Dobrý den, na počítači mi začal avast co pár minut hlásit infekci URL:MAL. Počítač není můj, nevím jak se tam dostal. Prosím o pomoc s odstraněním, posílám log z RSIT. Děkuji za pomoc.
log z RSIT:
info.txt logfile of random's system information tool 1.10 2015-02-05 18:31:43
======MBR======
0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001E569E81000000000200EEFFFFFF010000002F60383A00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA
======Uninstall list======
-->MsiExec /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
Adobe Flash Player 16 NPAPI-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_305_Plugin.exe -maintain plugin
Adobe Reader XI (11.0.10) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Adobe Refresh Manager-->MsiExec.exe /I{AC76BA86-0804-1033-1959-001802114130}
Adobe Shockwave Player 11.6-->"C:\windows\SysWOW64\Adobe\Shockwave 11\uninstaller.exe"
Avast Free Antivirus-->C:\Program Files\avast\Setup\Instup.exe /control_panel /instop:uninstall
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Energy Star-->MsiExec.exe /I{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}
Euro Truck Simulator 2-->"C:\Program Files (x86)\Euro Truck Simulator 2\unins001.exe"
Fotogaléria-->MsiExec.exe /X{9093B0D5-EA59-4C9E-A2E3-CC130138DFCD}
Fotogalerie-->MsiExec.exe /X{A1FBD2B3-6768-472D-BA46-C00EACBCE16C}
Hewlett-Packard ACLM.NET v1.2.1.1-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
HP 3D DriveGuard-->MsiExec.exe /X{04927A60-31CD-4614-A25C-055B1AD3A8CE}
HP Connected Music (Meridian - installer)-->"C:\Program Files (x86)\HPConnectedMusic\Uninstall.exe"
HP CoolSense-->MsiExec.exe /I{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Documentation-->MsiExec.exe /X{F2481209-98FE-4943-8903-90D19E1B7062}
HP Postscript Converter-->MsiExec.exe /I{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}
HP Quick Start-->MsiExec.exe /X{C001689B-4EAD-4CB4-B5F7-4A85A32785DC}
HP Recovery Manager-->MsiExec.exe /I{1AE37508-089E-41AC-95BD-99FF06887C2F}
HP Registration Service-->MsiExec.exe /X{D1E8F2D7-7794-4245-B286-87ED86C1893C}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP System Event Utility-->MsiExec.exe /I{C27D60E4-3132-45A3-A71A-E3BD1DA3F794}
HP Utility Center-->MsiExec.exe /I{73237EBB-B26F-4628-8754-4EFE563D72E9}
HP Wireless Button Driver-->MsiExec.exe /X{941DE69D-6CEE-4171-8F1F-3D7E352AA498}
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\ProgramData\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe -uninstall
Intel(R) Rapid Storage Technology-->MsiExec.exe /I{9D859F0D-B405-4B1F-9084-13BBF5D3DB32}
Intel(R) SDK for OpenCL - CPU Only Runtime Package-->C:\Program Files (x86)\Intel\OpenCL SDK\3.0\Uninstall\setup.exe -uninstall
Intel® Trusted Connect Service Client-->MsiExec.exe /I{FA00A3CC-7440-4938-A271-F186F50DD40D}
istartsurf uninstall-->C:\Users\Jaroslava\AppData\Roaming\istartsurf\UninstallManager.exe -ptid=vtt
Java 8 Update 31-->MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F83218031F0}
MC BP-Modpack 1.7.10-->C:\Users\Jaroslava\AppData\Roaming\.minecraft\uninst.exe
McAfee Security Scan Plus-->"C:\Program Files\McAfee Security Scan\uninstall.exe"
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)-->MsiExec.exe /I{E9F0BCD8-6BD5-1ED7-EDA3-9FCF2A478AA1}
Microsoft Primary Interoperability Assemblies 2005-->MsiExec.exe /X{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{071c9b48-7c32-4621-a0ac-3f809523288f}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Mindspark MarineAquarium-->"C:\Program Files (x86)\Mindspark\MarineAquarium\Uninstall.exe" "/U:C:\Program Files (x86)\Mindspark\MarineAquarium\Uninstall\uninstall.xml"
Movie Maker-->MsiExec.exe /X{8E6E8CBB-8E58-493C-943F-4664F5F2FEDB}
Movie Maker-->MsiExec.exe /X{9EDF46F0-2D4E-4C00-B2B6-0660666E9F60}
Movie Maker-->MsiExec.exe /X{A035950F-15BA-41C0-9D8F-165FC0536012}
Movie Maker-->MsiExec.exe /X{ED6C77F9-4D7E-447C-9EC0-9A212D075535}
Mozilla Firefox 35.0.1 (x86 cs)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT110_amd64-->MsiExec.exe /I{E9FA781F-3E80-4399-825A-AD3E11C28C77}
MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
NVIDIA PhysX-->MsiExec.exe /X{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}
Opera Stable 27.0.1689.66-->"C:\Program Files (x86)\Opera\Launcher.exe" /uninstall
Photo Common-->MsiExec.exe /X{49110532-D289-4BFF-807C-45B782E66A7C}
Photo Common-->MsiExec.exe /X{C67BC332-A59A-4D40-977F-664F60AB21D8}
Photo Common-->MsiExec.exe /X{EB91007A-0110-42A6-B869-2709955A9B2A}
Photo Gallery-->MsiExec.exe /X{30F99474-EBE3-4134-A02B-F6CD38CFE243}
Photo Gallery-->MsiExec.exe /X{63824BC0-B747-43F3-9863-1066D64AD919}
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Připojení ke vzdálené ploše-->MsiExec.exe /X{D81A311F-D26B-4BDA-8A44-0B608DF49BEF}
Ralink Bluetooth Stack64-->MsiExec.exe /X{8512497A-DF9B-3169-B290-2C18E9F976F1}
Ralink RT3290 802.11bgn Wi-Fi Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{BCDA54F6-C4B6-4519-A09E-FA064A6B4098}\setup.exe" -runfromtemp -removeonly
Search App by Ask-->MsiExec.exe /X{4F524A2D-5350-4500-76A7-A758B70C1801}
SecretSauce-->C:\Program Files (x86)\SecretSauce\SecretSauceuninstall.exe
SereneScreen Marine Aquarium 3-->"C:\Program Files (x86)\SereneScreen\Marine Aquarium 3\unins000.exe"
Settings Manager-->C:\Program Files (x86)\Settings Manager\smdmf\Uninstall.exe /browser=all
Skype Click to Call-->MsiExec.exe /X{6D1221A9-17BF-4EC0-81F2-27D30EC30701}
Skype™ 6.20-->MsiExec.exe /X{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
unIsales-->"C:\Program Files (x86)\unIsales\unIsales.exe" /s /n /i:"ExecuteCommands;UninstallCommands" ""
Windows Live Communications Platform-->MsiExec.exe /I{0454BB9A-2A7A-4214-BDFF-937F7A711A44}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}
Windows Live Essentials-->MsiExec.exe /I{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}
Windows Live Essentials-->MsiExec.exe /I{C4D82144-B2D5-4A0E-A470-16F13EBC5BCB}
Windows Live Installer-->MsiExec.exe /I{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}
Windows Live Photo Common-->MsiExec.exe /X{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}
Windows Live PIMT Platform-->MsiExec.exe /I{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}
Windows Live SOXE Definitions-->MsiExec.exe /I{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}
Windows Live SOXE-->MsiExec.exe /I{FE7C0B3D-50B9-4951-BE78-A321CBF86552}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{56232E3D-7EA9-45E0-A371-26CD80510AF7}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{E18F981B-401C-4D90-BC57-D8903564D558}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}
Windows Live UX Platform-->MsiExec.exe /I{4CCBD1F4-CEEC-452A-9CB8-46564B501315}
WinRAR 5.01 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe
======System event log======
Computer Name: WIN-SQRSSINIRE7
Event Code: 7040
Message: Režim spuštění služby Windows Search byl změněn z automatické spouštění na Zakázáno.
Record Number: 1024
Source Name: Service Control Manager
Time Written: 20130829115628.109874-000
Event Type: Informace
User: Pavilon\Administrator
Computer Name: WIN-SQRSSINIRE7
Event Code: 1014
Message: Překlad názvu ctldl.windowsupdate.com nebyl v požadované době dokončen. Žádný z nakonfigurovaných serverů DNS neodpověděl.
