z nějakého důvodu se mamce na flashce nedaří otevřít soubory, pc hlásí že jsou poškozené, tak prosím o kontrolu logu jestli nemám v pc nezvané návštěvníky
Logfile of random's system information tool 1.10 (written by random/random)
Run by Veronika at 2015-12-05 06:15:10
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 207 GB (83%) free of 250 GB
Total RAM: 3965 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:15:16, on 5.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Veronika.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2973147430-3371197934-2794310822-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2973147430-3371197934-2794310822-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8738 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\TiltWheelMouse.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
{36031825-DED1-45BE-969F-919DF4482C43}
{F56AFAF4-2211-489C-B323-46AB846ADCE3}
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-1fced53b-eacd-4387-bfce-b6aaf223f78c -SystemEventPortName:HostProcess-66aef9ad-91e5-4b8c-b2f9-76b66409aff0 -IoCancelEventPortName:HostProcess-dd8d880a-6ea4-41af-b2ac-e7fb842c8700 -NonStateChangingEventPortName:HostProcess-f5038c55-9db8-4302-8829-0ec25bd7e39d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:03a12f86-ef82-46b3-a242-6422d02f2706 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\sppsvc.exe
taskhost.exe $(Arg0)
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\Veronika\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ylndoqif.default
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.245 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.245 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-30 551520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-30 212576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-14 13671792]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-04-11 36352]
"MouseDriver"=C:\Windows\system32\TiltWheelMouse.exe [2012-12-19 241152]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-07-08 5595848]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-02-21 292848]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2013-04-04 532040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-12-05 06:15:10 ----D---- C:\rsit
2015-12-05 05:43:23 ----D---- C:\Users\Veronika\AppData\Roaming\Malwarebytes
2015-12-05 05:43:20 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-12-05 05:43:19 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-11-12 10:12:04 ----A---- C:\Windows\system32\win32k.sys
2015-11-11 19:02:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\wow64.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\winsrv.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\srcore.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\schannel.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\rstrui.exe
2015-11-11 19:02:53 ----A---- C:\Windows\system32\rpcrt4.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\ntdll.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\ncrypt.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\lsasrv.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\KernelBase.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\kernel32.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\kerberos.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\cng.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\conhost.exe
2015-11-11 19:02:53 ----A---- C:\Windows\system32\bcryptprimitives.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\user.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wow64win.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wow64cpu.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wdigest.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\TSpkg.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\sspisrv.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\sspicli.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\srclient.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\smss.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\secur32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\ntvdm64.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msv1_0.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msobjs.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msaudite.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\lsass.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\csrsrv.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\cryptbase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\credssp.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\auditpol.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\apisetschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\adtschema.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuwebv.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wups2.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wups.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wudriver.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wucltux.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuaueng.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuauclt.exe
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuapp.exe
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuapi.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-11-11 18:55:35 ----A---- C:\Windows\system32\drivers\tdx.sys
2015-11-11 18:55:35 ----A---- C:\Windows\system32\drivers\afd.sys
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\shimeng.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\sdbinst.exe
2015-11-11 18:55:32 ----A---- C:\Windows\system32\apphelp.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\aelupsvc.dll
2015-11-11 18:49:55 ----A---- C:\Windows\system32\drivers\ndis.sys
2015-11-11 18:49:52 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-11-11 18:49:52 ----A---- C:\Windows\system32\jnwmon.dll
2015-11-11 18:49:52 ----A---- C:\Windows\system32\InkEd.dll
2015-11-10 05:43:05 ----D---- C:\Program Files (x86)\Adobe
2015-11-07 14:27:56 ----D---- C:\Program Files\WinRAR
======List of files/folders modified in the last 1 month======
2015-12-05 06:15:15 ----D---- C:\Program Files\trend micro
2015-12-05 06:15:13 ----D---- C:\Windows\Temp
2015-12-05 05:47:47 ----D---- C:\Windows\System32
2015-12-05 05:47:47 ----D---- C:\Windows\inf
2015-12-05 05:47:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-05 05:44:10 ----D---- C:\Windows\Prefetch
2015-12-05 05:43:21 ----D---- C:\ProgramData\Malwarebytes
2015-12-05 05:43:20 ----D---- C:\Windows\system32\drivers
2015-12-05 05:43:19 ----RD---- C:\Program Files (x86)
2015-12-05 05:41:46 ----D---- C:\Windows\system32\config
2015-12-04 08:53:55 ----SHD---- C:\System Volume Information
2015-12-03 20:41:35 ----HD---- C:\ProgramData
2015-12-02 21:39:09 ----D---- C:\Windows\system32\DriverStore
2015-12-01 17:39:35 ----D---- C:\Users\Veronika\AppData\Roaming\PC Suite
2015-11-26 16:36:00 ----SHD---- C:\Windows\Installer
2015-11-26 16:35:42 ----D---- C:\Windows\SysWOW64
2015-11-12 16:44:05 ----D---- C:\Windows\winsxs
2015-11-12 12:17:43 ----D---- C:\Windows\rescache
2015-11-12 10:54:58 ----D---- C:\Windows\Microsoft.NET
2015-11-12 10:51:57 ----RSD---- C:\Windows\assembly
2015-11-12 09:58:38 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-11-12 09:58:38 ----D---- C:\Windows\system32\cs-CZ
2015-11-12 09:58:35 ----D---- C:\Windows\AppPatch
2015-11-12 09:58:33 ----D---- C:\Windows\system32\migration
2015-11-11 20:04:26 ----D---- C:\Windows\system32\MRT
2015-11-11 20:02:18 ----D---- C:\Windows\debug
2015-11-11 20:02:16 ----A---- C:\Windows\system32\MRT.exe
2015-11-11 19:58:44 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-11-11 19:57:36 ----D---- C:\Program Files\Windows Journal
2015-11-11 18:57:42 ----D---- C:\Windows\system32\catroot2
2015-11-11 18:39:58 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-11-10 05:43:42 ----D---- C:\Windows\system32\Tasks
2015-11-10 05:42:54 ----D---- C:\ProgramData\Adobe
2015-11-10 05:26:07 ----RSD---- C:\Windows\Fonts
2015-11-10 05:26:07 ----D---- C:\ProgramData\simplitec
2015-11-10 05:26:04 ----D---- C:\Windows\Tasks
2015-11-09 16:14:22 ----D---- C:\Windows
2015-11-07 14:27:56 ----RD---- C:\Program Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 72400]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-02-21 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-07-14 255240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-07-14 178520]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 53360]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-07-14 231520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-03-19 4888368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-14 3896920]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-03-31 450520]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-02-21 370672]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-02-21 791024]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-03-18 906968]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 t_mouse.sys;HID-compliand device; C:\Windows\system32\DRIVERS\t_mouse.sys [2012-12-19 6144]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-29 23200]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-07-08 1353720]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-04-11 16232]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-03-19 345864]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 878400]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2015-02-18 1258312]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11 269000]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-03-19 280840]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-29 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-11-03 147624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-07-30 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
kontrola logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Zdravím!
