-9d54d85bc0c8 -IoCancelEventPortName:HostProcess-37a32797-6301-435c-af86-020c683ea89a -NonStateChangingEventPortName:HostProcess-2126c7a9-0ef6-4196-8240-2034e9e6975e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d8fc11df-bce3-4c23-84b3-f3121811e52f -DeviceGroupId:WudfDefaultDevicePool
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe" Restart Start EEU 52 avastui.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\CyberGhost 5\CyberGhost.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\CyberGhost 5\Data\OpenVPN\openvpn.exe" --remote 195.154.45.213 8081 --service CyberGhost5OVPNQuit --management 127.0.0.1 48116 --management-hold --management-query-passwords --ca "C:\Users\Greg\AppData\Local\CyberGhost\ca.crt" --cert "C:\Users\Greg\AppData\Local\CyberGhost\QXEDQEEEZNBEHQBSTGQEELDXRNJCFK.crt" --key "C:\Users\Greg\AppData\Local\CyberGhost\QXEDQEEEZNBEHQBSTGQEELDXRNJCFK.key" --redirect-gateway def1 --dev tun --auth-user-pass --client --proto udp --dhcp-renew --dhcp-release --resolv-retry infinite --persist-key --persist-tun --nobind --cipher AES-256-CBC --auth MD5 --ping 15 --ping-exit 90 --ping-restart 0 --explicit-exit-notify 2 --script-security 2 --remote-cert-tls server --tun-mtu 1500 --fragment 1300 --mssfix 1300 --verb 4 --comp-lzo --route-delay 5 20 --mute-replay-warnings
\??\C:\Windows\system32\conhost.exe 0x4
taskeng.exe {224D0061-4305-4891-8B87-6D5D1EB76DDC}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\ukoly_2013\pocitac\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\HPCeeScheduleForGreg.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForGreg (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default
prefs.js - "browser.startup.homepage" - "https://startpage.com"
prefs.js - "keyword.URL" - "https://startpage.com/do/metasearch.pl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\searchplugins\
startpage-avast.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-19 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-19 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-08-23 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-08-23 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-08-23 441152]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-09-20 1664000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-12-16 21720]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-09-26 6482200]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-08-31 56128]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2012-07-17 684064]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-08-29 334240]
""= []
"BtTray"=c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-08-16 364032]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08 111120]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-24 491120]
"RemoteControl10"=c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"YouCam Mirage"=c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-08-31 136488]
"YouCam Tray"=c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2012-08-31 167024]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-19 5227112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-08-23 441856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-01-05 19:04:08 ----D---- C:\rsit
2015-01-05 19:04:08 ----D---- C:\Program Files\trend micro
2015-01-03 17:29:42 ----D---- C:\Program Files\TAP-Windows
2015-01-03 17:29:32 ----D---- C:\Program Files\CyberGhost 5
2015-01-01 19:15:50 ----D---- C:\Users\Greg\AppData\Roaming\VitySoft
2014-12-19 09:25:20 ----D---- C:\Users\Greg\AppData\Roaming\AVAST Software
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswSP.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswsnx.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-12-19 09:18:37 ----A---- C:\Windows\system32\aswBoot.exe
2014-12-19 09:18:33 ----A---- C:\Windows\avastSS.scr
2014-12-19 09:17:54 ----A---- C:\Windows\system32\drivers\aswTap.sys
2014-12-19 09:14:57 ----D---- C:\Program Files\AVAST Software
2014-12-19 09:10:17 ----D---- C:\ProgramData\AVAST Software
2014-12-13 17:53:16 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-12-12 06:11:07 ----A---- C:\Windows\SYSWOW64\vsstrace.dll
2014-12-12 06:11:07 ----A---- C:\Windows\SYSWOW64\vssapi.dll
2014-12-12 06:11:07 ----A---- C:\Windows\system32\VSSVC.exe
2014-12-12 06:11:07 ----A---- C:\Windows\system32\vsstrace.dll
2014-12-12 06:11:07 ----A---- C:\Windows\system32\vssapi.dll
2014-12-12 05:56:53 ----A---- C:\Windows\system32\mshtml.dll
2014-12-12 05:56:49 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-12 05:56:48 ----A---- C:\Windows\system32\ieframe.dll
2014-12-12 05:56:47 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-12 05:56:47 ----A---- C:\Windows\system32\iertutil.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\wininet.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\uxtheme.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\urlmon.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\jscript9.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\jscript.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\iesysprep.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\uxtheme.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\UXInit.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\UXInit.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\msrating.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iesetup.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iernonce.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-12 05:56:45 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-12 05:54:48 ----A---- C:\Windows\system32\shell32.dll
2014-12-12 05:54:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-12-12 05:54:45 ----A---- C:\Windows\SYSWOW64\mfmpeg2srcsnk.dll
2014-12-12 05:54:45 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2014-12-12 05:54:45 ----A---- C:\Windows\system32\mfmpeg2srcsnk.dll
2014-12-12 05:54:45 ----A---- C:\Windows\system32\dnsapi.dll
2014-12-12 05:54:44 ----A---- C:\Windows\system32\dnsrslvr.dll
2014-12-11 20:41:43 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-11 20:41:43 ----A---- C:\Windows\system32\WindowsCodecs.dll
======List of files/folders modified in the last 1 month======
2015-01-05 21:13:11 ----D---- C:\Windows\Prefetch
2015-01-05 21:00:01 ----D---- C:\Windows\system32\sru
2015-01-05 20:40:31 ----A---- C:\Windows\SYSWOW64\log.txt
2015-01-05 20:38:30 ----D---- C:\ProgramData\PDFC
2015-01-05 20:38:21 ----D---- C:\Windows\Temp
2015-01-05 20:38:15 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-01-05 20:37:22 ----D---- C:\Windows
2015-01-05 20:33:53 ----D---- C:\AdwCleaner
2015-01-05 19:46:21 ----D---- C:\Windows\SoftwareDistribution
2015-01-05 19:04:08 ----RD---- C:\Program Files
2015-01-05 18:23:49 ----D---- C:\Windows\debug
2015-01-05 18:15:41 ----D---- C:\Windows\Tasks
2015-01-05 18:15:41 ----D---- C:\Windows\system32\Tasks
2015-01-05 18:13:07 ----SHD---- C:\Windows\Installer
2015-01-05 18:13:06 ----RD---- C:\Program Files (x86)
2015-01-05 18:10:38 ----D---- C:\Windows\Inf
2015-01-05 14:55:29 ----D---- C:\Program Files (x86)\Common Files