Record Number: 1023
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20130829115614.952930-000
Event Type: Upozornění
User: NT AUTHORITY\NETWORK SERVICE
Computer Name: WIN-SQRSSINIRE7
Event Code: 104
Message: Byl vymazán soubor protokolu Setup.
Record Number: 1022
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130829115614.406031-000
Event Type: Informace
User: Pavilon\Administrator
Computer Name: WIN-SQRSSINIRE7
Event Code: 104
Message: Byl vymazán soubor protokolu Application.
Record Number: 1021
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130829115614.234155-000
Event Type: Informace
User: Pavilon\Administrator
Computer Name: WIN-SQRSSINIRE7
Event Code: 104
Message: Byl vymazán soubor protokolu System.
Record Number: 1020
Source Name: Microsoft-Windows-Eventlog
Time Written: 20130829115614.140389-000
Event Type: Informace
User: Pavilon\Administrator
=====Application event log=====
Computer Name: WIN-SQRSSINIRE7
Event Code: 1066
Message: Inicializační stav pro objekty služby
C:\Windows\system32\sppwinob.dll, msft:spp/windowsfunctionality/agent/7.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/phone/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:rm/algorithm/pkey/detect, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/ActionScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/TaskScheduler/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/statecollector/pkey, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/1.0, 0x00000000, 0x00000000
C:\Windows\system32\sppobjs.dll, msft:spp/volume/services/kms/activationinfo/1.0, 0x00000000, 0x00000000
Record Number: 947
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20130829115628.000000-000
Event Type: Informace
User:
Computer Name: WIN-SQRSSINIRE7
Event Code: 1003
Message: Služba Windows Search byla spuštěna.
Record Number: 946
Source Name: Microsoft-Windows-Search
Time Written: 20130829115619.000000-000
Event Type: Informace
User:
Computer Name: WIN-SQRSSINIRE7
Event Code: 326
Message: SearchIndexer (2128) Windows: Databázový stroj připojil databázi (1, C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb). (Čas=0 s)
Sekvence interního načasování: [1] 0.000, [2] 0.031, [3] 0.000, [4] 0.000, [5] 0.032, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11] 0.000, [12] 0.000.
Uložená mezipaměť: 1
Record Number: 945
Source Name: ESENT
Time Written: 20130829115618.000000-000
Event Type: Informace
User:
Computer Name: WIN-SQRSSINIRE7
Event Code: 105
Message: SearchIndexer (2128) Windows: Databázový stroj spustil novou instanci (0). (Čas=0 s)
Sekvence interního načasování: [1] 0.000, [2] 0.000, [3] 0.156, [4] 0.031, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000.
Record Number: 944
Source Name: ESENT
Time Written: 20130829115618.000000-000
Event Type: Informace
User:
Computer Name: WIN-SQRSSINIRE7
Event Code: 102
Message: SearchIndexer (2128) Windows: Databázový stroj (6.02.9200.0000) spouští novou instanci (0).
Record Number: 943
Source Name: ESENT
Time Written: 20130829115618.000000-000
Event Type: Informace
User:
=====Security event log=====
Computer Name: Pavilon
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-21-3827288190-3897321577-2940346249-1001
Název účtu: Jaroslava
Doména účtu: Pavilon
ID přihlášení: 0x362DA1A
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$Windows.~BT\Sources\SafeOS\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_2c5177c069a919dd\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll
ID popisovače: 0xa44
Informace o procesu:
ID procesu: 0x1ee8
Název procesu: C:\$Windows.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 28245
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140609152945.036210-000
Event Type: Úspěšný audit
User:
Computer Name: Pavilon
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-21-3827288190-3897321577-2940346249-1001
Název účtu: Jaroslava
Doména účtu: Pavilon
ID přihlášení: 0x362DA1A
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$Windows.~BT\Sources\SafeOS\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_2c5177c069a919dd\api-ms-win-core-kernel32-legacy-l1-1-0.dll
ID popisovače: 0xa18
Informace o procesu:
ID procesu: 0x1ee8
Název procesu: C:\$Windows.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 28244
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140609152944.973705-000
Event Type: Úspěšný audit
User:
Computer Name: Pavilon
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-21-3827288190-3897321577-2940346249-1001
Název účtu: Jaroslava
Doména účtu: Pavilon
ID přihlášení: 0x362DA1A
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$Windows.~BT\Sources\SafeOS\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_2c5177c069a919dd\api-ms-win-core-kernel32-legacy-l1-1-1.dll
ID popisovače: 0xa14
Informace o procesu:
ID procesu: 0x1ee8
Název procesu: C:\$Windows.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 28243
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140609152944.958078-000
Event Type: Úspěšný audit
User:
Computer Name: Pavilon
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-21-3827288190-3897321577-2940346249-1001
Název účtu: Jaroslava
Doména účtu: Pavilon
ID přihlášení: 0x362DA1A
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$Windows.~BT\Sources\SafeOS\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_b8233abb5511544f\api-ms-win-core-io-l1-1-1.dll
ID popisovače: 0xa2c
Informace o procesu:
ID procesu: 0x1ee8
Název procesu: C:\$Windows.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 28242
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140609152944.942456-000
Event Type: Úspěšný audit
User:
Computer Name: Pavilon
Event Code: 4907
Message: Nastavení auditu objektu se změnila.
Předmět:
ID zabezpečení: S-1-5-21-3827288190-3897321577-2940346249-1001
Název účtu: Jaroslava
Doména účtu: Pavilon
ID přihlášení: 0x362DA1A
Objekt:
Server objektu: Security
Typ objektu: File
Název objektu: C:\$Windows.~BT\Sources\SafeOS\Mount\Windows\WinSxS\amd64_microsoft-windows-m..namespace-downlevel_31bf3856ad364e35_6.3.9600.16384_none_b8233abb5511544f\api-ms-win-core-interlocked-l1-1-0.dll
ID popisovače: 0xa28
Informace o procesu:
ID procesu: 0x1ee8
Název procesu: C:\$Windows.~BT\Sources\SetupHost.exe
Nastavení auditu:
Původní popisovač zabezpečení:
Nový popisovač zabezpečení: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 28241
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20140609152944.926829-000
Event Type: Úspěšný audit
User:
======Environment variables======
"FP_NO_HOST_CHECK"=NO
"USERNAME"=SYSTEM
"Path"=C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
"ComSpec"=%SystemRoot%\system32\cmd.exe
"TMP"=%SystemRoot%\TEMP
"OS"=Windows_NT
"windir"=%SystemRoot%
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=3a09
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Infekce URL:MAL
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Infekce URL:MAL
Zdravím!
Potřebuji vidět obsah souboru log.txt. Tohle je mi k ničemu.
Potřebuji vidět obsah souboru log.txt. Tohle je mi k ničemu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
martin.ulrich3
- Návštěvník
- Příspěvky: 2
- Registrován: 05 úno 2015 18:28
Re: Infekce URL:MAL
Zdravím, omlouvám se za spoždění k počítači se dostanu pouze jednou za pár dní.