Flešku připojte a vyčistěte pomocí USBFix: http://forum.viry.cz/viewtopic.php?f=24&t=140144 .
Flešku připojte a vyčistěte pomocí USBFix: http://forum.viry.cz/viewtopic.php?f=24&t=140144 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
tak jsem provedla research a vyhodilo mi toto
############################## | UsbFix V 7.181 | [Research]
User: Veronika (Administrator) # VERONIKA-PC
Updated 31/08/2014 by El Desaparecido - SosVirus
Started at 18:12:00 | 06/12/2015
Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
################## | System information |
MB: Gigabyte Technology Co., Ltd. (H81M-S2V)
CPU: Intel(R) Pentium(R) CPU G3240 @ 3.10GHz
GC: Intel(R) HD Graphics
GC: NVIDIA GeForce 6600
RAM -> [Total : 3965 Mo | Free : 1546 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Mozilla Firefox : 42.0
################## | Security Information |
AV: ESET Smart Security 8.0 [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
AS: ESET Smart Security 8.0 [Enabled |Updated]
FW: ESET Personální firewall [Enabled]
AS: Malwarebytes Anti-Malware : 1.75.0001
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
################## | Disk Information |
C:\ (%SystemDrive%) -> Fixed disk # 244 Gb (201 Gb free - 82%) [] # NTFS
D:\ -> Fixed disk # 687 Gb (518 Gb free - 75%) [] # NTFS
F:\ -> Removable disk # 29 Gb (28 Gb free - 96%) [KINGSTON] # FAT32
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
04 - HKLM\..\Run : [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - [x64] HKLM\..\Run : [MouseDriver] TiltWheelMouse.exe
04 - [x64] HKLM\..\Run : [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2973147430-3371197934-2794310822-1000\..\Run : [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
04 - HKU\S-1-5-21-2973147430-3371197934-2794310822-1001\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-21-2973147430-3371197934-2794310822-1001\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Generic Research |
################## | Registry |
################## | UsbFix - Information |
Info : How to remove shortcut virus on flash disk (Video)
Info : Shortcut virus on flash disk, What is it ?
################## | Hijack |
################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |
############################## | UsbFix V 7.181 | [Research]
User: Veronika (Administrator) # VERONIKA-PC
Updated 31/08/2014 by El Desaparecido - SosVirus
Started at 18:12:00 | 06/12/2015
Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
################## | System information |
MB: Gigabyte Technology Co., Ltd. (H81M-S2V)
CPU: Intel(R) Pentium(R) CPU G3240 @ 3.10GHz
GC: Intel(R) HD Graphics
GC: NVIDIA GeForce 6600
RAM -> [Total : 3965 Mo | Free : 1546 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot
OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Internet Explorer : 11.00.9600.16428
WB: Mozilla Firefox : 42.0
################## | Security Information |
AV: ESET Smart Security 8.0 [Enabled |Updated]
AS: Windows Defender [Enabled |Updated]
AS: ESET Smart Security 8.0 [Enabled |Updated]
FW: ESET Personální firewall [Enabled]
AS: Malwarebytes Anti-Malware : 1.75.0001
FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
################## | Disk Information |
C:\ (%SystemDrive%) -> Fixed disk # 244 Gb (201 Gb free - 82%) [] # NTFS
D:\ -> Fixed disk # 687 Gb (518 Gb free - 75%) [] # NTFS
F:\ -> Removable disk # 29 Gb (28 Gb free - 96%) [KINGSTON] # FAT32
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
04 - HKLM\..\Run : [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - [x64] HKLM\..\Run : [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
04 - [x64] HKLM\..\Run : [MouseDriver] TiltWheelMouse.exe
04 - [x64] HKLM\..\Run : [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-21-2973147430-3371197934-2794310822-1000\..\Run : [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
04 - HKU\S-1-5-21-2973147430-3371197934-2794310822-1001\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
04 - HKU\S-1-5-21-2973147430-3371197934-2794310822-1001\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
################## | Generic Research |
################## | Registry |
################## | UsbFix - Information |
Info : How to remove shortcut virus on flash disk (Video)
Info : Shortcut virus on flash disk, What is it ?
################## | Hijack |
################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |
Re: kontrola logu
dají se poškozené soubory na flashce nějak opravit?