2015-01-05 14:55:23 ----D---- C:\ProgramData\Adobe
2015-01-05 14:55:01 ----D---- C:\Windows\SysWOW64
2015-01-05 14:54:50 ----SHD---- C:\System Volume Information
2015-01-05 14:52:05 ----D---- C:\USB-HDD
2015-01-04 11:53:54 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-04 04:50:24 ----D---- C:\Windows\Microsoft.NET
2015-01-03 17:30:07 ----D---- C:\Windows\system32\Drivers
2015-01-03 17:30:06 ----D---- C:\Windows\system32\DriverStore
2015-01-03 14:14:20 ----D---- C:\Windows\system32\NDF
2015-01-03 13:34:31 ----D---- C:\ukoly_2013
2014-12-26 17:23:52 ----D---- C:\Program Files (x86)\Hewlett-Packard
2014-12-26 17:23:26 ----D---- C:\swsetup
2014-12-22 14:36:39 ----D---- C:\Windows\SYSWOW64\SupportAppCB
2014-12-22 14:36:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 07:17:53 ----HD---- C:\Program Files\WindowsApps
2014-12-22 07:17:53 ----D---- C:\Windows\AUInstallAgent
2014-12-19 16:04:29 ----D---- C:\Windows\system32\config
2014-12-19 15:33:42 ----D---- C:\Windows\WinSxS
2014-12-19 15:32:00 ----RSD---- C:\Windows\assembly
2014-12-19 09:29:06 ----RD---- C:\Windows\System32
2014-12-19 09:29:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-19 09:23:00 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 09:21:12 ----HD---- C:\ProgramData
2014-12-13 18:18:09 ----D---- C:\Windows\rescache
2014-12-13 18:09:06 ----D---- C:\Windows\system32\MRT
2014-12-13 18:06:34 ----A---- C:\Windows\system32\MRT.exe
2014-12-13 17:18:34 ----D---- C:\Windows\system32\wdi
2014-12-13 08:42:28 ----RD---- C:\Windows\ToastData
2014-12-13 08:42:25 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-13 08:42:22 ----D---- C:\Program Files\Internet Explorer
2014-12-12 06:12:04 ----D---- C:\Windows\CbsTemp
2014-12-12 06:11:17 ----D---- C:\Windows\system32\catroot2
2014-12-09 20:53:51 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdkmpfd;@oem19.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2012-07-09 35496]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-19 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-19 267632]
R0 hpdskflt;@oem7.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-08-22 31040]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2012-08-28 646712]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-19 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-19 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-19 436624]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-19 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-19 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-19 116728]
R3 Accelerometer;@oem7.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-08-22 43328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-08-01 10280960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-08-01 368640]
R3 BtAudioBusSrv;@oem15.inf,%SvcDesc%;IVT Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 clwvd;@oem26.inf,%clwvd.DeviceDesc%;CyberLink Webcam Sharing Manager; C:\Windows\system32\DRIVERS\clwvd.sys [2012-08-28 40944]
R3 HpqKbFiltr;@oem5.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2012-08-27 26504]
R3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-08-23 9000256]
R3 JMCR;JMCR; C:\Windows\System32\drivers\jmcr.sys [2014-08-29 176880]
R3 MEIx64;@oem9.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 netr28x;@oem31.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 rtbth;@oem30.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem6.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-06-13 683664]
R3 SensorsServiceDriver;@sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%;UMDF Reflector service for SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
R3 SNP2UVC;@oem22.inf,%SERVICE_DISPLAY_NAME%;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-10-04 1864328]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-09-20 543744]
R3 SynTP;@oem32.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 tap0901;@oem34.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S3 aswTap;@oem33.inf,%DeviceDescription%;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2014-12-19 44640]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-20 56904]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-08-14 48736]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2012-07-25 64832]
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-08-23 9000256]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-08-15 41272]
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-08-15 43832]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-01 43008]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-05 210560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-08-01 239616]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-19 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-08-14 1578496]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 CGVPNCliService;CyberGhost 5 Client Service; C:\Program Files\CyberGhost 5\Service.exe [2014-11-03 64616]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-08-25 488824]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-08-29 523680]
R2 hpsrv;@oem7.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2012-08-22 33600]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-08-28 7168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-06-20 634632]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-19 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-19 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-19 277824]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-07-17 1134624]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-09-20 323072]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-19 365376]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-07-19 2714232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-08-14 138752]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05 267440]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-08-23 276288]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2012-08-01 477088]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-13 114800]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
-----------------EOF-----------------
Run by Greg at 2015-01-05 21:21:32
Microsoft Windows 8
System drive C: has 141 GB (20%) free of 698 GB
Total RAM: 3979 MB (67% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:21:33, on 5.1.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17183)
Boot mode: Normal
Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\CyberGhost 5\CyberGhost.exe
C:\Program Files\trend micro\Greg.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{2575023E-98B4-44F1-AD9C-818A9B5A1A0C}: NameServer = 95.169.183.219,89.41.60.38
O17 - HKLM\System\CCS\Services\Tcpip\..\{8626304B-BA45-41E4-9483-662E63AF411F}: NameServer = 95.169.183.219,89.41.60.38
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem7.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10779 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\Windows\system32\atiesrxx.exe
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\CyberGhost 5\Service.exe"