log.txt
Logfile of random's system information tool 1.10 (written by random/random)
Run by Jaroslava at 2015-02-05 18:31:29
Microsoft Windows 8
System drive C: has 235 GB (51%) free of 456 GB
Total RAM: 3988 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:31:37, on 5. 2. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17183)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\ProgramData\{53685fe1-d26e-aaba-5368-85fe1d267f87}\Atardecer Wallpaper.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files\avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\avast\avastui.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files\trend micro\Jaroslava.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... 8144181441
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.yhs4.search.yahoo.com/?hspart ... e=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/sea ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... 8144181441
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... 8144181441
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... 8144181441
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: SecretSauce - {0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} - C:\Program Files (x86)\SecretSauce\SecretSaucebho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
O4 - Startup: Atardecer Wallpaper.lnk = C:\ProgramData\{53685fe1-d26e-aaba-5368-85fe1d267f87}\Atardecer Wallpaper.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem22.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SmdmF Service (SmdmFService) - Aztec Media Inc - C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13116 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
"dwm.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Hpservice.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\avast\AvastSvc.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE"
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
taskhostex.exe
C:\Windows\system32\svchost.exe -k apphost
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe"
dashost.exe {ec66ef28-085e-4a5d-9cd881c605f999ac}
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe" -monitor 536
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
"C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"C:\ProgramData\{53685fe1-d26e-aaba-5368-85fe1d267f87}\Atardecer Wallpaper.exe" --startup=1
"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" -byrunkey
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\avast\avastui.exe" /nogui
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.istartsurf.com/?type=sc&ts=1 ... 8144181441
"C:\Program Files\avast\avastui.exe" --type=renderer --no-sandbox --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36 Avastium (10.0.2208)" --lang=en-US --lang=en-US --log-file="C:\Users\Jaroslava\AppData\Roaming\AVAST Software\Avast\log\avastium.log" --log-severity=error --disable-webgl --disable-pepper-3d --disable-gl-multisampling --disable-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-video-decode --channel="4888.5.1031844807\126808394" /prefetch:673131151
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3896.31d14c0.1248378133 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3896 "\\.\pipe\gecko-crash-server-pipe.3896" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe" --proxy-stub-channel=Flash5408.5CED6220.32465 --host-broker-channel=Flash5408.5CED6220.31882 --host-pid=5408 --host-npapi-version=27 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_16_0_0_305.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe" --channel=1896.00AEF1CC.490448083 --proxy-stub-channel=Flash5408.5CED6220.32465 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_16_0_0_305.dll" --host-npapi-version=27 --type=renderer
"C:\Users\Jaroslava\Downloads\RSITx64.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Jaroslava\AppData\Roaming\Mozilla\Firefox\Profiles\u5v9i24r.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.tb.ask.com/search/GGmain. ... searchfor="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll
C:\Users\Jaroslava\AppData\Roaming\Mozilla\Firefox\Profiles\u5v9i24r.default\extensions\
57ffxtbr@MarineAquarium3Free_57.com
KTJWe@d.edu
C:\Users\Jaroslava\AppData\Roaming\Mozilla\Firefox\Profiles\u5v9i24r.default\searchplugins\
ask-search.xml
ask-web-search.xml
bingp.xml
default-search.xml
yahoo-avast.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}]
SecretSauce - C:\Program Files (x86)\SecretSauce\SecretSaucebho.dll [2013-12-07 249632]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-03-12 165872]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-03-12 407536]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-03-12 441840]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-03-08 7156296]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-02-06 3015920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpyEmergency"=C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe []
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"=C:\Windows\system32\cmd.exe [2012-07-26 404992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\playnowradio]
C:\Users\Jaroslava\AppData\Local\playnowradio\playnowradio\1.3.2.11\playnowradio.exe [2013-12-09 347648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall C:]
[]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2013-01-10 379904]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [2013-02-25 1045304]
"HP CoolSense"=C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05 1343904]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"AvastUI.exe"=C:\Program Files\avast\AvastUI.exe [2015-01-27 5227112]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17 508800]
"ApnTBMon"=C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2015-01-31 1934744]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Users\Jaroslava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Atardecer Wallpaper.lnk - C:\ProgramData\{53685fe1-d26e-aaba-5368-85fe1d267f87}\Atardecer Wallpaper.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-03-07 434176]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 3 months======
2015-02-05 18:31:29 ----D---- C:\rsit
2015-02-05 18:31:29 ----D---- C:\Program Files\trend micro
2015-02-01 21:37:43 ----D---- C:\ProgramData\16045866333302844883
2015-02-01 21:37:43 ----D---- C:\Program Files (x86)\unIsales
2015-02-01 21:37:42 ----D---- C:\ProgramData\dplhiopgogkndoaaoplffefmnhfhbmch
2015-02-01 21:36:06 ----D---- C:\ProgramData\{53685fe1-d26e-aaba-5368-85fe1d267f87}
2015-02-01 21:35:58 ----D---- C:\ProgramData\{b0fcac22-c399-b353-b0fc-cac22c39b08b}
2015-02-01 08:45:05 ----SHD---- C:\Config.Msi
2015-01-30 17:33:22 ----D---- C:\Games
2015-01-27 15:37:32 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-26 16:14:38 ----D---- C:\Program Files (x86)\Emergency 5
2015-01-26 15:30:05 ----D---- C:\ProgramData\AskPartnerNetwork
2015-01-26 15:30:05 ----D---- C:\Program Files (x86)\AskPartnerNetwork
2015-01-26 15:27:52 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-01-21 16:08:41 ----A---- C:\Windows\system32\aswBoot.exe
2015-01-14 16:22:44 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-01-14 16:22:44 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-01-14 16:22:44 ----A---- C:\Windows\system32\wucltux.dll
2015-01-14 16:22:44 ----A---- C:\Windows\system32\wuaueng.dll
2015-01-14 16:22:44 ----A---- C:\Windows\system32\wuauclt.exe
2015-01-14 16:22:44 ----A---- C:\Windows\system32\wuapi.dll
2015-01-14 16:22:43 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-01-14 16:22:43 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-01-14 16:22:43 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-01-14 16:22:43 ----A---- C:\Windows\system32\wuwebv.dll
2015-01-14 16:22:43 ----A---- C:\Windows\system32\wudriver.dll
2015-01-14 16:22:43 ----A---- C:\Windows\system32\wuapp.exe
2015-01-14 16:22:43 ----A---- C:\Windows\system32\storewuauth.dll
2015-01-14 16:22:40 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-01-14 16:22:40 ----A---- C:\Windows\system32\vbscript.dll
2015-01-14 16:22:30 ----A---- C:\Windows\system32\localspl.dll
2015-01-14 16:22:29 ----A---- C:\Windows\system32\win32spl.dll
2015-01-14 16:22:29 ----A---- C:\Windows\system32\services.exe
2015-01-14 16:22:28 ----A---- C:\Windows\system32\drivers\vhdmp.sys
2015-01-14 16:22:05 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:22:04 ----A---- C:\Windows\system32\profsvc.dll
2015-01-14 16:22:03 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-14 16:22:03 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-14 16:22:03 ----A---- C:\Windows\system32\nlaapi.dll
2015-01-14 16:22:03 ----A---- C:\Windows\system32\ncsi.dll
2015-01-14 16:22:02 ----A---- C:\Windows\system32\wer.dll
2015-01-14 16:22:01 ----A---- C:\Windows\SYSWOW64\wer.dll
2015-01-14 16:22:01 ----A---- C:\Windows\SYSWOW64\Faultrep.dll