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Těžko říci. Musíme ještě vyčistit PC. Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
# AdwCleaner v5.024 - Logfile created 08/12/2015 at 17:50:47
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Veronika - VERONIKA-PC
# Running from : C:\Users\Veronika\Desktop\adwcleaner_5.024.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\simplitec
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\simplitec
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [779 bytes] ##########
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Veronika - VERONIKA-PC
# Running from : C:\Users\Veronika\Desktop\adwcleaner_5.024.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\simplitec
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\simplitec
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [779 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
Logfile of random's system information tool 1.10 (written by random/random)
Run by Veronika at 2015-12-08 20:36:00
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 203 GB (81%) free of 250 GB
Total RAM: 3965 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:01, on 8.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Veronika.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2973147430-3371197934-2794310822-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2973147430-3371197934-2794310822-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10229 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\TiltWheelMouse.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-8f204c3e-8d6e-4eaa-917d-b70439532208 -SystemEventPortName:HostProcess-c0f8f830-fc70-43a8-a814-bc536e87f081 -IoCancelEventPortName:HostProcess-3f47e17e-6c84-410f-b432-baa7a78485ee -NonStateChangingEventPortName:HostProcess-b5b50e47-fa36-4b29-af27-ad6d2923f9e0 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2f5be886-4469-4374-8555-f78319fbf381 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{6DA4D008-48F4-4CEB-A3DA-C709FC75D3DE}
{2C51CF3D-EF9E-4843-B860-F441DED77117}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\Users\Veronika\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ylndoqif.default
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.245 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.245 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-07 226984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-30 551520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-12-07 580312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-07 2166488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-30 212576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-12-07 161448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-12-07 403672]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-12-07 1512152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-14 13671792]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-04-11 36352]
"MouseDriver"=C:\Windows\system32\TiltWheelMouse.exe [2012-12-19 241152]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-07-08 5595848]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-02-21 292848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-12-08 17:50:02 ----D---- C:\AdwCleaner
2015-12-07 22:20:31 ----D---- C:\Program Files (x86)\Microsoft OneDrive
2015-12-07 22:20:19 ----D---- C:\ProgramData\Microsoft OneDrive
2015-12-07 20:18:42 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-12-07 19:43:24 ----D---- C:\Program Files\Microsoft Office 15
2015-12-06 18:11:49 ----D---- C:\UsbFix
2015-12-05 06:15:10 ----D---- C:\rsit
2015-12-05 05:43:23 ----D---- C:\Users\Veronika\AppData\Roaming\Malwarebytes
2015-11-13 14:52:12 ----A---- C:\Windows\system32\vcruntime140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\vccorlib140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\msvcp140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\concrt140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\vcruntime140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\vccorlib140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\msvcp140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\concrt140.dll
2015-11-12 10:12:04 ----A---- C:\Windows\system32\win32k.sys
2015-11-11 19:02:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\wow64.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\winsrv.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\srcore.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\schannel.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\rstrui.exe
2015-11-11 19:02:53 ----A---- C:\Windows\system32\rpcrt4.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\ntdll.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\ncrypt.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\lsasrv.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\KernelBase.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\kernel32.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\kerberos.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\cng.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\conhost.exe
2015-11-11 19:02:53 ----A---- C:\Windows\system32\bcryptprimitives.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\user.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wow64win.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wow64cpu.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wdigest.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\TSpkg.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\sspisrv.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\sspicli.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\srclient.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\smss.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\secur32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\ntvdm64.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msv1_0.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msobjs.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msaudite.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\lsass.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\csrsrv.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\cryptbase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\credssp.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\auditpol.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\apisetschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\adtschema.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuwebv.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wups2.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wups.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wudriver.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wucltux.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuaueng.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuauclt.exe
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuapp.exe
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuapi.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-11-11 18:55:35 ----A---- C:\Windows\system32\drivers\tdx.sys
2015-11-11 18:55:35 ----A---- C:\Windows\system32\drivers\afd.sys
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\shimeng.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\sdbinst.exe
2015-11-11 18:55:32 ----A---- C:\Windows\system32\apphelp.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\aelupsvc.dll
2015-11-11 18:49:55 ----A---- C:\Windows\system32\drivers\ndis.sys
2015-11-11 18:49:52 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-11-11 18:49:52 ----A---- C:\Windows\system32\jnwmon.dll
2015-11-11 18:49:52 ----A---- C:\Windows\system32\InkEd.dll
2015-11-10 05:43:05 ----D---- C:\Program Files (x86)\Adobe
======List of files/folders modified in the last 1 month======
2015-12-08 20:36:02 ----D---- C:\Windows\Prefetch
2015-12-08 20:36:00 ----D---- C:\Program Files\trend micro
2015-12-08 20:35:59 ----D---- C:\Windows\Temp
2015-12-08 18:35:32 ----D---- C:\Windows\system32\config
2015-12-08 17:57:50 ----D---- C:\Windows\System32
2015-12-08 17:57:50 ----D---- C:\Windows\inf
2015-12-08 17:57:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-08 17:50:47 ----HD---- C:\ProgramData
2015-12-08 08:18:07 ----SHD---- C:\System Volume Information
2015-12-08 05:59:02 ----D---- C:\Program Files (x86)\Microsoft Office
2015-12-08 05:54:58 ----D---- C:\ProgramData\Microsoft Help