C:\Windows\system32\wbem\wmiprvse.exe
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\Explorer.EXE
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-28648817-ef16-45a5-b682-e76411168d29 -SystemEventPortName:HostProcess-b1856d6f-7d4a-4461-bd1c-9162d5b79ff6 -IoCancelEventPortName:HostProcess-7d947e0e-a125-4ac8-bfac-2272e60d1601 -NonStateChangingEventPortName:HostProcess-1134a62a-f5ad-456d-b92f-084b06c1b8c0 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:14b8ac09-0885-4a19-a44b-131c6a3de8bc -DeviceGroupId:
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-351cd02b-a521-4258-8f9e-fa4b9dd05f5c -SystemEventPortName:HostProcess-bf1c9125-6608-4b95-b308-9d54d85bc0c8 -IoCancelEventPortName:HostProcess-37a32797-6301-435c-af86-020c683ea89a -NonStateChangingEventPortName:HostProcess-2126c7a9-0ef6-4196-8240-2034e9e6975e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d8fc11df-bce3-4c23-84b3-f3121811e52f -DeviceGroupId:WudfDefaultDevicePool
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe" Restart Start EEU 52 avastui.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\CyberGhost 5\CyberGhost.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\CyberGhost 5\Data\OpenVPN\openvpn.exe" --remote 195.154.45.213 8081 --service CyberGhost5OVPNQuit --management 127.0.0.1 48116 --management-hold --management-query-passwords --ca "C:\Users\Greg\AppData\Local\CyberGhost\ca.crt" --cert "C:\Users\Greg\AppData\Local\CyberGhost\QXEDQEEEZNBEHQBSTGQEELDXRNJCFK.crt" --key "C:\Users\Greg\AppData\Local\CyberGhost\QXEDQEEEZNBEHQBSTGQEELDXRNJCFK.key" --redirect-gateway def1 --dev tun --auth-user-pass --client --proto udp --dhcp-renew --dhcp-release --resolv-retry infinite --persist-key --persist-tun --nobind --cipher AES-256-CBC --auth MD5 --ping 15 --ping-exit 90 --ping-restart 0 --explicit-exit-notify 2 --script-security 2 --remote-cert-tls server --tun-mtu 1500 --fragment 1300 --mssfix 1300 --verb 4 --comp-lzo --route-delay 5 20 --mute-replay-warnings
\??\C:\Windows\system32\conhost.exe 0x4
taskeng.exe {224D0061-4305-4891-8B87-6D5D1EB76DDC}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\ukoly_2013\pocitac\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\HPCeeScheduleForGreg.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForGreg (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default
prefs.js - "browser.startup.homepage" - "https://startpage.com"
prefs.js - "keyword.URL" - "https://startpage.com/do/metasearch.pl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\searchplugins\
startpage-avast.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-19 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-19 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-08-23 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-08-23 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-08-23 441152]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-09-20 1664000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-12-16 21720]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-09-26 6482200]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-08-31 56128]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2012-07-17 684064]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-08-29 334240]
""= []
"BtTray"=c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-08-16 364032]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08 111120]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-24 491120]
"RemoteControl10"=c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"YouCam Mirage"=c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-08-31 136488]
"YouCam Tray"=c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2012-08-31 167024]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-19 5227112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-08-23 441856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-01-05 19:04:08 ----D---- C:\rsit
2015-01-05 19:04:08 ----D---- C:\Program Files\trend micro
2015-01-03 17:29:42 ----D---- C:\Program Files\TAP-Windows
2015-01-03 17:29:32 ----D---- C:\Program Files\CyberGhost 5
2015-01-01 19:15:50 ----D---- C:\Users\Greg\AppData\Roaming\VitySoft
2014-12-19 09:25:20 ----D---- C:\Users\Greg\AppData\Roaming\AVAST Software
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswSP.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswsnx.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-12-19 09:18:37 ----A---- C:\Windows\system32\aswBoot.exe
2014-12-19 09:18:33 ----A---- C:\Windows\avastSS.scr
2014-12-19 09:17:54 ----A---- C:\Windows\system32\drivers\aswTap.sys
2014-12-19 09:14:57 ----D---- C:\Program Files\AVAST Software
2014-12-19 09:10:17 ----D---- C:\ProgramData\AVAST Software
2014-12-13 17:53:16 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-12-12 06:11:07 ----A---- C:\Windows\SYSWOW64\vsstrace.dll
2014-12-12 06:11:07 ----A---- C:\Windows\SYSWOW64\vssapi.dll
2014-12-12 06:11:07 ----A---- C:\Windows\system32\VSSVC.exe
2014-12-12 06:11:07 ----A---- C:\Windows\system32\vsstrace.dll
2014-12-12 06:11:07 ----A---- C:\Windows\system32\vssapi.dll
2014-12-12 05:56:53 ----A---- C:\Windows\system32\mshtml.dll
2014-12-12 05:56:49 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-12 05:56:48 ----A---- C:\Windows\system32\ieframe.dll
2014-12-12 05:56:47 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-12 05:56:47 ----A---- C:\Windows\system32\iertutil.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\wininet.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\uxtheme.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\urlmon.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\jscript9.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\jscript.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\iesysprep.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\uxtheme.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\UXInit.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\UXInit.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\msrating.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iesetup.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iernonce.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-12 05:56:45 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-12 05:54:48 ----A---- C:\Windows\system32\shell32.dll
2014-12-12 05:54:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-12-12 05:54:45 ----A---- C:\Windows\SYSWOW64\mfmpeg2srcsnk.dll
2014-12-12 05:54:45 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2014-12-12 05:54:45 ----A---- C:\Windows\system32\mfmpeg2srcsnk.dll
2014-12-12 05:54:45 ----A---- C:\Windows\system32\dnsapi.dll
2014-12-12 05:54:44 ----A---- C:\Windows\system32\dnsrslvr.dll
2014-12-11 20:41:43 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-11 20:41:43 ----A---- C:\Windows\system32\WindowsCodecs.dll
======List of files/folders modified in the last 1 month======
2015-01-05 21:13:11 ----D---- C:\Windows\Prefetch
2015-01-05 21:00:01 ----D---- C:\Windows\system32\sru
2015-01-05 20:40:31 ----A---- C:\Windows\SYSWOW64\log.txt