2015-01-14 16:22:01 ----A---- C:\Windows\system32\Faultrep.dll
2015-01-14 16:22:00 ----A---- C:\Windows\SYSWOW64\WerFaultSecure.exe
2015-01-14 16:22:00 ----A---- C:\Windows\system32\WerFaultSecure.exe
2015-01-14 16:22:00 ----A---- C:\Windows\system32\EncDump.dll
2015-01-14 16:22:00 ----A---- C:\Windows\system32\audiosrv.dll
2015-01-14 16:21:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:21:52 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-01 13:55:18 ----A---- C:\Windows\avastSS.scr
2014-12-27 13:11:35 ----D---- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2014-12-26 13:22:40 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-12-25 14:43:56 ----A---- C:\Windows\SYSWOW64\vsstrace.dll
2014-12-25 14:43:56 ----A---- C:\Windows\SYSWOW64\vssapi.dll
2014-12-25 14:43:56 ----A---- C:\Windows\system32\VSSVC.exe
2014-12-25 14:43:56 ----A---- C:\Windows\system32\vsstrace.dll
2014-12-25 14:43:56 ----A---- C:\Windows\system32\vssapi.dll
2014-12-25 14:16:41 ----A---- C:\Windows\system32\win32k.sys
2014-12-25 14:16:39 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2014-12-25 14:16:39 ----A---- C:\Windows\system32\oleaut32.dll
2014-12-25 14:16:32 ----A---- C:\Windows\system32\shell32.dll
2014-12-25 14:16:31 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-12-25 14:16:30 ----A---- C:\Windows\SYSWOW64\mfmpeg2srcsnk.dll
2014-12-25 14:16:30 ----A---- C:\Windows\system32\mfmpeg2srcsnk.dll
2014-12-25 14:16:30 ----A---- C:\Windows\system32\dnsapi.dll
2014-12-25 14:16:29 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2014-12-25 14:16:29 ----A---- C:\Windows\system32\dnsrslvr.dll
2014-12-25 14:15:12 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-12-25 14:15:12 ----A---- C:\Windows\system32\AudioEndpointBuilder.dll
2014-12-25 14:15:05 ----A---- C:\Windows\system32\WsmSvc.dll
2014-12-25 14:15:04 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2014-12-25 14:15:04 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-12-25 14:15:03 ----A---- C:\Windows\system32\WsmWmiPl.dll
2014-12-25 14:15:03 ----A---- C:\Windows\system32\drivers\Classpnp.sys
2014-12-25 14:15:02 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2014-12-25 14:15:02 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2014-12-25 14:15:02 ----A---- C:\Windows\SYSWOW64\FXSCOMEX.dll
2014-12-25 14:15:02 ----A---- C:\Windows\SYSWOW64\FXSAPI.dll
2014-12-25 14:15:02 ----A---- C:\Windows\system32\rpchttp.dll
2014-12-25 14:15:02 ----A---- C:\Windows\system32\FXSCOMEX.dll
2014-12-25 14:15:01 ----A---- C:\Windows\system32\FXSTIFF.dll
2014-12-25 14:15:01 ----A---- C:\Windows\system32\FXST30.dll
2014-12-25 14:15:01 ----A---- C:\Windows\system32\FXSAPI.dll
2014-12-25 14:14:24 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-12-25 14:14:24 ----A---- C:\Windows\system32\msi.dll
2014-12-25 14:14:22 ----A---- C:\Windows\SYSWOW64\twinui.dll
2014-12-25 14:14:21 ----A---- C:\Windows\system32\twinui.dll
2014-12-25 14:14:20 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-12-25 14:14:20 ----A---- C:\Windows\system32\msihnd.dll
2014-12-25 14:14:20 ----A---- C:\Windows\system32\authui.dll
2014-12-25 14:14:19 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-12-25 14:13:44 ----A---- C:\Windows\system32\drivers\WdFilter.sys
2014-12-25 14:13:43 ----A---- C:\Windows\system32\drivers\WdBoot.sys
2014-12-25 14:13:06 ----A---- C:\Windows\system32\mshtml.dll
2014-12-25 14:13:02 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-25 14:12:58 ----A---- C:\Windows\system32\ieframe.dll
2014-12-25 14:12:57 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-25 14:12:57 ----A---- C:\Windows\system32\iertutil.dll
2014-12-25 14:12:56 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-25 14:12:56 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-25 14:12:56 ----A---- C:\Windows\system32\wininet.dll
2014-12-25 14:12:56 ----A---- C:\Windows\system32\urlmon.dll
2014-12-25 14:12:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-25 14:12:54 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-25 14:12:54 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-25 14:12:54 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-12-25 14:12:54 ----A---- C:\Windows\system32\uxtheme.dll
2014-12-25 14:12:54 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-25 14:12:54 ----A---- C:\Windows\system32\jscript.dll
2014-12-25 14:12:54 ----A---- C:\Windows\system32\iesysprep.dll
2014-12-25 14:12:53 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-12-25 14:12:53 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-12-25 14:12:53 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-12-25 14:12:53 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-25 14:12:53 ----A---- C:\Windows\system32\jscript9.dll
2014-12-25 14:12:53 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-25 14:12:53 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-25 14:12:52 ----A---- C:\Windows\SYSWOW64\UXInit.dll
2014-12-25 14:12:52 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-25 14:12:52 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-12-25 14:12:52 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-25 14:12:52 ----A---- C:\Windows\system32\UXInit.dll
2014-12-25 14:12:52 ----A---- C:\Windows\system32\msrating.dll
2014-12-25 14:12:52 ----A---- C:\Windows\system32\iernonce.dll
2014-12-25 14:12:52 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-25 14:12:51 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-25 14:12:51 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-25 14:12:50 ----A---- C:\Windows\SYSWOW64\uxtheme.dll
2014-12-25 14:12:50 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-25 14:12:50 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-12-25 14:12:50 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-25 14:12:50 ----A---- C:\Windows\system32\iesetup.dll
2014-12-25 14:12:47 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-12-25 14:12:46 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-25 14:12:20 ----A---- C:\Windows\system32\rdpcorets.dll
2014-12-25 14:12:19 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2014-12-25 14:12:19 ----A---- C:\Windows\system32\adtschema.dll
2014-12-25 14:12:18 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2014-12-25 14:12:18 ----A---- C:\Windows\system32\msaudite.dll
2014-12-25 14:07:52 ----A---- C:\Windows\system32\NotificationUI.exe
2014-12-25 14:07:52 ----A---- C:\Windows\system32\AutoUpdate.exe
2014-12-25 14:07:18 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-12-25 14:07:18 ----A---- C:\Windows\system32\schannel.dll
2014-12-25 14:07:16 ----A---- C:\Windows\SYSWOW64\ncryptsslp.dll
2014-12-25 14:07:16 ----A---- C:\Windows\system32\ncryptsslp.dll
2014-12-25 14:01:06 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-12-25 14:01:06 ----A---- C:\Windows\system32\msxml3.dll
2014-12-25 14:01:05 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-12-25 14:01:05 ----A---- C:\Windows\system32\packager.dll
2014-12-25 14:00:45 ----A---- C:\Windows\SYSWOW64\SHCore.dll
2014-12-25 14:00:45 ----A---- C:\Windows\system32\SHCore.dll
2014-12-25 14:00:44 ----A---- C:\Windows\system32\lsasrv.dll
2014-12-25 14:00:43 ----A---- C:\Windows\system32\kerberos.dll
2014-12-25 14:00:43 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-12-25 14:00:42 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-12-25 14:00:41 ----A---- C:\Windows\SYSWOW64\pku2u.dll
2014-12-25 14:00:41 ----A---- C:\Windows\system32\pku2u.dll
2014-12-25 13:57:54 ----A---- C:\Windows\system32\crypt32.dll
2014-12-25 13:57:53 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-11-09 17:23:30 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-11-09 17:11:52 ----D---- C:\Program Files (x86)\2K Games
2014-11-09 12:28:53 ----D---- C:\Windows\system32\AutoUpdateLicense
2014-11-08 16:35:31 ----D---- C:\Program Files (x86)\Mindspark
2014-11-08 14:45:13 ----D---- C:\Program Files (x86)\RailSimulator.com
2014-11-07 19:08:24 ----A---- C:\Windows\SYSWOW64\WSShared.dll
2014-11-07 19:08:24 ----A---- C:\Windows\system32\WSShared.dll
2014-11-07 19:08:23 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-07 19:08:23 ----A---- C:\Windows\system32\WinSetupUI.dll
2014-11-07 19:08:23 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-11-07 19:08:22 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-07 18:13:22 ----A---- C:\Windows\system32\tssdisai.dll
2014-11-07 18:13:22 ----A---- C:\Windows\system32\poqexec.exe
2014-11-07 17:45:59 ----D---- C:\Users\Jaroslava\AppData\Roaming\Farm Mania 2
======List of files/folders modified in the last 3 months======
2015-02-05 18:31:29 ----RD---- C:\Program Files
2015-02-05 18:31:27 ----D---- C:\Windows\Prefetch
2015-02-05 18:23:34 ----D---- C:\Windows\Temp
2015-02-05 18:19:40 ----D---- C:\ProgramData\smdmf
2015-02-05 18:17:43 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-02-05 18:16:55 ----A---- C:\Windows\SYSWOW64\log.txt
