Logfile of random's system information tool 1.10 (written by random/random)
Run by PC at 2015-12-27 12:32:52
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 54 GB (36%) free of 150 GB
Total RAM: 8154 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:32:55, on 27.12.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\PC\AppData\Roaming\ProxyGate\Cloud.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe
C:\Program Files\trend micro\PC.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [ProxyGate] C:\Users\PC\AppData\Roaming\ProxyGate\MainService.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE /FU "C:\Windows\TEMP\E_SA8BE.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series (kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE /FU "C:\Windows\TEMP\E_SD2C0.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8165 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {59B356BE-9874-4BBF-8118-29A5F1941999}
"C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
"C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe" /s
"C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
"C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Windows\System32\spool\drivers\x64\3\E_IATICDA.EXE" /FU "C:\Windows\TEMP\E_SA8BE.tmp" /EF "HKCU"
"C:\Windows\System32\spool\drivers\x64\3\E_IATICDA.EXE" /FU "C:\Windows\TEMP\E_SD2C0.tmp" /EF "HKCU"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Users\PC\AppData\Roaming\ProxyGate\Cloud.exe" {C1375D9A-FBD1-4AB8-9110-9BAA8732395A}
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
"C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" a337cf4f-11e5-4568-b026-e309783a4d01
\??\C:\Windows\system32\conhost.exe "885138664-8632963341741930409-3247390418036276449708174029674896321287663387
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe" serviceapp
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
\??\C:\Windows\system32\conhost.exe "-412210587-2041979827-1287843121-1792260826-1253978974-267184398330079931-292117879
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe" --type=gpu-process --channel="4736.0.533868670\687636546" --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,16,29,57,67 --gpu-vendor-id=0x10de --gpu-device-id=0x1086 --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.5891 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4736.2.162167606\491423837" /prefetch:673131151
"C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4736.3.1169008062\444189688" /prefetch:673131151
"C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4736.4.569326560\1242269662" /prefetch:673131151
C:\Windows\servicing\TrustedInstaller.exe
taskeng.exe {814766DD-EE82-41DE-B380-EA9121A3506C}
"C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4736.41.1031498011\632703834" /prefetch:673131151
"C:\Program Files (x86)\Opera\34.0.2036.39\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --enable-proprietary-codecs-support-for-web-audio-api --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="4736.45.470831027\1644178949" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"C:\Users\PC\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_228_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-25 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-25 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2015-10-12 2655520]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2015-10-12 1710752]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite Automount"=C:\Program Files\DAEMON Tools Lite\DTAgent.exe [2015-06-18 4468056]
"ProxyGate"=C:\Users\PC\AppData\Roaming\ProxyGate\MainService.exe [2015-04-01 1143248]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-10-19 8551848]
"EPSON Stylus CX7400 Series"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE [2007-02-15 209408]
"EPSON Stylus CX7400 Series (kopie 1)"=C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDA.EXE [2007-02-15 209408]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2015-07-27 311616]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-12-27 12:32:52 ----D---- C:\rsit
2015-12-27 12:32:52 ----D---- C:\Program Files\trend micro
2015-12-21 10:47:20 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\PICSDK2.dll
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\PICSDK.ini
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\PICSDK.dll
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\PICEntry.dll
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EpPicPrt.dll