2015-12-08 05:48:38 ----RSD---- C:\Windows\Fonts
2015-12-08 00:39:00 ----SD---- C:\Users\Veronika\AppData\Roaming\Microsoft
2015-12-07 22:23:31 ----D---- C:\Windows\Microsoft.NET
2015-12-07 22:22:55 ----RSD---- C:\Windows\assembly
2015-12-07 22:20:31 ----RD---- C:\Program Files (x86)
2015-12-07 22:20:17 ----D---- C:\Windows
2015-12-07 22:20:12 ----SHD---- C:\Windows\Installer
2015-12-07 22:20:12 ----D---- C:\Windows\SoftwareDistribution
2015-12-07 22:19:11 ----D---- C:\Windows\system32\DriverStore
2015-12-07 20:30:58 ----D---- C:\Windows\system32\drivers
2015-12-07 20:18:45 ----D---- C:\Windows\system32\Tasks
2015-12-07 20:18:42 ----D---- C:\Windows\SysWOW64
2015-12-07 20:18:41 ----SD---- C:\ProgramData\Microsoft
2015-12-07 20:18:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2015-12-07 19:43:24 ----RD---- C:\Program Files
2015-12-06 19:25:08 ----RD---- C:\Users
2015-12-05 05:43:21 ----D---- C:\ProgramData\Malwarebytes
2015-12-01 17:39:35 ----D---- C:\Users\Veronika\AppData\Roaming\PC Suite
2015-11-12 16:44:05 ----D---- C:\Windows\winsxs
2015-11-12 12:17:43 ----D---- C:\Windows\rescache
2015-11-12 09:58:38 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-11-12 09:58:38 ----D---- C:\Windows\system32\cs-CZ
2015-11-12 09:58:35 ----D---- C:\Windows\AppPatch
2015-11-12 09:58:33 ----D---- C:\Windows\system32\migration
2015-11-11 20:04:26 ----D---- C:\Windows\system32\MRT
2015-11-11 20:02:18 ----D---- C:\Windows\debug
2015-11-11 20:02:16 ----A---- C:\Windows\system32\MRT.exe
2015-11-11 19:58:44 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-11-11 19:57:36 ----D---- C:\Program Files\Windows Journal
2015-11-11 18:57:42 ----D---- C:\Windows\system32\catroot2
2015-11-11 18:39:58 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-11-10 05:42:54 ----D---- C:\ProgramData\Adobe
2015-11-10 05:26:04 ----D---- C:\Windows\Tasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 72400]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-02-21 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-07-14 255240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-07-14 178520]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 53360]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-07-14 231520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-03-19 4888368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-14 3896920]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-03-31 450520]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-02-21 370672]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-02-21 791024]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-03-18 906968]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 t_mouse.sys;HID-compliand device; C:\Windows\system32\DRIVERS\t_mouse.sys [2012-12-19 6144]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-29 23200]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2015-11-13 2875576]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-07-08 1353720]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-04-11 16232]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-03-19 345864]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 878400]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2015-02-18 1258312]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11 269000]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-03-19 280840]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-29 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-11-03 147624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-11-13 202928]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-11-11 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-07-30 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
-----------------EOF-----------------
Run by Veronika at 2015-12-08 20:36:00
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 203 GB (81%) free of 250 GB
Total RAM: 3965 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:36:01, on 8.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Veronika.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2973147430-3371197934-2794310822-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2973147430-3371197934-2794310822-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10229 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\TiltWheelMouse.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-8f204c3e-8d6e-4eaa-917d-b70439532208 -SystemEventPortName:HostProcess-c0f8f830-fc70-43a8-a814-bc536e87f081 -IoCancelEventPortName:HostProcess-3f47e17e-6c84-410f-b432-baa7a78485ee -NonStateChangingEventPortName:HostProcess-b5b50e47-fa36-4b29-af27-ad6d2923f9e0 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:2f5be886-4469-4374-8555-f78319fbf381 -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{6DA4D008-48F4-4CEB-A3DA-C709FC75D3DE}
{2C51CF3D-EF9E-4843-B860-F441DED77117}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
"C:\Users\Veronika\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ylndoqif.default
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.245 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 19.0.0.245 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-07 226984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-30 551520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-12-07 580312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-07 2166488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-30 212576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-12-07 161448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-12-07 403672]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-12-07 1512152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-14 13671792]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-04-11 36352]
"MouseDriver"=C:\Windows\system32\TiltWheelMouse.exe [2012-12-19 241152]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-07-08 5595848]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-02-21 292848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-12-08 17:50:02 ----D---- C:\AdwCleaner
2015-12-07 22:20:31 ----D---- C:\Program Files (x86)\Microsoft OneDrive
2015-12-07 22:20:19 ----D---- C:\ProgramData\Microsoft OneDrive
2015-12-07 20:18:42 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-12-07 19:43:24 ----D---- C:\Program Files\Microsoft Office 15
2015-12-06 18:11:49 ----D---- C:\UsbFix
2015-12-05 06:15:10 ----D---- C:\rsit
2015-12-05 05:43:23 ----D---- C:\Users\Veronika\AppData\Roaming\Malwarebytes
2015-11-13 14:52:12 ----A---- C:\Windows\system32\vcruntime140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\vccorlib140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\msvcp140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\concrt140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\vcruntime140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\vccorlib140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\msvcp140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\concrt140.dll
2015-11-12 10:12:04 ----A---- C:\Windows\system32\win32k.sys
2015-11-11 19:02:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\wow64.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\winsrv.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\srcore.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\schannel.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\rstrui.exe
2015-11-11 19:02:53 ----A---- C:\Windows\system32\rpcrt4.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\ntdll.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\ncrypt.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\lsasrv.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\KernelBase.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\kernel32.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\kerberos.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\cng.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\conhost.exe