2015-02-05 18:16:09 ----D---- C:\Users\Jaroslava\AppData\Roaming\Skype
2015-02-05 18:15:41 ----A---- C:\Windows\SYSWOW64\LOCALSERVICE.INI
2015-02-05 18:14:40 ----A---- C:\Windows\SYSWOW64\LOCALDEVICE.INI
2015-02-05 17:00:00 ----D---- C:\Windows\system32\sru
2015-02-05 15:46:55 ----D---- C:\Windows\system32\catroot2
2015-02-04 21:13:27 ----D---- C:\Windows\SysWOW64
2015-02-03 13:48:56 ----D---- C:\Windows\Microsoft.NET
2015-02-03 11:22:42 ----D---- C:\Windows\system32\Tasks
2015-02-03 11:22:42 ----D---- C:\Program Files (x86)\Opera
2015-02-01 21:37:43 ----RD---- C:\Program Files (x86)
2015-02-01 21:37:43 ----HD---- C:\ProgramData
2015-02-01 09:39:10 ----SHD---- C:\System Volume Information
2015-02-01 08:45:25 ----SHD---- C:\Windows\Installer
2015-01-30 17:28:37 ----D---- C:\Users\Jaroslava\AppData\Roaming\.minecraft
2015-01-30 17:20:45 ----D---- C:\Program Files (x86)\sixteen tons entertainment
2015-01-30 17:02:58 ----D---- C:\Program Files (x86)\Demolition Company Demo
2015-01-28 10:48:39 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 18:11:46 ----D---- C:\Users\Jaroslava\AppData\Roaming\uTorrent
2015-01-27 17:54:59 ----D---- C:\Windows\Inf
2015-01-27 17:54:45 ----D---- C:\Program Files\avast
2015-01-26 19:37:19 ----D---- C:\Windows\SKB
2015-01-26 19:24:06 ----D---- C:\inetpub
2015-01-26 15:28:05 ----D---- C:\ProgramData\Oracle
2015-01-26 15:27:53 ----D---- C:\Program Files (x86)\Common Files
2015-01-26 15:27:24 ----D---- C:\Program Files (x86)\Java
2015-01-24 12:24:53 ----D---- C:\Program Files (x86)\Euro Truck Simulator 2
2015-01-24 12:16:14 ----RD---- C:\Windows\System32
2015-01-24 12:16:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-21 16:09:20 ----D---- C:\Windows\system32\DriverStore
2015-01-21 16:09:13 ----D---- C:\Windows\system32\Drivers
2015-01-21 16:08:37 ----D---- C:\Windows
2015-01-18 09:12:27 ----D---- C:\Windows\system32\config
2015-01-18 08:58:27 ----D---- C:\Windows\system32\MRT
2015-01-18 08:44:10 ----A---- C:\Windows\system32\MRT.exe
2015-01-16 19:51:20 ----D---- C:\Windows\rescache
2015-01-16 19:24:20 ----D---- C:\Windows\WinSxS
2015-01-16 18:19:02 ----D---- C:\Windows\system32\cs-CZ
2015-01-16 09:09:53 ----D---- C:\Windows\CbsTemp
2015-01-15 13:37:25 ----D---- C:\Windows\system32\NDF
2014-12-29 23:58:35 ----RSD---- C:\Windows\assembly
2014-12-28 18:11:57 ----D---- C:\Windows\AUInstallAgent
2014-12-27 18:12:53 ----HD---- C:\$Windows.~BT
2014-12-27 17:32:22 ----D---- C:\Windows\Registration
2014-12-27 17:17:36 ----HD---- C:\Program Files\WindowsApps
2014-12-27 17:11:18 ----D---- C:\Windows\system32\catroot
2014-12-27 13:18:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 18:02:26 ----RD---- C:\Windows\ToastData
2014-12-25 18:02:21 ----D---- C:\Program Files\Windows Defender
2014-12-25 18:02:19 ----D---- C:\Program Files (x86)\Windows Defender
2014-12-25 18:02:13 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-25 18:02:10 ----D---- C:\Program Files\Internet Explorer
2014-12-25 18:02:09 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-12-06 12:40:13 ----D---- C:\Program Files (x86)\Bau-Simulator 2012 Demo
2014-11-09 17:10:28 ----D---- C:\ProgramData\DAEMON Tools Lite
2014-11-09 17:10:13 ----D---- C:\Users\Jaroslava\AppData\Roaming\DAEMON Tools Lite
2014-11-09 12:28:53 ----D---- C:\Windows\WinStore
2014-11-08 16:36:10 ----D---- C:\Program Files (x86)\SereneScreen
2014-11-08 15:35:12 ----SD---- C:\Users\Jaroslava\AppData\Roaming\Microsoft
2014-11-08 13:16:11 ----D---- C:\Windows\Help
2014-11-06 06:35:35 ----A---- C:\Windows\SYSWOW64\PrintConfig.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-01-01 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-01-01 267632]
R0 hpdskflt;@oem22.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-09-24 31040]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-04-10 653808]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-01-01 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-01-01 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-01-01 436624]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg [2014-07-22 41872]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-01-01 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-01-01 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-01-01 116728]
R3 Accelerometer;@oem22.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-09-24 43840]
R3 BtAudioBusSrv;@oem18.inf,%SvcDesc%;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-06-20 51712]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2013-06-20 74752]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2013-02-26 49200]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-03-07 4533760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-03-08 3340616]
R3 IntcDAud;@oem5.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-03-07 442368]
R3 MEIx64;@oem8.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-13 62784]
R3 netr28x;@oem27.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
R3 rtbth;@oem28.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem12.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-10-25 723088]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-02-06 31984]
R3 SynTP;@oem7.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-02-06 469232]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-05 210560]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 dg_ssudbus;@oem29.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 PcaSp60;@oem24.inf,%PCASP60_Desc%;Rawether NDIS 6.X SPR Protocol Driver; C:\Windows\system32\DRIVERS\PcaSp60.sys [2010-09-07 38912]
S3 RSP2STOR;@oem9.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [2013-01-24 288328]
S3 RTSPER;Realtek PCIe CardReader Driver; C:\Windows\system32\DRIVERS\RtsPer.sys [2013-02-02 448072]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-02-06 28400]
S3 ssudserd;@oem30.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2014-01-22 206080]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-01 43008]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-18 98208]
R2 APNMCP;Ask Update Service; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2015-01-31 177560]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2013-06-20 29696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\avast\AvastSvc.exe [2015-01-01 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2013-01-31 1626872]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 hpsrv;@oem22.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2012-09-24 31040]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-02-01 1039160]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-04-10 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-01-14 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-01-14 165336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-01-14 279000]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-02-20 239176]
R2 SmdmFService;SmdmF Service; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [2014-07-22 3572240]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-01-14 366040]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2013-01-10 138752]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-11-05 1001376]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 267440]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-03-12 279024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-27 43616]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-27 114800]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2013-06-20 29696]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\Windows\System32\drivers\BthAvrcpTg.sys [2013-06-01 37632]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\Windows\System32\drivers\BthHFHid.sys [2013-06-20 29952]
-----------------EOF-----------------
log.txt
Logfile of random's system information tool 1.10 (written by random/random)
Run by Jaroslava at 2015-02-05 18:31:29
Microsoft Windows 8
System drive C: has 235 GB (51%) free of 456 GB
Total RAM: 3988 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:31:37, on 5. 2. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17183)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\ProgramData\{53685fe1-d26e-aaba-5368-85fe1d267f87}\Atardecer Wallpaper.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files\avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\avast\avastui.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files\trend micro\Jaroslava.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... 8144181441
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.yhs4.search.yahoo.com/?hspart ... e=avastbcl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.yhs4.search.yahoo.com/yhs/sea ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... 8144181441
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1 ... 8144181441