2015-01-05 20:38:30 ----D---- C:\ProgramData\PDFC
2015-01-05 20:38:21 ----D---- C:\Windows\Temp
2015-01-05 20:38:15 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-01-05 20:37:22 ----D---- C:\Windows
2015-01-05 20:33:53 ----D---- C:\AdwCleaner
2015-01-05 19:46:21 ----D---- C:\Windows\SoftwareDistribution
2015-01-05 19:04:08 ----RD---- C:\Program Files
2015-01-05 18:23:49 ----D---- C:\Windows\debug
2015-01-05 18:15:41 ----D---- C:\Windows\Tasks
2015-01-05 18:15:41 ----D---- C:\Windows\system32\Tasks
2015-01-05 18:13:07 ----SHD---- C:\Windows\Installer
2015-01-05 18:13:06 ----RD---- C:\Program Files (x86)
2015-01-05 18:10:38 ----D---- C:\Windows\Inf
2015-01-05 14:55:29 ----D---- C:\Program Files (x86)\Common Files
2015-01-05 14:55:23 ----D---- C:\ProgramData\Adobe
2015-01-05 14:55:01 ----D---- C:\Windows\SysWOW64
2015-01-05 14:54:50 ----SHD---- C:\System Volume Information
2015-01-05 14:52:05 ----D---- C:\USB-HDD
2015-01-04 11:53:54 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-04 04:50:24 ----D---- C:\Windows\Microsoft.NET
2015-01-03 17:30:07 ----D---- C:\Windows\system32\Drivers
2015-01-03 17:30:06 ----D---- C:\Windows\system32\DriverStore
2015-01-03 14:14:20 ----D---- C:\Windows\system32\NDF
2015-01-03 13:34:31 ----D---- C:\ukoly_2013
2014-12-26 17:23:52 ----D---- C:\Program Files (x86)\Hewlett-Packard
2014-12-26 17:23:26 ----D---- C:\swsetup
2014-12-22 14:36:39 ----D---- C:\Windows\SYSWOW64\SupportAppCB
2014-12-22 14:36:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 07:17:53 ----HD---- C:\Program Files\WindowsApps
2014-12-22 07:17:53 ----D---- C:\Windows\AUInstallAgent
2014-12-19 16:04:29 ----D---- C:\Windows\system32\config
2014-12-19 15:33:42 ----D---- C:\Windows\WinSxS
2014-12-19 15:32:00 ----RSD---- C:\Windows\assembly
2014-12-19 09:29:06 ----RD---- C:\Windows\System32
2014-12-19 09:29:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-19 09:23:00 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 09:21:12 ----HD---- C:\ProgramData
2014-12-13 18:18:09 ----D---- C:\Windows\rescache
2014-12-13 18:09:06 ----D---- C:\Windows\system32\MRT
2014-12-13 18:06:34 ----A---- C:\Windows\system32\MRT.exe
2014-12-13 17:18:34 ----D---- C:\Windows\system32\wdi
2014-12-13 08:42:28 ----RD---- C:\Windows\ToastData
2014-12-13 08:42:25 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-13 08:42:22 ----D---- C:\Program Files\Internet Explorer
2014-12-12 06:12:04 ----D---- C:\Windows\CbsTemp
2014-12-12 06:11:17 ----D---- C:\Windows\system32\catroot2
2014-12-09 20:53:51 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdkmpfd;@oem19.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2012-07-09 35496]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-19 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-19 267632]
R0 hpdskflt;@oem7.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-08-22 31040]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2012-08-28 646712]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-19 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-19 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-19 436624]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-19 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-19 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-19 116728]
R3 Accelerometer;@oem7.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-08-22 43328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-08-01 10280960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-08-01 368640]
R3 BtAudioBusSrv;@oem15.inf,%SvcDesc%;IVT Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 clwvd;@oem26.inf,%clwvd.DeviceDesc%;CyberLink Webcam Sharing Manager; C:\Windows\system32\DRIVERS\clwvd.sys [2012-08-28 40944]
R3 HpqKbFiltr;@oem5.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2012-08-27 26504]
R3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-08-23 9000256]
R3 JMCR;JMCR; C:\Windows\System32\drivers\jmcr.sys [2014-08-29 176880]
R3 MEIx64;@oem9.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 netr28x;@oem31.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 rtbth;@oem30.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem6.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-06-13 683664]
R3 SensorsServiceDriver;@sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%;UMDF Reflector service for SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
R3 SNP2UVC;@oem22.inf,%SERVICE_DISPLAY_NAME%;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-10-04 1864328]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-09-20 543744]
R3 SynTP;@oem32.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 tap0901;@oem34.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S3 aswTap;@oem33.inf,%DeviceDescription%;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2014-12-19 44640]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-20 56904]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-08-14 48736]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2012-07-25 64832]
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-08-23 9000256]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-08-15 41272]
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-08-15 43832]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-01 43008]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-05 210560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-08-01 239616]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-19 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-08-14 1578496]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 CGVPNCliService;CyberGhost 5 Client Service; C:\Program Files\CyberGhost 5\Service.exe [2014-11-03 64616]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-08-25 488824]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-08-29 523680]
R2 hpsrv;@oem7.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2012-08-22 33600]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-08-28 7168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-06-20 634632]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-19 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-19 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-19 277824]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-07-17 1134624]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-09-20 323072]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-19 365376]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-07-19 2714232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-08-14 138752]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05 267440]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-08-23 276288]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2012-08-01 477088]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-13 114800]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119679
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: spyware z flash playera?
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
benjamin777
- Návštěvník
- Příspěvky: 39
- Registrován: 20 črc 2013 07:26
Re: spyware z flash playera?