2015-11-11 19:02:53 ----A---- C:\Windows\system32\bcryptprimitives.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\user.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wow64win.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wow64cpu.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wdigest.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\TSpkg.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\sspisrv.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\sspicli.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\srclient.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\smss.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\secur32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\ntvdm64.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msv1_0.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msobjs.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msaudite.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\lsass.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\csrsrv.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\cryptbase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\credssp.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\auditpol.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\apisetschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\adtschema.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuwebv.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wups2.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wups.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wudriver.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wucltux.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuaueng.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuauclt.exe
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuapp.exe
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuapi.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-11-11 18:55:35 ----A---- C:\Windows\system32\drivers\tdx.sys
2015-11-11 18:55:35 ----A---- C:\Windows\system32\drivers\afd.sys
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\shimeng.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\sdbinst.exe
2015-11-11 18:55:32 ----A---- C:\Windows\system32\apphelp.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\aelupsvc.dll
2015-11-11 18:49:55 ----A---- C:\Windows\system32\drivers\ndis.sys
2015-11-11 18:49:52 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-11-11 18:49:52 ----A---- C:\Windows\system32\jnwmon.dll
2015-11-11 18:49:52 ----A---- C:\Windows\system32\InkEd.dll
2015-11-10 05:43:05 ----D---- C:\Program Files (x86)\Adobe
======List of files/folders modified in the last 1 month======
2015-12-08 20:36:02 ----D---- C:\Windows\Prefetch
2015-12-08 20:36:00 ----D---- C:\Program Files\trend micro
2015-12-08 20:35:59 ----D---- C:\Windows\Temp
2015-12-08 18:35:32 ----D---- C:\Windows\system32\config
2015-12-08 17:57:50 ----D---- C:\Windows\System32
2015-12-08 17:57:50 ----D---- C:\Windows\inf
2015-12-08 17:57:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-08 17:50:47 ----HD---- C:\ProgramData
2015-12-08 08:18:07 ----SHD---- C:\System Volume Information
2015-12-08 05:59:02 ----D---- C:\Program Files (x86)\Microsoft Office
2015-12-08 05:54:58 ----D---- C:\ProgramData\Microsoft Help
2015-12-08 05:48:38 ----RSD---- C:\Windows\Fonts
2015-12-08 00:39:00 ----SD---- C:\Users\Veronika\AppData\Roaming\Microsoft
2015-12-07 22:23:31 ----D---- C:\Windows\Microsoft.NET
2015-12-07 22:22:55 ----RSD---- C:\Windows\assembly
2015-12-07 22:20:31 ----RD---- C:\Program Files (x86)
2015-12-07 22:20:17 ----D---- C:\Windows
2015-12-07 22:20:12 ----SHD---- C:\Windows\Installer
2015-12-07 22:20:12 ----D---- C:\Windows\SoftwareDistribution
2015-12-07 22:19:11 ----D---- C:\Windows\system32\DriverStore
2015-12-07 20:30:58 ----D---- C:\Windows\system32\drivers
2015-12-07 20:18:45 ----D---- C:\Windows\system32\Tasks
2015-12-07 20:18:42 ----D---- C:\Windows\SysWOW64
2015-12-07 20:18:41 ----SD---- C:\ProgramData\Microsoft
2015-12-07 20:18:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2015-12-07 19:43:24 ----RD---- C:\Program Files
2015-12-06 19:25:08 ----RD---- C:\Users
2015-12-05 05:43:21 ----D---- C:\ProgramData\Malwarebytes
2015-12-01 17:39:35 ----D---- C:\Users\Veronika\AppData\Roaming\PC Suite
2015-11-12 16:44:05 ----D---- C:\Windows\winsxs
2015-11-12 12:17:43 ----D---- C:\Windows\rescache
2015-11-12 09:58:38 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-11-12 09:58:38 ----D---- C:\Windows\system32\cs-CZ
2015-11-12 09:58:35 ----D---- C:\Windows\AppPatch
2015-11-12 09:58:33 ----D---- C:\Windows\system32\migration
2015-11-11 20:04:26 ----D---- C:\Windows\system32\MRT
2015-11-11 20:02:18 ----D---- C:\Windows\debug
2015-11-11 20:02:16 ----A---- C:\Windows\system32\MRT.exe
2015-11-11 19:58:44 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-11-11 19:57:36 ----D---- C:\Program Files\Windows Journal
2015-11-11 18:57:42 ----D---- C:\Windows\system32\catroot2
2015-11-11 18:39:58 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-11-10 05:42:54 ----D---- C:\ProgramData\Adobe
2015-11-10 05:26:04 ----D---- C:\Windows\Tasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 72400]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-02-21 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-07-14 255240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-07-14 178520]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 53360]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-07-14 231520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-03-19 4888368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-14 3896920]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-03-31 450520]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-02-21 370672]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-02-21 791024]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-03-18 906968]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 t_mouse.sys;HID-compliand device; C:\Windows\system32\DRIVERS\t_mouse.sys [2012-12-19 6144]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-29 23200]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2015-11-13 2875576]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-07-08 1353720]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-04-11 16232]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-03-19 345864]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 878400]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2015-02-18 1258312]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11 269000]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-03-19 280840]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-29 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-11-03 147624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-11-13 202928]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-11-11 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-07-30 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Veronika
->Temp folder emptied: 2559622 bytes
->Temporary Internet Files folder emptied: 1632643 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 370700096 bytes
->Flash cache emptied: 2119 bytes
User: Verča
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5845330 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 2899102 bytes
Total Files Cleaned = 366,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: UpdatusUser
User: Veronika
->Flash cache emptied: 0 bytes
User: Verča
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 12092015_210137
Files moved on Reboot...
C:\Users\Veronika\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Veronika\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File C:\Windows\temp\officeclicktorun.exe_streamserver(20151209195804738).log not found!
C:\Windows\temp\VERONIKA-PC-20151209-1958.log moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
Registry entries deleted on Reboot...
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Veronika
->Temp folder emptied: 2559622 bytes
->Temporary Internet Files folder emptied: 1632643 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 370700096 bytes
->Flash cache emptied: 2119 bytes
User: Verča
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5845330 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 2899102 bytes
Total Files Cleaned = 366,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: UpdatusUser
User: Veronika
->Flash cache emptied: 0 bytes
User: Verča
Total Flash Files Cleaned = 0,00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 12092015_210137
Files moved on Reboot...
C:\Users\Veronika\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Veronika\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File C:\Windows\temp\officeclicktorun.exe_streamserver(20151209195804738).log not found!
C:\Windows\temp\VERONIKA-PC-20151209-1958.log moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
Registry entries deleted on Reboot...