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds& ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsurf.com/?type=hp&ts=1 ... 8144181441
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: SecretSauce - {0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4} - C:\Program Files (x86)\SecretSauce\SecretSaucebho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [SpyEmergency] C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
O4 - Startup: Atardecer Wallpaper.lnk = C:\ProgramData\{53685fe1-d26e-aaba-5368-85fe1d267f87}\Atardecer Wallpaper.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\avast\AvastSvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem22.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SmdmF Service (SmdmFService) - Aztec Media Inc - C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13116 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
"dwm.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Hpservice.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\avast\AvastSvc.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE"
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
taskhostex.exe
C:\Windows\system32\svchost.exe -k apphost
"\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe"
dashost.exe {ec66ef28-085e-4a5d-9cd881c605f999ac}
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe" -monitor 536
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
"C:\Program Files (x86)\Settings Manager\smdmf\smdmfu.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe"
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"C:\ProgramData\{53685fe1-d26e-aaba-5368-85fe1d267f87}\Atardecer Wallpaper.exe" --startup=1
"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" -byrunkey
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\avast\avastui.exe" /nogui
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.istartsurf.com/?type=sc&ts=1 ... 8144181441
"C:\Program Files\avast\avastui.exe" --type=renderer --no-sandbox --user-agent="Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36 Avastium (10.0.2208)" --lang=en-US --lang=en-US --log-file="C:\Users\Jaroslava\AppData\Roaming\AVAST Software\Avast\log\avastium.log" --log-severity=error --disable-webgl --disable-pepper-3d --disable-gl-multisampling --disable-accelerated-compositing --disable-accelerated-2d-canvas --disable-accelerated-video-decode --channel="4888.5.1031844807\126808394" /prefetch:673131151
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3896.31d14c0.1248378133 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3896 "\\.\pipe\gecko-crash-server-pipe.3896" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe" --proxy-stub-channel=Flash5408.5CED6220.32465 --host-broker-channel=Flash5408.5CED6220.31882 --host-pid=5408 --host-npapi-version=27 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_16_0_0_305.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe" --channel=1896.00AEF1CC.490448083 --proxy-stub-channel=Flash5408.5CED6220.32465 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_16_0_0_305.dll" --host-npapi-version=27 --type=renderer
"C:\Users\Jaroslava\Downloads\RSITx64.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Jaroslava\AppData\Roaming\Mozilla\Firefox\Profiles\u5v9i24r.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
prefs.js - "keyword.URL" - "http://search.tb.ask.com/search/GGmain. ... searchfor="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.305 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll
C:\Users\Jaroslava\AppData\Roaming\Mozilla\Firefox\Profiles\u5v9i24r.default\extensions\
57ffxtbr@MarineAquarium3Free_57.com
KTJWe@d.edu
C:\Users\Jaroslava\AppData\Roaming\Mozilla\Firefox\Profiles\u5v9i24r.default\searchplugins\
ask-search.xml
ask-web-search.xml
bingp.xml
default-search.xml
yahoo-avast.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ffd0ef2-dbe9-483a-80c4-d2c331da1ce4}]
SecretSauce - C:\Program Files (x86)\SecretSauce\SecretSaucebho.dll [2013-12-07 249632]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-26 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-26 172968]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2012-07-09 351136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17}
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-03-12 165872]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-03-12 407536]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-03-12 441840]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2013-03-08 7156296]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-02-06 3015920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpyEmergency"=C:\Program Files\NETGATE\Spy Emergency\SpyEmergency.exe []
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Jaroslava\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"=C:\Windows\system32\cmd.exe [2012-07-26 404992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\playnowradio]
C:\Users\Jaroslava\AppData\Local\playnowradio\playnowradio\1.3.2.11\playnowradio.exe [2013-12-09 347648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall C:]
[]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2013-01-10 379904]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [2013-02-25 1045304]
"HP CoolSense"=C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05 1343904]
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"AvastUI.exe"=C:\Program Files\avast\AvastUI.exe [2015-01-27 5227112]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-12-17 508800]
"ApnTBMon"=C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2015-01-31 1934744]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Users\Jaroslava\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Atardecer Wallpaper.lnk - C:\ProgramData\{53685fe1-d26e-aaba-5368-85fe1d267f87}\Atardecer Wallpaper.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-03-07 434176]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 3 months======
2015-02-05 18:31:29 ----D---- C:\rsit
2015-02-05 18:31:29 ----D---- C:\Program Files\trend micro
2015-02-01 21:37:43 ----D---- C:\ProgramData\16045866333302844883
2015-02-01 21:37:43 ----D---- C:\Program Files (x86)\unIsales
2015-02-01 21:37:42 ----D---- C:\ProgramData\dplhiopgogkndoaaoplffefmnhfhbmch
2015-02-01 21:36:06 ----D---- C:\ProgramData\{53685fe1-d26e-aaba-5368-85fe1d267f87}
2015-02-01 21:35:58 ----D---- C:\ProgramData\{b0fcac22-c399-b353-b0fc-cac22c39b08b}
2015-02-01 08:45:05 ----SHD---- C:\Config.Msi
2015-01-30 17:33:22 ----D---- C:\Games
2015-01-27 15:37:32 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-26 16:14:38 ----D---- C:\Program Files (x86)\Emergency 5
2015-01-26 15:30:05 ----D---- C:\ProgramData\AskPartnerNetwork
2015-01-26 15:30:05 ----D---- C:\Program Files (x86)\AskPartnerNetwork
2015-01-26 15:27:52 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-01-21 16:08:41 ----A---- C:\Windows\system32\aswBoot.exe
2015-01-14 16:22:44 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-01-14 16:22:44 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-01-14 16:22:44 ----A---- C:\Windows\system32\wucltux.dll
2015-01-14 16:22:44 ----A---- C:\Windows\system32\wuaueng.dll
2015-01-14 16:22:44 ----A---- C:\Windows\system32\wuauclt.exe
2015-01-14 16:22:44 ----A---- C:\Windows\system32\wuapi.dll
2015-01-14 16:22:43 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-01-14 16:22:43 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-01-14 16:22:43 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-01-14 16:22:43 ----A---- C:\Windows\system32\wuwebv.dll
2015-01-14 16:22:43 ----A---- C:\Windows\system32\wudriver.dll
2015-01-14 16:22:43 ----A---- C:\Windows\system32\wuapp.exe
2015-01-14 16:22:43 ----A---- C:\Windows\system32\storewuauth.dll
2015-01-14 16:22:40 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-01-14 16:22:40 ----A---- C:\Windows\system32\vbscript.dll
2015-01-14 16:22:30 ----A---- C:\Windows\system32\localspl.dll
2015-01-14 16:22:29 ----A---- C:\Windows\system32\win32spl.dll
2015-01-14 16:22:29 ----A---- C:\Windows\system32\services.exe
2015-01-14 16:22:28 ----A---- C:\Windows\system32\drivers\vhdmp.sys
2015-01-14 16:22:05 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:22:04 ----A---- C:\Windows\system32\profsvc.dll
2015-01-14 16:22:03 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-14 16:22:03 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-14 16:22:03 ----A---- C:\Windows\system32\nlaapi.dll
2015-01-14 16:22:03 ----A---- C:\Windows\system32\ncsi.dll
2015-01-14 16:22:02 ----A---- C:\Windows\system32\wer.dll
2015-01-14 16:22:01 ----A---- C:\Windows\SYSWOW64\wer.dll
2015-01-14 16:22:01 ----A---- C:\Windows\SYSWOW64\Faultrep.dll
2015-01-14 16:22:01 ----A---- C:\Windows\system32\Faultrep.dll
2015-01-14 16:22:00 ----A---- C:\Windows\SYSWOW64\WerFaultSecure.exe