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPrinterDB.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_PT.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_FR.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_ES.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_EN.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_CF.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPresetData_BP.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPattern6.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPattern5.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPattern4.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPattern3.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPattern2.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPattern131.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPattern121.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EPPICPattern1.dat
2015-12-19 16:46:48 ----A---- C:\Windows\SYSWOW64\EpPicMgr.dll
2015-12-19 16:46:47 ----D---- C:\Users\PC\AppData\Roaming\InstallShield
2015-12-19 16:25:27 ----D---- C:\Program Files\EPSON
2015-12-19 16:25:09 ----D---- C:\Program Files (x86)\epson
2015-12-19 16:25:09 ----A---- C:\Windows\system32\esxcwiad.dll
2015-12-19 16:23:50 ----D---- C:\Program Files (x86)\Epson Software
2015-12-19 15:25:07 ----D---- C:\Users\PC\AppData\Roaming\EPSON
2015-12-19 15:24:33 ----D---- C:\ProgramData\EPSON
2015-12-19 15:24:32 ----D---- C:\ProgramData\UDL
2015-12-08 20:22:12 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-12-08 20:22:12 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-12-08 20:22:12 ----A---- C:\Windows\system32\iertutil.dll
2015-12-08 20:22:11 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-12-08 20:22:11 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-12-08 20:22:11 ----A---- C:\Windows\SYSWOW64\occache.dll
2015-12-08 20:22:11 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-12-08 20:22:11 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-12-08 20:22:11 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-12-08 20:22:11 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-12-08 20:22:11 ----A---- C:\Windows\system32\iernonce.dll
2015-12-08 20:22:11 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-12-08 20:22:11 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-12-08 20:22:11 ----A---- C:\Windows\system32\ie4uinit.exe
2015-12-08 20:22:10 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-12-08 20:22:10 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-12-08 20:22:10 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-12-08 20:22:10 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-12-08 20:22:10 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-12-08 20:22:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-12-08 20:22:09 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-12-08 20:22:09 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-12-08 20:22:09 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-12-08 20:22:09 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-12-08 20:22:09 ----A---- C:\Windows\system32\urlmon.dll
2015-12-08 20:22:09 ----A---- C:\Windows\system32\occache.dll
2015-12-08 20:22:09 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-12-08 20:22:09 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-12-08 20:22:09 ----A---- C:\Windows\system32\iedkcs32.dll
2015-12-08 20:22:08 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-12-08 20:22:08 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-12-08 20:22:08 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-12-08 20:22:08 ----A---- C:\Windows\system32\msfeeds.dll
2015-12-08 20:22:08 ----A---- C:\Windows\system32\iesetup.dll
2015-12-08 20:22:08 ----A---- C:\Windows\system32\ieapfltr.dll
2015-12-08 20:22:08 ----A---- C:\Windows\system32\dxtrans.dll
2015-12-08 20:22:07 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-12-08 20:22:07 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-12-08 20:22:07 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-12-08 20:22:07 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-12-08 20:22:07 ----A---- C:\Windows\system32\vbscript.dll
2015-12-08 20:22:06 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-12-08 20:22:06 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-12-08 20:22:06 ----A---- C:\Windows\system32\jsproxy.dll
2015-12-08 20:22:06 ----A---- C:\Windows\system32\ieui.dll