Logfile of random's system information tool 1.10 (written by random/random)
Run by Greg at 2015-01-06 13:36:19
Microsoft Windows 8
System drive C: has 142 GB (20%) free of 698 GB
Total RAM: 3979 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:36:21, on 6.1.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17183)
Boot mode: Normal
Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\trend micro\Greg.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem7.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10430 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
"dwm.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\CyberGhost 5\Service.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-89ed56bb-f628-479e-a37b-f3fe8ab70d29 -SystemEventPortName:HostProcess-73c105b3-319d-41f2-b2fe-ce20c242acbb -IoCancelEventPortName:HostProcess-d2a8d09f-df42-44e1-a005-d669a5992f88 -NonStateChangingEventPortName:HostProcess-17374413-ca10-4e6b-a118-4358389182d5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4e4e211a-2c1d-4f00-ac1e-835dd5eb6486 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-350e2f2c-a14b-4643-8622-9acf4fe313d5 -SystemEventPortName:HostProcess-825bcc5c-b326-42e6-a819-5ac9382e2bf3 -IoCancelEventPortName:HostProcess-37ccf045-c238-46a8-aaae-e80d3a413e4b -NonStateChangingEventPortName:HostProcess-58e0c3c9-f062-4cb1-b078-725f4f3d3086 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:45f51a01-0390-420b-aef4-ce079b3c496e -DeviceGroupId:WudfDefaultDevicePool
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\Windows\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe" Restart Start EEU 52 avastui.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
taskeng.exe {330E5752-7B3A-4D05-B688-5E2705BA9D57}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\ukoly_2013\pocitac\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\HPCeeScheduleForGreg.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForGreg (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default
prefs.js - "browser.startup.homepage" - "https://startpage.com"
prefs.js - "keyword.URL" - "https://startpage.com/do/metasearch.pl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\searchplugins\
startpage-avast.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-19 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-19 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-08-23 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-08-23 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-08-23 441152]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-09-20 1664000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-12-16 21720]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-09-26 6482200]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-08-31 56128]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2012-07-17 684064]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-08-29 334240]
""= []
"BtTray"=c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-08-16 364032]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08 111120]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-24 491120]
"RemoteControl10"=c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"YouCam Mirage"=c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-08-31 136488]
"YouCam Tray"=c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2012-08-31 167024]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-19 5227112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-08-23 441856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-01-06 13:27:15 ----D---- C:\_OTM
2015-01-05 19:04:08 ----D---- C:\rsit
2015-01-05 19:04:08 ----D---- C:\Program Files\trend micro
2015-01-03 17:29:42 ----D---- C:\Program Files\TAP-Windows
2015-01-03 17:29:32 ----D---- C:\Program Files\CyberGhost 5
2015-01-01 19:15:50 ----D---- C:\Users\Greg\AppData\Roaming\VitySoft
2014-12-19 09:25:20 ----D---- C:\Users\Greg\AppData\Roaming\AVAST Software
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswSP.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswsnx.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-12-19 09:18:37 ----A---- C:\Windows\system32\aswBoot.exe
2014-12-19 09:18:33 ----A---- C:\Windows\avastSS.scr
2014-12-19 09:17:54 ----A---- C:\Windows\system32\drivers\aswTap.sys
2014-12-19 09:14:57 ----D---- C:\Program Files\AVAST Software
2014-12-19 09:10:17 ----D---- C:\ProgramData\AVAST Software
2014-12-13 17:53:16 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-12-12 06:11:07 ----A---- C:\Windows\SYSWOW64\vsstrace.dll
2014-12-12 06:11:07 ----A---- C:\Windows\SYSWOW64\vssapi.dll
2014-12-12 06:11:07 ----A---- C:\Windows\system32\VSSVC.exe
2014-12-12 06:11:07 ----A---- C:\Windows\system32\vsstrace.dll
2014-12-12 06:11:07 ----A---- C:\Windows\system32\vssapi.dll
2014-12-12 05:56:53 ----A---- C:\Windows\system32\mshtml.dll
2014-12-12 05:56:49 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-12 05:56:48 ----A---- C:\Windows\system32\ieframe.dll
2014-12-12 05:56:47 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-12 05:56:47 ----A---- C:\Windows\system32\iertutil.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\wininet.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\uxtheme.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\urlmon.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\jscript9.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\jscript.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\iesysprep.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\uxtheme.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\UXInit.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\UXInit.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\msrating.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iesetup.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iernonce.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-12 05:56:45 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-12 05:54:48 ----A---- C:\Windows\system32\shell32.dll
2014-12-12 05:54:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-12-12 05:54:45 ----A---- C:\Windows\SYSWOW64\mfmpeg2srcsnk.dll
2014-12-12 05:54:45 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2014-12-12 05:54:45 ----A---- C:\Windows\system32\mfmpeg2srcsnk.dll
2014-12-12 05:54:45 ----A---- C:\Windows\system32\dnsapi.dll
2014-12-12 05:54:44 ----A---- C:\Windows\system32\dnsrslvr.dll
2014-12-11 20:41:43 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-11 20:41:43 ----A---- C:\Windows\system32\WindowsCodecs.dll
======List of files/folders modified in the last 1 month======
2015-01-06 13:35:10 ----D---- C:\Windows\Temp
2015-01-06 13:34:51 ----D---- C:\Windows\Prefetch
2015-01-06 13:33:00 ----A---- C:\Windows\SYSWOW64\log.txt
2015-01-06 13:31:02 ----D---- C:\ProgramData\PDFC
2015-01-06 13:30:31 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-01-06 13:27:28 ----D---- C:\Windows\SysWOW64
2015-01-06 12:02:24 ----SHD---- C:\System Volume Information
2015-01-06 12:02:03 ----D---- C:\Windows\system32\sru
2015-01-06 11:36:25 ----D---- C:\Windows\Microsoft.NET
2015-01-05 20:37:22 ----D---- C:\Windows
2015-01-05 20:33:53 ----D---- C:\AdwCleaner
2015-01-05 19:46:21 ----D---- C:\Windows\SoftwareDistribution
2015-01-05 19:04:08 ----RD---- C:\Program Files
2015-01-05 18:23:49 ----D---- C:\Windows\debug
2015-01-05 18:15:41 ----D---- C:\Windows\Tasks
2015-01-05 18:15:41 ----D---- C:\Windows\system32\Tasks
2015-01-05 18:13:07 ----SHD---- C:\Windows\Installer
2015-01-05 18:13:06 ----RD---- C:\Program Files (x86)
2015-01-05 18:10:38 ----D---- C:\Windows\Inf
2015-01-05 14:55:29 ----D---- C:\Program Files (x86)\Common Files
2015-01-05 14:55:23 ----D---- C:\ProgramData\Adobe
2015-01-05 14:52:05 ----D---- C:\USB-HDD
2015-01-04 11:53:54 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-03 17:30:07 ----D---- C:\Windows\system32\Drivers
2015-01-03 17:30:06 ----D---- C:\Windows\system32\DriverStore
2015-01-03 14:14:20 ----D---- C:\Windows\system32\NDF
2015-01-03 13:34:31 ----D---- C:\ukoly_2013
2014-12-26 17:23:52 ----D---- C:\Program Files (x86)\Hewlett-Packard