2015-01-14 16:22:00 ----A---- C:\Windows\system32\WerFaultSecure.exe
2015-01-14 16:22:00 ----A---- C:\Windows\system32\EncDump.dll
2015-01-14 16:22:00 ----A---- C:\Windows\system32\audiosrv.dll
2015-01-14 16:21:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:21:52 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-01 13:55:18 ----A---- C:\Windows\avastSS.scr
2014-12-27 13:11:35 ----D---- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
2014-12-26 13:22:40 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-12-25 14:43:56 ----A---- C:\Windows\SYSWOW64\vsstrace.dll
2014-12-25 14:43:56 ----A---- C:\Windows\SYSWOW64\vssapi.dll
2014-12-25 14:43:56 ----A---- C:\Windows\system32\VSSVC.exe
2014-12-25 14:43:56 ----A---- C:\Windows\system32\vsstrace.dll
2014-12-25 14:43:56 ----A---- C:\Windows\system32\vssapi.dll
2014-12-25 14:16:41 ----A---- C:\Windows\system32\win32k.sys
2014-12-25 14:16:39 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2014-12-25 14:16:39 ----A---- C:\Windows\system32\oleaut32.dll
2014-12-25 14:16:32 ----A---- C:\Windows\system32\shell32.dll
2014-12-25 14:16:31 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-12-25 14:16:30 ----A---- C:\Windows\SYSWOW64\mfmpeg2srcsnk.dll
2014-12-25 14:16:30 ----A---- C:\Windows\system32\mfmpeg2srcsnk.dll
2014-12-25 14:16:30 ----A---- C:\Windows\system32\dnsapi.dll
2014-12-25 14:16:29 ----A---- C:\Windows\SYSWOW64\dnsapi.dll
2014-12-25 14:16:29 ----A---- C:\Windows\system32\dnsrslvr.dll
2014-12-25 14:15:12 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-12-25 14:15:12 ----A---- C:\Windows\system32\AudioEndpointBuilder.dll
2014-12-25 14:15:05 ----A---- C:\Windows\system32\WsmSvc.dll
2014-12-25 14:15:04 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2014-12-25 14:15:04 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-12-25 14:15:03 ----A---- C:\Windows\system32\WsmWmiPl.dll
2014-12-25 14:15:03 ----A---- C:\Windows\system32\drivers\Classpnp.sys
2014-12-25 14:15:02 ----A---- C:\Windows\SYSWOW64\WsmWmiPl.dll
2014-12-25 14:15:02 ----A---- C:\Windows\SYSWOW64\rpchttp.dll
2014-12-25 14:15:02 ----A---- C:\Windows\SYSWOW64\FXSCOMEX.dll
2014-12-25 14:15:02 ----A---- C:\Windows\SYSWOW64\FXSAPI.dll
2014-12-25 14:15:02 ----A---- C:\Windows\system32\rpchttp.dll
2014-12-25 14:15:02 ----A---- C:\Windows\system32\FXSCOMEX.dll
2014-12-25 14:15:01 ----A---- C:\Windows\system32\FXSTIFF.dll
2014-12-25 14:15:01 ----A---- C:\Windows\system32\FXST30.dll
2014-12-25 14:15:01 ----A---- C:\Windows\system32\FXSAPI.dll
2014-12-25 14:14:24 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-12-25 14:14:24 ----A---- C:\Windows\system32\msi.dll
2014-12-25 14:14:22 ----A---- C:\Windows\SYSWOW64\twinui.dll
2014-12-25 14:14:21 ----A---- C:\Windows\system32\twinui.dll
2014-12-25 14:14:20 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-12-25 14:14:20 ----A---- C:\Windows\system32\msihnd.dll
2014-12-25 14:14:20 ----A---- C:\Windows\system32\authui.dll
2014-12-25 14:14:19 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-12-25 14:13:44 ----A---- C:\Windows\system32\drivers\WdFilter.sys
2014-12-25 14:13:43 ----A---- C:\Windows\system32\drivers\WdBoot.sys
2014-12-25 14:13:06 ----A---- C:\Windows\system32\mshtml.dll
2014-12-25 14:13:02 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-12-25 14:12:58 ----A---- C:\Windows\system32\ieframe.dll
2014-12-25 14:12:57 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-12-25 14:12:57 ----A---- C:\Windows\system32\iertutil.dll
2014-12-25 14:12:56 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-12-25 14:12:56 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-12-25 14:12:56 ----A---- C:\Windows\system32\wininet.dll
2014-12-25 14:12:56 ----A---- C:\Windows\system32\urlmon.dll
2014-12-25 14:12:55 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-12-25 14:12:54 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-12-25 14:12:54 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-12-25 14:12:54 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-12-25 14:12:54 ----A---- C:\Windows\system32\uxtheme.dll
2014-12-25 14:12:54 ----A---- C:\Windows\system32\msfeeds.dll
2014-12-25 14:12:54 ----A---- C:\Windows\system32\jscript.dll
2014-12-25 14:12:54 ----A---- C:\Windows\system32\iesysprep.dll
2014-12-25 14:12:53 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-12-25 14:12:53 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-12-25 14:12:53 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-12-25 14:12:53 ----A---- C:\Windows\system32\mshtmled.dll
2014-12-25 14:12:53 ----A---- C:\Windows\system32\jscript9.dll
2014-12-25 14:12:53 ----A---- C:\Windows\system32\iedkcs32.dll
2014-12-25 14:12:53 ----A---- C:\Windows\system32\ie4uinit.exe
2014-12-25 14:12:52 ----A---- C:\Windows\SYSWOW64\UXInit.dll
2014-12-25 14:12:52 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-12-25 14:12:52 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-12-25 14:12:52 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-12-25 14:12:52 ----A---- C:\Windows\system32\UXInit.dll
2014-12-25 14:12:52 ----A---- C:\Windows\system32\msrating.dll
2014-12-25 14:12:52 ----A---- C:\Windows\system32\iernonce.dll
2014-12-25 14:12:52 ----A---- C:\Windows\system32\dxtrans.dll
2014-12-25 14:12:51 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-12-25 14:12:51 ----A---- C:\Windows\system32\dxtmsft.dll
2014-12-25 14:12:50 ----A---- C:\Windows\SYSWOW64\uxtheme.dll
2014-12-25 14:12:50 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-12-25 14:12:50 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-12-25 14:12:50 ----A---- C:\Windows\system32\jsproxy.dll
2014-12-25 14:12:50 ----A---- C:\Windows\system32\iesetup.dll
2014-12-25 14:12:47 ----A---- C:\Windows\system32\WindowsCodecs.dll
2014-12-25 14:12:46 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2014-12-25 14:12:20 ----A---- C:\Windows\system32\rdpcorets.dll
2014-12-25 14:12:19 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2014-12-25 14:12:19 ----A---- C:\Windows\system32\adtschema.dll
2014-12-25 14:12:18 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2014-12-25 14:12:18 ----A---- C:\Windows\system32\msaudite.dll
2014-12-25 14:07:52 ----A---- C:\Windows\system32\NotificationUI.exe
2014-12-25 14:07:52 ----A---- C:\Windows\system32\AutoUpdate.exe
2014-12-25 14:07:18 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-12-25 14:07:18 ----A---- C:\Windows\system32\schannel.dll
2014-12-25 14:07:16 ----A---- C:\Windows\SYSWOW64\ncryptsslp.dll
2014-12-25 14:07:16 ----A---- C:\Windows\system32\ncryptsslp.dll
2014-12-25 14:01:06 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-12-25 14:01:06 ----A---- C:\Windows\system32\msxml3.dll
2014-12-25 14:01:05 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-12-25 14:01:05 ----A---- C:\Windows\system32\packager.dll
2014-12-25 14:00:45 ----A---- C:\Windows\SYSWOW64\SHCore.dll
2014-12-25 14:00:45 ----A---- C:\Windows\system32\SHCore.dll
2014-12-25 14:00:44 ----A---- C:\Windows\system32\lsasrv.dll
2014-12-25 14:00:43 ----A---- C:\Windows\system32\kerberos.dll
2014-12-25 14:00:43 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-12-25 14:00:42 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-12-25 14:00:41 ----A---- C:\Windows\SYSWOW64\pku2u.dll
2014-12-25 14:00:41 ----A---- C:\Windows\system32\pku2u.dll
2014-12-25 13:57:54 ----A---- C:\Windows\system32\crypt32.dll
2014-12-25 13:57:53 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2014-11-09 17:23:30 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-11-09 17:11:52 ----D---- C:\Program Files (x86)\2K Games
2014-11-09 12:28:53 ----D---- C:\Windows\system32\AutoUpdateLicense
2014-11-08 16:35:31 ----D---- C:\Program Files (x86)\Mindspark
2014-11-08 14:45:13 ----D---- C:\Program Files (x86)\RailSimulator.com
2014-11-07 19:08:24 ----A---- C:\Windows\SYSWOW64\WSShared.dll
2014-11-07 19:08:24 ----A---- C:\Windows\system32\WSShared.dll
2014-11-07 19:08:23 ----A---- C:\Windows\SYSWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-07 19:08:23 ----A---- C:\Windows\system32\WinSetupUI.dll
2014-11-07 19:08:23 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-11-07 19:08:22 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-11-07 18:13:22 ----A---- C:\Windows\system32\tssdisai.dll
2014-11-07 18:13:22 ----A---- C:\Windows\system32\poqexec.exe
2014-11-07 17:45:59 ----D---- C:\Users\Jaroslava\AppData\Roaming\Farm Mania 2
======List of files/folders modified in the last 3 months======
2015-02-05 18:31:29 ----RD---- C:\Program Files
2015-02-05 18:31:27 ----D---- C:\Windows\Prefetch
2015-02-05 18:23:34 ----D---- C:\Windows\Temp
2015-02-05 18:19:40 ----D---- C:\ProgramData\smdmf
2015-02-05 18:17:43 ----A---- C:\Windows\SYSWOW64\bscs.ini
2015-02-05 18:16:55 ----A---- C:\Windows\SYSWOW64\log.txt
2015-02-05 18:16:09 ----D---- C:\Users\Jaroslava\AppData\Roaming\Skype
2015-02-05 18:15:41 ----A---- C:\Windows\SYSWOW64\LOCALSERVICE.INI