2015-12-08 20:22:06 ----A---- C:\Windows\system32\ieframe.dll
2015-12-08 20:22:06 ----A---- C:\Windows\system32\dxtmsft.dll
2015-12-08 20:22:05 ----A---- C:\Windows\system32\webcheck.dll
2015-12-08 20:22:05 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-12-08 20:22:05 ----A---- C:\Windows\system32\mshtmled.dll
2015-12-08 20:22:05 ----A---- C:\Windows\system32\jscript9diag.dll
2015-12-08 20:22:05 ----A---- C:\Windows\system32\jscript.dll
2015-12-08 20:22:05 ----A---- C:\Windows\system32\ieUnatt.exe
2015-12-08 20:22:04 ----A---- C:\Windows\system32\wininet.dll
2015-12-08 20:22:04 ----A---- C:\Windows\system32\msrating.dll
2015-12-08 20:22:04 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-12-08 20:22:04 ----A---- C:\Windows\system32\jscript9.dll
2015-12-08 20:22:03 ----A---- C:\Windows\system32\mshtml.dll
2015-12-08 20:21:29 ----A---- C:\Windows\SYSWOW64\tzres.dll
2015-12-08 20:21:29 ----A---- C:\Windows\system32\tzres.dll
2015-12-08 20:21:27 ----A---- C:\Windows\SYSWOW64\usp10.dll
2015-12-08 20:21:27 ----A---- C:\Windows\system32\usp10.dll
2015-12-08 20:21:26 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-12-08 20:21:26 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-12-08 20:21:26 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-12-08 20:21:26 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-12-08 20:21:26 ----A---- C:\Windows\system32\wuwebv.dll
2015-12-08 20:21:26 ----A---- C:\Windows\system32\wups2.dll
2015-12-08 20:21:26 ----A---- C:\Windows\system32\wudriver.dll
2015-12-08 20:21:26 ----A---- C:\Windows\system32\wucltux.dll
2015-12-08 20:21:26 ----A---- C:\Windows\system32\wuaueng.dll
2015-12-08 20:21:26 ----A---- C:\Windows\system32\wuauclt.exe
2015-12-08 20:21:26 ----A---- C:\Windows\system32\wuapi.dll
2015-12-08 20:21:26 ----A---- C:\Windows\system32\WinSetupUI.dll
2015-12-08 20:21:25 ----A---- C:\Windows\SYSWOW64\wups.dll
2015-12-08 20:21:25 ----A---- C:\Windows\system32\wups.dll
2015-12-08 20:21:25 ----A---- C:\Windows\system32\wuapp.exe
2015-12-08 20:21:25 ----A---- C:\Windows\system32\wu.upgrade.ps.dll
2015-12-08 20:21:23 ----A---- C:\Windows\SYSWOW64\nlsbres.dll
2015-12-08 20:21:23 ----A---- C:\Windows\SYSWOW64\KBDAZE.DLL
2015-12-08 20:21:23 ----A---- C:\Windows\system32\nlsbres.dll
2015-12-08 20:21:22 ----A---- C:\Windows\SYSWOW64\kbdgeoqw.dll
2015-12-08 20:21:22 ----A---- C:\Windows\SYSWOW64\KBDAZEL.DLL
2015-12-08 20:21:22 ----A---- C:\Windows\system32\kbdgeoqw.dll
2015-12-08 20:21:22 ----A---- C:\Windows\system32\KBDAZEL.DLL
2015-12-08 20:21:22 ----A---- C:\Windows\system32\KBDAZE.DLL
2015-12-08 20:21:20 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2015-12-08 20:21:20 ----A---- C:\Windows\system32\win32k.sys
2015-12-08 20:21:20 ----A---- C:\Windows\system32\user32.dll
2015-12-08 20:21:20 ----A---- C:\Windows\system32\FntCache.dll
2015-12-08 20:21:20 ----A---- C:\Windows\system32\DWrite.dll
2015-12-08 20:21:19 ----A---- C:\Windows\SYSWOW64\user32.dll
2015-12-08 20:21:17 ----A---- C:\Windows\SYSWOW64\wshrm.dll
2015-12-08 20:21:17 ----A---- C:\Windows\system32\wshrm.dll
2015-12-08 20:21:17 ----A---- C:\Windows\system32\drivers\rmcast.sys
2015-12-08 20:21:17 ----A---- C:\Windows\system32\comsvcs.dll
2015-12-08 20:21:17 ----A---- C:\Windows\system32\catsrvut.dll
2015-12-08 20:21:16 ----A---- C:\Windows\SYSWOW64\comsvcs.dll
2015-12-08 20:21:16 ----A---- C:\Windows\SYSWOW64\catsrvut.dll
2015-12-08 20:16:41 ----A---- C:\Windows\SYSWOW64\els.dll
2015-12-08 20:16:41 ----A---- C:\Windows\system32\els.dll
2015-12-06 20:14:55 ----D---- C:\Program Files (x86)\by Decepticon
2015-12-05 17:11:59 ----D---- C:\Program Files (x86)\Coffee Stain Studios
2015-12-05 17:01:41 ----D---- C:\Users\PC\AppData\Roaming\Wolfenstein
2015-12-05 17:01:08 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2015-12-05 17:01:08 ----A---- C:\Windows\system32\D3DX9_39.dll
2015-12-02 17:06:36 ----A---- C:\Windows\SYSWOW64\XAudio2_7.dll
2015-12-02 17:06:36 ----A---- C:\Windows\SYSWOW64\XAPOFX1_5.dll
2015-12-02 17:06:36 ----A---- C:\Windows\system32\XAudio2_7.dll
2015-12-02 17:06:36 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2015-12-02 17:06:34 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2015-12-02 17:06:34 ----A---- C:\Windows\system32\xinput1_3.dll
2015-11-30 20:36:38 ----D---- C:\ProgramData\Codemasters
======List of files/folders modified in the last 1 month======
2015-12-27 12:32:56 ----D---- C:\Windows\Prefetch
2015-12-27 12:32:52 ----RD---- C:\Program Files
2015-12-27 12:32:51 ----D---- C:\Windows\Temp