2014-12-26 17:23:26 ----D---- C:\swsetup
2014-12-22 14:36:39 ----D---- C:\Windows\SYSWOW64\SupportAppCB
2014-12-22 14:36:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 07:17:53 ----HD---- C:\Program Files\WindowsApps
2014-12-22 07:17:53 ----D---- C:\Windows\AUInstallAgent
2014-12-19 16:04:29 ----D---- C:\Windows\system32\config
2014-12-19 15:33:42 ----D---- C:\Windows\WinSxS
2014-12-19 15:32:00 ----RSD---- C:\Windows\assembly
2014-12-19 09:29:06 ----RD---- C:\Windows\System32
2014-12-19 09:29:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-19 09:23:00 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 09:21:12 ----HD---- C:\ProgramData
2014-12-13 18:18:09 ----D---- C:\Windows\rescache
2014-12-13 18:09:06 ----D---- C:\Windows\system32\MRT
2014-12-13 18:06:34 ----A---- C:\Windows\system32\MRT.exe
2014-12-13 17:18:34 ----D---- C:\Windows\system32\wdi
2014-12-13 08:42:28 ----RD---- C:\Windows\ToastData
2014-12-13 08:42:25 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-13 08:42:22 ----D---- C:\Program Files\Internet Explorer
2014-12-12 06:12:04 ----D---- C:\Windows\CbsTemp
2014-12-12 06:11:17 ----D---- C:\Windows\system32\catroot2
2014-12-09 20:53:51 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdkmpfd;@oem19.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2012-07-09 35496]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-19 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-19 267632]
R0 hpdskflt;@oem7.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-08-22 31040]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2012-08-28 646712]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-19 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-19 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-19 436624]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-19 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-19 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-19 116728]
R3 Accelerometer;@oem7.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-08-22 43328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-08-01 10280960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-08-01 368640]
R3 BtAudioBusSrv;@oem15.inf,%SvcDesc%;IVT Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 clwvd;@oem26.inf,%clwvd.DeviceDesc%;CyberLink Webcam Sharing Manager; C:\Windows\system32\DRIVERS\clwvd.sys [2012-08-28 40944]
R3 HpqKbFiltr;@oem5.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2012-08-27 26504]
R3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-08-23 9000256]
R3 JMCR;JMCR; C:\Windows\System32\drivers\jmcr.sys [2014-08-29 176880]
R3 MEIx64;@oem9.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 netr28x;@oem31.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 rtbth;@oem30.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem6.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-06-13 683664]
R3 SensorsServiceDriver;@sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%;UMDF Reflector service for SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
R3 SNP2UVC;@oem22.inf,%SERVICE_DISPLAY_NAME%;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-10-04 1864328]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-09-20 543744]
R3 SynTP;@oem32.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 tap0901;@oem34.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S3 aswTap;@oem33.inf,%DeviceDescription%;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2014-12-19 44640]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-20 56904]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-08-14 48736]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2012-07-25 64832]
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-08-23 9000256]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-08-15 41272]
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-08-15 43832]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-01 43008]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-05 210560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-08-01 239616]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-19 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-08-14 1578496]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 CGVPNCliService;CyberGhost 5 Client Service; C:\Program Files\CyberGhost 5\Service.exe [2014-11-03 64616]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-08-25 488824]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-08-29 523680]
R2 hpsrv;@oem7.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2012-08-22 33600]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-08-28 7168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-06-20 634632]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-19 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-19 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-19 277824]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-07-17 1134624]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-09-20 323072]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-19 365376]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-07-19 2714232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-08-14 138752]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05 267440]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-08-23 276288]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2012-08-01 477088]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-13 114800]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
-----------------EOF-----------------
Run by Greg at 2015-01-06 13:36:19
Microsoft Windows 8
System drive C: has 142 GB (20%) free of 698 GB
Total RAM: 3979 MB (68% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:36:21, on 6.1.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17183)
Boot mode: Normal
Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\trend micro\Greg.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [BtTray] "c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem7.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10430 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
"dwm.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"c:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\CyberGhost 5\Service.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-89ed56bb-f628-479e-a37b-f3fe8ab70d29 -SystemEventPortName:HostProcess-73c105b3-319d-41f2-b2fe-ce20c242acbb -IoCancelEventPortName:HostProcess-d2a8d09f-df42-44e1-a005-d669a5992f88 -NonStateChangingEventPortName:HostProcess-17374413-ca10-4e6b-a118-4358389182d5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:4e4e211a-2c1d-4f00-ac1e-835dd5eb6486 -DeviceGroupId:
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-350e2f2c-a14b-4643-8622-9acf4fe313d5 -SystemEventPortName:HostProcess-825bcc5c-b326-42e6-a819-5ac9382e2bf3 -IoCancelEventPortName:HostProcess-37ccf045-c238-46a8-aaae-e80d3a413e4b -NonStateChangingEventPortName:HostProcess-58e0c3c9-f062-4cb1-b078-725f4f3d3086 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:45f51a01-0390-420b-aef4-ce079b3c496e -DeviceGroupId:WudfDefaultDevicePool
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\Windows\Explorer.EXE
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe" Restart Start EEU 52 avastui.exe
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
taskeng.exe {330E5752-7B3A-4D05-B688-5E2705BA9D57}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\ukoly_2013\pocitac\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\HPCeeScheduleForGreg.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForGreg (null)
=========Mozilla firefox=========
ProfilePath - C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default
prefs.js - "browser.startup.homepage" - "https://startpage.com"
prefs.js - "keyword.URL" - "https://startpage.com/do/metasearch.pl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\digitalpersona.com/ChromeDPAgent]
"Description"=
"Path"=c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\ChromeExt\components\npChromeDPAgent.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