Re: kontrola logu
Logfile of random's system information tool 1.10 (written by random/random)
Run by Veronika at 2015-12-09 21:04:59
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 204 GB (82%) free of 250 GB
Total RAM: 3965 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:05:09, on 9.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Veronika.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9951 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-0c719365-94a9-4bc3-b71e-6569e93fbc1b -SystemEventPortName:HostProcess-e24d0fb4-efef-427f-a4cd-d5086f22e930 -IoCancelEventPortName:HostProcess-a7591c80-514a-4312-a6bc-afc59eb68303 -NonStateChangingEventPortName:HostProcess-1279a5ce-a0c0-48b5-a09f-ad13027e8f2b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5ee05809-9a00-4186-a36e-b138b02b56aa -DeviceGroupId:WpdFsGroup
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
taskeng.exe {5E28EFBA-013C-4483-920F-AF236741C867}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\12092015_210137.log
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
"C:\Windows\System32\TiltWheelMouse.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
{33111F5B-6CF4-4A74-ACB0-65FA44039F40}
{61104D39-BDC8-4882-9028-D962FE7A2216}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Veronika\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ylndoqif.default
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-07 226984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-30 551520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-12-07 580312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-07 2166488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-30 212576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-12-07 161448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-12-07 403672]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-12-07 1512152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-14 13671792]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-04-11 36352]
"MouseDriver"=C:\Windows\system32\TiltWheelMouse.exe [2012-12-19 241152]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-07-08 5595848]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-02-21 292848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-12-09 21:01:37 ----D---- C:\_OTM
2015-12-08 17:50:02 ----D---- C:\AdwCleaner
2015-12-07 22:20:31 ----D---- C:\Program Files (x86)\Microsoft OneDrive
2015-12-07 22:20:19 ----D---- C:\ProgramData\Microsoft OneDrive
2015-12-07 20:18:42 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-12-07 19:43:24 ----D---- C:\Program Files\Microsoft Office 15
2015-12-06 18:11:49 ----D---- C:\UsbFix
2015-12-05 06:15:10 ----D---- C:\rsit
2015-12-05 05:43:23 ----D---- C:\Users\Veronika\AppData\Roaming\Malwarebytes
2015-11-13 14:52:12 ----A---- C:\Windows\system32\vcruntime140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\vccorlib140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\msvcp140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\concrt140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\vcruntime140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\vccorlib140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\msvcp140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\concrt140.dll
2015-11-12 10:12:04 ----A---- C:\Windows\system32\win32k.sys
2015-11-11 19:02:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\wow64.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\winsrv.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\srcore.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\schannel.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\rstrui.exe
2015-11-11 19:02:53 ----A---- C:\Windows\system32\rpcrt4.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\ntdll.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\ncrypt.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\lsasrv.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\KernelBase.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\kernel32.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\kerberos.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\cng.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\conhost.exe
2015-11-11 19:02:53 ----A---- C:\Windows\system32\bcryptprimitives.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\user.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wow64win.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wow64cpu.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wdigest.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\TSpkg.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\sspisrv.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\sspicli.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\srclient.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\smss.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\secur32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\ntvdm64.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msv1_0.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msobjs.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msaudite.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\lsass.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\csrsrv.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\cryptbase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\credssp.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\auditpol.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\apisetschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\adtschema.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuwebv.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wups2.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wups.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wudriver.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wucltux.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuaueng.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuauclt.exe
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuapp.exe
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuapi.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-11-11 18:55:35 ----A---- C:\Windows\system32\drivers\tdx.sys
2015-11-11 18:55:35 ----A---- C:\Windows\system32\drivers\afd.sys
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\shimeng.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\sdbinst.exe
2015-11-11 18:55:32 ----A---- C:\Windows\system32\apphelp.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\aelupsvc.dll
2015-11-11 18:49:55 ----A---- C:\Windows\system32\drivers\ndis.sys
2015-11-11 18:49:52 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-11-11 18:49:52 ----A---- C:\Windows\system32\jnwmon.dll
2015-11-11 18:49:52 ----A---- C:\Windows\system32\InkEd.dll
2015-11-10 05:43:05 ----D---- C:\Program Files (x86)\Adobe
======List of files/folders modified in the last 1 month======
2015-12-09 21:05:08 ----D---- C:\Program Files\trend micro
2015-12-09 21:04:35 ----D---- C:\Windows\Prefetch
2015-12-09 21:04:17 ----D---- C:\Windows\Temp
2015-12-09 20:29:31 ----D---- C:\Windows\system32\catroot2
2015-12-09 20:28:15 ----D---- C:\Windows\winsxs
2015-12-09 20:04:02 ----D---- C:\Windows\System32
2015-12-09 20:04:02 ----D---- C:\Windows\inf
2015-12-09 20:04:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-09 19:58:57 ----D---- C:\Windows\system32\config
2015-12-09 19:57:53 ----D---- C:\Windows
2015-12-08 20:50:21 ----D---- C:\Windows\debug
2015-12-08 20:39:59 ----D---- C:\Windows\SysWOW64
2015-12-08 20:39:56 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-12-08 17:50:47 ----HD---- C:\ProgramData
2015-12-08 08:18:07 ----SHD---- C:\System Volume Information
2015-12-08 05:59:02 ----D---- C:\Program Files (x86)\Microsoft Office
2015-12-08 05:54:58 ----D---- C:\ProgramData\Microsoft Help
2015-12-08 05:48:38 ----RSD---- C:\Windows\Fonts
2015-12-08 00:39:00 ----SD---- C:\Users\Veronika\AppData\Roaming\Microsoft
2015-12-07 22:23:31 ----D---- C:\Windows\Microsoft.NET
2015-12-07 22:22:55 ----RSD---- C:\Windows\assembly
2015-12-07 22:20:31 ----RD---- C:\Program Files (x86)
2015-12-07 22:20:12 ----SHD---- C:\Windows\Installer
2015-12-07 22:20:12 ----D---- C:\Windows\SoftwareDistribution