2015-02-05 18:14:40 ----A---- C:\Windows\SYSWOW64\LOCALDEVICE.INI
2015-02-05 17:00:00 ----D---- C:\Windows\system32\sru
2015-02-05 15:46:55 ----D---- C:\Windows\system32\catroot2
2015-02-04 21:13:27 ----D---- C:\Windows\SysWOW64
2015-02-03 13:48:56 ----D---- C:\Windows\Microsoft.NET
2015-02-03 11:22:42 ----D---- C:\Windows\system32\Tasks
2015-02-03 11:22:42 ----D---- C:\Program Files (x86)\Opera
2015-02-01 21:37:43 ----RD---- C:\Program Files (x86)
2015-02-01 21:37:43 ----HD---- C:\ProgramData
2015-02-01 09:39:10 ----SHD---- C:\System Volume Information
2015-02-01 08:45:25 ----SHD---- C:\Windows\Installer
2015-01-30 17:28:37 ----D---- C:\Users\Jaroslava\AppData\Roaming\.minecraft
2015-01-30 17:20:45 ----D---- C:\Program Files (x86)\sixteen tons entertainment
2015-01-30 17:02:58 ----D---- C:\Program Files (x86)\Demolition Company Demo
2015-01-28 10:48:39 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 18:11:46 ----D---- C:\Users\Jaroslava\AppData\Roaming\uTorrent
2015-01-27 17:54:59 ----D---- C:\Windows\Inf
2015-01-27 17:54:45 ----D---- C:\Program Files\avast
2015-01-26 19:37:19 ----D---- C:\Windows\SKB
2015-01-26 19:24:06 ----D---- C:\inetpub
2015-01-26 15:28:05 ----D---- C:\ProgramData\Oracle
2015-01-26 15:27:53 ----D---- C:\Program Files (x86)\Common Files
2015-01-26 15:27:24 ----D---- C:\Program Files (x86)\Java
2015-01-24 12:24:53 ----D---- C:\Program Files (x86)\Euro Truck Simulator 2
2015-01-24 12:16:14 ----RD---- C:\Windows\System32
2015-01-24 12:16:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-21 16:09:20 ----D---- C:\Windows\system32\DriverStore
2015-01-21 16:09:13 ----D---- C:\Windows\system32\Drivers
2015-01-21 16:08:37 ----D---- C:\Windows
2015-01-18 09:12:27 ----D---- C:\Windows\system32\config
2015-01-18 08:58:27 ----D---- C:\Windows\system32\MRT
2015-01-18 08:44:10 ----A---- C:\Windows\system32\MRT.exe
2015-01-16 19:51:20 ----D---- C:\Windows\rescache
2015-01-16 19:24:20 ----D---- C:\Windows\WinSxS
2015-01-16 18:19:02 ----D---- C:\Windows\system32\cs-CZ
2015-01-16 09:09:53 ----D---- C:\Windows\CbsTemp
2015-01-15 13:37:25 ----D---- C:\Windows\system32\NDF
2014-12-29 23:58:35 ----RSD---- C:\Windows\assembly
2014-12-28 18:11:57 ----D---- C:\Windows\AUInstallAgent
2014-12-27 18:12:53 ----HD---- C:\$Windows.~BT
2014-12-27 17:32:22 ----D---- C:\Windows\Registration
2014-12-27 17:17:36 ----HD---- C:\Program Files\WindowsApps
2014-12-27 17:11:18 ----D---- C:\Windows\system32\catroot
2014-12-27 13:18:23 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-12-25 18:02:26 ----RD---- C:\Windows\ToastData
2014-12-25 18:02:21 ----D---- C:\Program Files\Windows Defender
2014-12-25 18:02:19 ----D---- C:\Program Files (x86)\Windows Defender
2014-12-25 18:02:13 ----D---- C:\Program Files (x86)\Internet Explorer
2014-12-25 18:02:10 ----D---- C:\Program Files\Internet Explorer
2014-12-25 18:02:09 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-12-06 12:40:13 ----D---- C:\Program Files (x86)\Bau-Simulator 2012 Demo
2014-11-09 17:10:28 ----D---- C:\ProgramData\DAEMON Tools Lite
2014-11-09 17:10:13 ----D---- C:\Users\Jaroslava\AppData\Roaming\DAEMON Tools Lite
2014-11-09 12:28:53 ----D---- C:\Windows\WinStore
2014-11-08 16:36:10 ----D---- C:\Program Files (x86)\SereneScreen
2014-11-08 15:35:12 ----SD---- C:\Users\Jaroslava\AppData\Roaming\Microsoft
2014-11-08 13:16:11 ----D---- C:\Windows\Help
2014-11-06 06:35:35 ----A---- C:\Windows\SYSWOW64\PrintConfig.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-01-01 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-01-01 267632]
R0 hpdskflt;@oem22.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2012-09-24 31040]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-04-10 653808]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-01-01 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-01-01 1050432]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-01-01 436624]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg [2014-07-22 41872]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2012-07-26 64000]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-01-01 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-01-01 83280]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-01-01 116728]
R3 Accelerometer;@oem22.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2012-09-24 43840]
R3 BtAudioBusSrv;@oem18.inf,%SvcDesc%;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\System32\drivers\BthEnum.sys [2013-06-20 51712]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2012-07-26 202752]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2012-07-26 119808]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2013-06-20 74752]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2013-02-26 49200]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-03-07 4533760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-03-08 3340616]
R3 IntcDAud;@oem5.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-03-07 442368]
R3 MEIx64;@oem8.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-13 62784]
R3 netr28x;@oem27.inf,%Generic.Service.DispName%;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2013-12-04 2505904]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2013-03-01 156672]
R3 rtbth;@oem28.inf,%General.Service.DispName%;RTBTH Bluetooth Device Driver; C:\Windows\System32\drivers\rtbth.sys [2013-12-02 1204424]
R3 RTL8168;@oem12.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-10-25 723088]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-02-06 31984]
R3 SynTP;@oem7.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-02-06 469232]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-05 210560]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2012-07-26 17920]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2013-03-01 1175040]
S3 dg_ssudbus;@oem29.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 PcaSp60;@oem24.inf,%PCASP60_Desc%;Rawether NDIS 6.X SPR Protocol Driver; C:\Windows\system32\DRIVERS\PcaSp60.sys [2010-09-07 38912]
S3 RSP2STOR;@oem9.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [2013-01-24 288328]
S3 RTSPER;Realtek PCIe CardReader Driver; C:\Windows\system32\DRIVERS\RtsPer.sys [2013-02-02 448072]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2013-02-06 28400]
S3 ssudserd;@oem30.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2014-01-22 206080]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-01 43008]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE [2009-11-18 98208]
R2 APNMCP;Ask Update Service; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2015-01-31 177560]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2013-06-20 29696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\avast\AvastSvc.exe [2015-01-01 50344]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2013-01-31 1626872]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R2 hpsrv;@oem22.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2012-09-24 31040]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2013-02-01 1039160]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-04-10 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-12-10 732160]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-01-14 131032]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-01-14 165336]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-01-14 279000]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-02-20 239176]
R2 SmdmFService;SmdmF Service; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [2014-07-22 3572240]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-01-14 366040]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2013-01-10 138752]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-11-05 1001376]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 267440]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-12 51648]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-03-12 279024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2012-07-27 43616]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2012-12-10 803872]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 289256]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-27 114800]
S3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2013-06-20 29696]
S4 BthAvrcpTg;@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID; C:\Windows\System32\drivers\BthAvrcpTg.sys [2013-06-01 37632]
S4 BthHFEnum;@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator; C:\Windows\System32\drivers\bthhfenum.sys [2012-07-26 51200]
S4 bthhfhid;@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID; C:\Windows\System32\drivers\BthHFHid.sys [2013-06-20 29952]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119677
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Infekce URL:MAL
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?