C:\Users\Greg\AppData\Roaming\Mozilla\Firefox\Profiles\b4s9fo6o.default\searchplugins\
startpage-avast.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-19 705448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-10-18 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-19 586968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-10-18 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-08-23 170304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-08-23 398656]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-08-23 441152]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-09-20 1664000]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"=C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [2014-12-16 21720]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-09-26 6482200]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-08-31 56128]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2012-07-17 684064]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-08-29 334240]
""= []
"BtTray"=c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-08-16 364032]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-08-06 642216]
"CLMLServer_For_P2G8"=c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08 111120]
"CLVirtualDrive"=c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [2012-07-24 491120]
"RemoteControl10"=c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [2012-03-29 91432]
"YouCam Mirage"=c:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-08-31 136488]
"YouCam Tray"=c:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2012-08-31 167024]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07 507776]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-12-19 5227112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-08-23 441856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-01-06 13:27:15 ----D---- C:\_OTM
2015-01-05 19:04:08 ----D---- C:\rsit
2015-01-05 19:04:08 ----D---- C:\Program Files\trend micro
2015-01-03 17:29:42 ----D---- C:\Program Files\TAP-Windows
2015-01-03 17:29:32 ----D---- C:\Program Files\CyberGhost 5
2015-01-01 19:15:50 ----D---- C:\Users\Greg\AppData\Roaming\VitySoft
2014-12-19 09:25:20 ----D---- C:\Users\Greg\AppData\Roaming\AVAST Software
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswStm.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswSP.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswsnx.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2014-12-19 09:18:39 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-12-19 09:18:37 ----A---- C:\Windows\system32\aswBoot.exe
2014-12-19 09:18:33 ----A---- C:\Windows\avastSS.scr
2014-12-19 09:17:54 ----A---- C:\Windows\system32\drivers\aswTap.sys
2014-12-19 09:14:57 ----D---- C:\Program Files\AVAST Software
2014-12-19 09:10:17 ----D---- C:\ProgramData\AVAST Software
2014-12-13 17:53:16 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-12-12 06:11:07 ----A---- C:\Windows\SYSWOW64\vsstrace.dll
2014-12-12 06:11:07 ----A---- C:\Windows\SYSWOW64\vssapi.dll
2014-12-12 06:11:07 ----A---- C:\Windows\system32\VSSVC.exe
2014-12-12 06:11:07 ----A---- C:\Windows\system32\vsstrace.dll
2014-12-12 06:11:07 ----A---- C:\Windows\system32\vssapi.dll
2014-12-12 05:56:53 ----A---- C:\Windows\system32\mshtml.dll
2014-12-12 05:56:49 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-12 05:56:48 ----A---- C:\Windows\system32\ieframe.dll
2014-12-12 05:56:47 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-12 05:56:47 ----A---- C:\Windows\system32\iertutil.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-12 05:56:46 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\wininet.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\uxtheme.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\urlmon.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\jscript9.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\jscript.dll
2014-12-12 05:56:46 ----A---- C:\Windows\system32\iesysprep.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\uxtheme.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\UXInit.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-12 05:56:45 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\UXInit.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\msrating.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iesetup.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iernonce.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-12 05:56:45 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-12 05:56:45 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-12 05:54:48 ----A---- C:\Windows\system32\shell32.dll
2014-12-12 05:54:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-12-12 05:54:45 ----A---- C:\Windows\SYSWOW64\mfmpeg2srcsnk.dll
2014-12-12 05:54:45 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2014-12-12 05:54:45 ----A---- C:\Windows\system32\mfmpeg2srcsnk.dll
2014-12-12 05:54:45 ----A---- C:\Windows\system32\dnsapi.dll
2014-12-12 05:54:44 ----A---- C:\Windows\system32\dnsrslvr.dll
2014-12-11 20:41:43 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-11 20:41:43 ----A---- C:\Windows\system32\WindowsCodecs.dll
======List of files/folders modified in the last 1 month======
2015-01-06 13:35:10 ----D---- C:\Windows\Temp
2015-01-06 13:34:51 ----D---- C:\Windows\Prefetch
2015-01-06 13:33:00 ----A---- C:\Windows\SYSWOW64\log.txt
2015-01-06 13:31:02 ----D---- C:\ProgramData\PDFC
2015-01-06 13:30:31 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-01-06 13:27:28 ----D---- C:\Windows\SysWOW64
2015-01-06 12:02:24 ----SHD---- C:\System Volume Information
2015-01-06 12:02:03 ----D---- C:\Windows\system32\sru
2015-01-06 11:36:25 ----D---- C:\Windows\Microsoft.NET
2015-01-05 20:37:22 ----D---- C:\Windows
2015-01-05 20:33:53 ----D---- C:\AdwCleaner
2015-01-05 19:46:21 ----D---- C:\Windows\SoftwareDistribution
2015-01-05 19:04:08 ----RD---- C:\Program Files
2015-01-05 18:23:49 ----D---- C:\Windows\debug
2015-01-05 18:15:41 ----D---- C:\Windows\Tasks
2015-01-05 18:15:41 ----D---- C:\Windows\system32\Tasks
2015-01-05 18:13:07 ----SHD---- C:\Windows\Installer
2015-01-05 18:13:06 ----RD---- C:\Program Files (x86)
2015-01-05 18:10:38 ----D---- C:\Windows\Inf
2015-01-05 14:55:29 ----D---- C:\Program Files (x86)\Common Files
2015-01-05 14:55:23 ----D---- C:\ProgramData\Adobe
2015-01-05 14:52:05 ----D---- C:\USB-HDD
2015-01-04 11:53:54 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-03 17:30:07 ----D---- C:\Windows\system32\Drivers
2015-01-03 17:30:06 ----D---- C:\Windows\system32\DriverStore
2015-01-03 14:14:20 ----D---- C:\Windows\system32\NDF
2015-01-03 13:34:31 ----D---- C:\ukoly_2013
2014-12-26 17:23:52 ----D---- C:\Program Files (x86)\Hewlett-Packard
2014-12-26 17:23:26 ----D---- C:\swsetup
2014-12-22 14:36:39 ----D---- C:\Windows\SYSWOW64\SupportAppCB
2014-12-22 14:36:36 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 07:17:53 ----HD---- C:\Program Files\WindowsApps
2014-12-22 07:17:53 ----D---- C:\Windows\AUInstallAgent
2014-12-19 16:04:29 ----D---- C:\Windows\system32\config
2014-12-19 15:33:42 ----D---- C:\Windows\WinSxS
2014-12-19 15:32:00 ----RSD---- C:\Windows\assembly
2014-12-19 09:29:06 ----RD---- C:\Windows\System32
2014-12-19 09:29:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-19 09:23:00 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-19 09:21:12 ----HD---- C:\ProgramData
2014-12-13 18:18:09 ----D---- C:\Windows\rescache
2014-12-13 18:09:06 ----D---- C:\Windows\system32\MRT
2014-12-13 18:06:34 ----A---- C:\Windows\system32\MRT.exe
2014-12-13 17:18:34 ----D---- C:\Windows\system32\wdi
2014-12-13 08:42:28 ----RD---- C:\Windows\ToastData
2014-12-13 08:42:25 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-13 08:42:22 ----D---- C:\Program Files\Internet Explorer
2014-12-12 06:12:04 ----D---- C:\Windows\CbsTemp
2014-12-12 06:11:17 ----D---- C:\Windows\system32\catroot2
2014-12-09 20:53:51 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdkmpfd;@oem19.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter; C:\Windows\System32\drivers\amdkmpfd.sys [2012-07-09 35496]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-12-19 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-12-19 267632]