2015-12-07 22:19:11 ----D---- C:\Windows\system32\DriverStore
2015-12-07 20:30:58 ----D---- C:\Windows\system32\drivers
2015-12-07 20:18:45 ----D---- C:\Windows\system32\Tasks
2015-12-07 20:18:41 ----SD---- C:\ProgramData\Microsoft
2015-12-07 20:18:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2015-12-07 19:43:24 ----RD---- C:\Program Files
2015-12-06 19:25:08 ----RD---- C:\Users
2015-12-05 05:43:21 ----D---- C:\ProgramData\Malwarebytes
2015-12-01 17:39:35 ----D---- C:\Users\Veronika\AppData\Roaming\PC Suite
2015-11-12 12:17:43 ----D---- C:\Windows\rescache
2015-11-12 09:58:38 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-11-12 09:58:38 ----D---- C:\Windows\system32\cs-CZ
2015-11-12 09:58:35 ----D---- C:\Windows\AppPatch
2015-11-12 09:58:33 ----D---- C:\Windows\system32\migration
2015-11-11 20:04:26 ----D---- C:\Windows\system32\MRT
2015-11-11 20:02:16 ----A---- C:\Windows\system32\MRT.exe
2015-11-11 19:58:44 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-11-11 19:57:36 ----D---- C:\Program Files\Windows Journal
2015-11-10 05:42:54 ----D---- C:\ProgramData\Adobe
2015-11-10 05:26:04 ----D---- C:\Windows\Tasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 72400]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-02-21 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-07-14 255240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-07-14 178520]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 53360]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-07-14 231520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-03-19 4888368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-14 3896920]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-03-31 450520]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-02-21 370672]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-02-21 791024]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-03-18 906968]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 t_mouse.sys;HID-compliand device; C:\Windows\system32\DRIVERS\t_mouse.sys [2012-12-19 6144]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-29 23200]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2015-11-13 2875576]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-07-08 1353720]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-03-19 345864]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 878400]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-04-11 16232]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2015-02-18 1258312]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08 269504]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-03-19 280840]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-29 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-11-03 147624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-11-13 202928]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-11-11 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-07-30 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
-----------------EOF-----------------
Run by Veronika at 2015-12-09 21:04:59
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 204 GB (82%) free of 250 GB
Total RAM: 3965 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:05:09, on 9.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Veronika.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9951 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\igfxCUIService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-0c719365-94a9-4bc3-b71e-6569e93fbc1b -SystemEventPortName:HostProcess-e24d0fb4-efef-427f-a4cd-d5086f22e930 -IoCancelEventPortName:HostProcess-a7591c80-514a-4312-a6bc-afc59eb68303 -NonStateChangingEventPortName:HostProcess-1279a5ce-a0c0-48b5-a09f-ad13027e8f2b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5ee05809-9a00-4186-a36e-b138b02b56aa -DeviceGroupId:WpdFsGroup
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
taskeng.exe {5E28EFBA-013C-4483-920F-AF236741C867}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\12092015_210137.log
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
"C:\Windows\System32\TiltWheelMouse.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
{33111F5B-6CF4-4A74-ACB0-65FA44039F40}
{61104D39-BDC8-4882-9028-D962FE7A2216}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Veronika\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Veronika\AppData\Roaming\Mozilla\Firefox\Profiles\ylndoqif.default
prefs.js - "browser.startup.homepage" - "https://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.235 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.235 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_51\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-07 226984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll [2015-07-30 551520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2015-12-07 580312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-07 2166488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-07-30 212576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2015-12-07 161448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2015-12-07 403672]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2015-12-07 1512152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-14 13671792]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2014-04-11 36352]
"MouseDriver"=C:\Windows\system32\TiltWheelMouse.exe [2012-12-19 241152]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2015-07-08 5595848]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-02-21 292848]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-26 2210608]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-12-09 21:01:37 ----D---- C:\_OTM
2015-12-08 17:50:02 ----D---- C:\AdwCleaner
2015-12-07 22:20:31 ----D---- C:\Program Files (x86)\Microsoft OneDrive
2015-12-07 22:20:19 ----D---- C:\ProgramData\Microsoft OneDrive
2015-12-07 20:18:42 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2015-12-07 19:43:24 ----D---- C:\Program Files\Microsoft Office 15
2015-12-06 18:11:49 ----D---- C:\UsbFix
2015-12-05 06:15:10 ----D---- C:\rsit
2015-12-05 05:43:23 ----D---- C:\Users\Veronika\AppData\Roaming\Malwarebytes
2015-11-13 14:52:12 ----A---- C:\Windows\system32\vcruntime140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\vccorlib140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\msvcp140.dll
2015-11-13 14:52:12 ----A---- C:\Windows\system32\concrt140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\vcruntime140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\vccorlib140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\msvcp140.dll
2015-11-13 12:59:42 ----A---- C:\Windows\SYSWOW64\concrt140.dll
2015-11-12 10:12:04 ----A---- C:\Windows\system32\win32k.sys
2015-11-11 19:02:54 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-11-11 19:02:53 ----A---- C:\Windows\SYSWOW64\bcryptprimitives.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\wow64.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\winsrv.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\srcore.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\schannel.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\rstrui.exe
2015-11-11 19:02:53 ----A---- C:\Windows\system32\rpcrt4.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\ntdll.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\ncrypt.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\lsasrv.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\KernelBase.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\kernel32.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\kerberos.dll
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\drivers\cng.sys
2015-11-11 19:02:53 ----A---- C:\Windows\system32\conhost.exe