R0 hpdskflt;@oem7.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-08-22 31040]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2012-08-28 646712]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-12-19 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-19 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-12-19 436624]
R1 CLVirtualDrive;CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [2012-06-25 92536]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-12-19 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-12-19 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-12-19 116728]
R3 Accelerometer;@oem7.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-08-22 43328]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-08-01 10280960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-08-01 368640]
R3 BtAudioBusSrv;@oem15.inf,%SvcDesc%;IVT Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 clwvd;@oem26.inf,%clwvd.DeviceDesc%;CyberLink Webcam Sharing Manager; C:\Windows\system32\DRIVERS\clwvd.sys [2012-08-28 40944]
R3 HpqKbFiltr;@oem5.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2012-08-27 26504]
R3 IntcDAud;@oem21.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2012-06-19 342528]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2012-08-23 9000256]
R3 JMCR;JMCR; C:\Windows\System32\drivers\jmcr.sys [2014-08-29 176880]
R3 MEIx64;@oem9.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-02 62784]
R3 netr28x;@oem31.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 rtbth;@oem30.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem6.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-06-13 683664]
R3 SensorsServiceDriver;@sensorsservicedriver.inf,%WudfSensorsServiceDriverDisplayName%;UMDF Reflector service for SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 198656]
R3 SNP2UVC;@oem22.inf,%SERVICE_DISPLAY_NAME%;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-10-04 1864328]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-09-20 543744]
R3 SynTP;@oem32.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-10-30 549104]
R3 tap0901;@oem34.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S3 aswTap;@oem33.inf,%DeviceDescription%;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2014-12-19 44640]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-01-09 51712]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-20 56904]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2013-01-09 74752]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-08-14 48736]
S3 DAMDrv;DAMDrv; C:\Windows\system32\DRIVERS\DAMDrv64.sys [2012-07-25 64832]
S3 e1iexpress;@net1ic64.inf,%E1IExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\Windows\system32\DRIVERS\e1i63x64.sys [2012-06-02 333824]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-08-23 9000256]
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2012-08-15 41272]
S3 SmbDrvI;SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [2012-08-15 43832]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-01 43008]
S3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-05 210560]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-08-01 239616]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-19 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-08-14 1578496]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 CGVPNCliService;CyberGhost 5 Client Service; C:\Program Files\CyberGhost 5\Service.exe [2014-11-03 64616]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2012-08-25 488824]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2013-11-04 92160]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-08-29 523680]
R2 hpsrv;@oem7.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2012-08-22 33600]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-08-28 7168]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-06-20 634632]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-07-19 129856]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-07-19 166720]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2012-07-19 277824]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-07-17 1134624]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2012-09-20 323072]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-19 365376]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2012-07-19 2714232]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-08-14 138752]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-26 43616]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2013-05-13 1129760]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-05 267440]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-08-23 276288]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2012-08-01 477088]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-12-13 114800]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119679
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: spyware z flash playera?
Smazáno. Ještě bych doporučil udělat kompletní sken MBAM: http://www.malwarebytes.org/mbam.php dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
benjamin777
- Návštěvník
- Příspěvky: 39
- Registrován: 20 črc 2013 07:26
Re: spyware z flash playera?
Posielam log z MBAM. Malo by to byt uz v poriadku. Chcem sa spytat ako suvisi doplnok firefoxu pocket, znamy aj ako read it later so spywarom, co som mal v pocitaci, kedze mi ho adwcleaner zmazal. Bol napadnuty spywarom alebo standarne obsahuje spyware?
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6.1.2015
Scan Time: 20:11:06
Logfile: MBAM.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.06.09
Rootkit Database: v2015.01.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8
CPU: x64
File System: NTFS
User: Greg
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370259
Time Elapsed: 22 min, 5 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 6.1.2015
Scan Time: 20:11:06
Logfile: MBAM.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.06.09
Rootkit Database: v2015.01.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 8
CPU: x64
File System: NTFS
User: Greg
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 370259
Time Elapsed: 22 min, 5 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
-
Rudy
- Site Admin
- Příspěvky: 119679
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: spyware z flash playera?
Toto je OK. PC by měl být čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
benjamin777
- Návštěvník
- Příspěvky: 39
- Registrován: 20 črc 2013 07:26
Re: spyware z flash playera?
Chcem sa spytat ako suvisi doplnok firefoxu pocket, znamy aj ako read it later so spywarom, co som mal v pocitaci, kedze mi ho adwcleaner,k tory ste mi doporucili pouzit, zmazal. Bol napadnuty spywarom alebo standarne obsahuje spyware?
Ak je spyware v pocitaci, moze hacker sledovat aktivitu, len pri pripojeni pocitaca k internetu, alebo aj bez pripojenia? (Existuju programy, ktore umoznuju sledovat aktivitu na inych pocitacoch, ak sme v spolocnej sieti, resp. sa hacker dostal do siete aj bez toho aby som bol pripojeny na internet?) Nevyznam sa v tom, len by som to rad vedel.
Velmi pekne dakujem za odpoved.
Ak je spyware v pocitaci, moze hacker sledovat aktivitu, len pri pripojeni pocitaca k internetu, alebo aj bez pripojenia? (Existuju programy, ktore umoznuju sledovat aktivitu na inych pocitacoch, ak sme v spolocnej sieti, resp. sa hacker dostal do siete aj bez toho aby som bol pripojeny na internet?) Nevyznam sa v tom, len by som to rad vedel.
Velmi pekne dakujem za odpoved.
-
Rudy
- Site Admin
- Příspěvky: 119679
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: spyware z flash playera?
Doplněk spyware obsahuje. Sledovat PC na dálku lze samozřejmě, pokud je PC k internetu připojen. Do sítě se hacker se dostat může, neboť je k internetu připojena. PC bez připojení njení hackery napadnutelný a téměř ho nelze zavirovat (jen tehdy, pokud vir donesete na výměnném médiu).
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?