2015-11-11 19:02:53 ----A---- C:\Windows\system32\bcryptprimitives.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 19:02:52 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\wow32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\user.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\setup16.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\instnm.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\cryptbase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wow64win.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wow64cpu.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\wdigest.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\TSpkg.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\sspisrv.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\sspicli.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\srclient.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\smss.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\secur32.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\ntvdm64.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msv1_0.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msobjs.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\msaudite.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\lsass.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2015-11-11 19:02:52 ----A---- C:\Windows\system32\csrsrv.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\cryptbase.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\credssp.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\auditpol.exe
2015-11-11 19:02:52 ----A---- C:\Windows\system32\apisetschema.dll
2015-11-11 19:02:52 ----A---- C:\Windows\system32\adtschema.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-11-11 18:58:16 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuwebv.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wups2.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wups.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wudriver.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wucltux.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuaueng.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuauclt.exe
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuapp.exe
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wuapi.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 18:58:16 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-11-11 18:55:35 ----A---- C:\Windows\system32\drivers\tdx.sys
2015-11-11 18:55:35 ----A---- C:\Windows\system32\drivers\afd.sys
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\shimeng.dll
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\sdbinst.exe
2015-11-11 18:55:32 ----A---- C:\Windows\SYSWOW64\apphelp.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\shimeng.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\sdbinst.exe
2015-11-11 18:55:32 ----A---- C:\Windows\system32\apphelp.dll
2015-11-11 18:55:32 ----A---- C:\Windows\system32\aelupsvc.dll
2015-11-11 18:49:55 ----A---- C:\Windows\system32\drivers\ndis.sys
2015-11-11 18:49:52 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-11-11 18:49:52 ----A---- C:\Windows\system32\jnwmon.dll
2015-11-11 18:49:52 ----A---- C:\Windows\system32\InkEd.dll
2015-11-10 05:43:05 ----D---- C:\Program Files (x86)\Adobe
======List of files/folders modified in the last 1 month======
2015-12-09 21:05:08 ----D---- C:\Program Files\trend micro
2015-12-09 21:04:35 ----D---- C:\Windows\Prefetch
2015-12-09 21:04:17 ----D---- C:\Windows\Temp
2015-12-09 20:29:31 ----D---- C:\Windows\system32\catroot2
2015-12-09 20:28:15 ----D---- C:\Windows\winsxs
2015-12-09 20:04:02 ----D---- C:\Windows\System32
2015-12-09 20:04:02 ----D---- C:\Windows\inf
2015-12-09 20:04:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-09 19:58:57 ----D---- C:\Windows\system32\config
2015-12-09 19:57:53 ----D---- C:\Windows
2015-12-08 20:50:21 ----D---- C:\Windows\debug
2015-12-08 20:39:59 ----D---- C:\Windows\SysWOW64
2015-12-08 20:39:56 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-12-08 17:50:47 ----HD---- C:\ProgramData
2015-12-08 08:18:07 ----SHD---- C:\System Volume Information
2015-12-08 05:59:02 ----D---- C:\Program Files (x86)\Microsoft Office
2015-12-08 05:54:58 ----D---- C:\ProgramData\Microsoft Help
2015-12-08 05:48:38 ----RSD---- C:\Windows\Fonts
2015-12-08 00:39:00 ----SD---- C:\Users\Veronika\AppData\Roaming\Microsoft
2015-12-07 22:23:31 ----D---- C:\Windows\Microsoft.NET
2015-12-07 22:22:55 ----RSD---- C:\Windows\assembly
2015-12-07 22:20:31 ----RD---- C:\Program Files (x86)
2015-12-07 22:20:12 ----SHD---- C:\Windows\Installer
2015-12-07 22:20:12 ----D---- C:\Windows\SoftwareDistribution
2015-12-07 22:19:11 ----D---- C:\Windows\system32\DriverStore
2015-12-07 20:30:58 ----D---- C:\Windows\system32\drivers
2015-12-07 20:18:45 ----D---- C:\Windows\system32\Tasks
2015-12-07 20:18:41 ----SD---- C:\ProgramData\Microsoft
2015-12-07 20:18:41 ----D---- C:\Program Files\Common Files\Microsoft Shared
2015-12-07 19:43:24 ----RD---- C:\Program Files
2015-12-06 19:25:08 ----RD---- C:\Users
2015-12-05 05:43:21 ----D---- C:\ProgramData\Malwarebytes
2015-12-01 17:39:35 ----D---- C:\Users\Veronika\AppData\Roaming\PC Suite
2015-11-12 12:17:43 ----D---- C:\Windows\rescache
2015-11-12 09:58:38 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-11-12 09:58:38 ----D---- C:\Windows\system32\cs-CZ
2015-11-12 09:58:35 ----D---- C:\Windows\AppPatch
2015-11-12 09:58:33 ----D---- C:\Windows\system32\migration
2015-11-11 20:04:26 ----D---- C:\Windows\system32\MRT
2015-11-11 20:02:16 ----A---- C:\Windows\system32\MRT.exe
2015-11-11 19:58:44 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-11-11 19:57:36 ----D---- C:\Program Files\Windows Journal
2015-11-10 05:42:54 ----D---- C:\ProgramData\Adobe
2015-11-10 05:26:04 ----D---- C:\Windows\Tasks
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2015-07-14 72400]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-02-21 20464]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2015-07-14 255240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2015-07-14 178520]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2015-07-14 53360]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2015-07-14 231520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-03-19 4888368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-14 3896920]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2014-03-31 450520]
R3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-02-21 370672]
R3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-02-21 791024]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-16 99288]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2014-03-18 906968]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 t_mouse.sys;HID-compliand device; C:\Windows\system32\DRIVERS\t_mouse.sys [2012-12-19 6144]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2015-04-29 23200]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-10-28 82128]
R2 ClickToRunSvc;Služba Microsoft Office Klikni a spusť; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2015-11-13 2875576]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2015-07-08 1353720]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-03-19 345864]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-01-31 878400]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-04-11 16232]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-16 169432]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-16 390616]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2015-02-18 1258312]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-08 269504]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-03-19 280840]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-07-29 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-11-03 147624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-11-13 202928]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-11-11 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-07-30 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
-----------------EOF-----------------
Re: kontrola logu
PC se mi zdá zpomalené, na provedení nějakého kroku musím chvíli čekat. Nemůže to být tím, že mám nainstolovány dva office? /tatínek se mi dostal k pc a nainstaloval office 2016,ale ty předchozí tam nechal - k pc, než se dokončí čištění, nesmí 
/
/-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
Nemělo by, zvláště pokud nejsou obě verze spuštěny současně. Udělejte ještě kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: kontrola logu
MBam nic nenašel, ale log nevyskočil
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: kontrola logu
A jak to vypadá s tou fleškou?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?