2015-12-27 12:18:07 ----D---- C:\Windows\System32
2015-12-27 12:18:07 ----D---- C:\Windows\inf
2015-12-27 12:18:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-12-27 12:14:15 ----D---- C:\Windows\system32\config
2015-12-27 12:12:35 ----D---- C:\Program Files (x86)\MSI Afterburner
2015-12-27 12:10:08 ----D---- C:\ProgramData\NVIDIA
2015-12-26 23:23:41 ----D---- C:\Windows\system32\Tasks
2015-12-26 23:23:40 ----D---- C:\Users\PC\AppData\Roaming\uTorrent
2015-12-25 18:16:07 ----D---- C:\Users\PC\AppData\Roaming\MediaMonkey
2015-12-25 16:01:25 ----SHD---- C:\System Volume Information
2015-12-22 15:39:27 ----D---- C:\Windows\SysWOW64
2015-12-22 15:35:21 ----D---- C:\Windows\system32\DriverStore
2015-12-21 12:14:11 ----D---- C:\Windows\SYSWOW64\directx
2015-12-21 10:47:22 ----D---- C:\Windows\Tasks
2015-12-19 16:46:48 ----HD---- C:\ProgramData
2015-12-19 16:25:09 ----RD---- C:\Program Files (x86)
2015-12-19 16:25:09 ----D---- C:\Windows\twain_32
2015-12-19 16:24:19 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-12-19 16:23:39 ----D---- C:\Windows
2015-12-19 16:23:35 ----SHD---- C:\Windows\Installer
2015-12-18 19:35:02 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2015-12-18 19:33:48 ----D---- C:\Windows\winsxs
2015-12-18 19:33:45 ----SD---- C:\Windows\SYSWOW64\GWX
2015-12-18 19:33:45 ----SD---- C:\Windows\system32\GWX
2015-12-18 18:18:02 ----SD---- C:\Users\PC\AppData\Roaming\Microsoft
2015-12-18 16:47:46 ----D---- C:\Program Files (x86)\Opera
2015-12-10 21:07:44 ----D---- C:\Windows\rescache
2015-12-10 17:21:10 ----D---- C:\Windows\Microsoft.NET
2015-12-10 17:20:57 ----RSD---- C:\Windows\assembly
2015-12-10 14:58:33 ----D---- C:\Program Files\Microsoft Silverlight
2015-12-10 14:58:32 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 22:41:43 ----RSD---- C:\Windows\Fonts
2015-12-09 22:41:43 ----D---- C:\Windows\SYSWOW64\en-US
2015-12-09 22:41:43 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-12-09 22:41:43 ----D---- C:\Windows\system32\drivers
2015-12-09 22:41:43 ----D---- C:\Windows\system32\cs-CZ
2015-12-09 22:41:43 ----D---- C:\Windows\ehome
2015-12-09 22:41:43 ----D---- C:\Program Files\Internet Explorer
2015-12-09 22:41:42 ----D---- C:\Windows\system32\en-US
2015-12-09 22:41:42 ----D---- C:\Program Files (x86)\Internet Explorer
2015-12-09 14:57:07 ----D---- C:\Windows\system32\MRT
2015-12-09 14:53:23 ----D---- C:\Windows\debug
2015-12-09 14:53:10 ----A---- C:\Windows\system32\MRT.exe
2015-12-09 04:39:31 ----N---- C:\Windows\system32\MpSigStub.exe
2015-12-08 20:12:44 ----D---- C:\Windows\system32\catroot2
2015-12-06 15:42:36 ----D---- C:\games
2015-12-05 16:44:13 ----D---- C:\Program Files (x86)\R.G. Mechanics
2015-12-05 16:19:38 ----D---- C:\Program Files (x86)\Rockstar Games
2015-12-01 19:00:51 ----D---- C:\Counter-Strike 1.6
2015-12-01 19:00:44 ----D---- C:\Users\PC\AppData\Roaming\NVIDIA
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2015-05-19 213848]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2012-08-22 15232]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2015-05-19 516096]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2015-05-19 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2015-05-19 360688]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2013-08-16 140032]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2013-08-16 424192]
R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\system32\DRIVERS\dtlitescsibus.sys [2015-10-24 30264]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-11-05 205456]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-10-12 20768]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-08-11 50472]
R3 RTCore64;RTCore64; \??\C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2015-05-27 13536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 rzudd;Razer Keyboard Driver; C:\Windows\system32\DRIVERS\rzudd.sys [2015-09-03 201424]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2015-05-19 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2015-05-19 95232]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2015-05-21 110720]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2015-05-19 166400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2015-05-21 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2015-05-21 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2015-05-21 161280]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2015-05-21 127488]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2015-05-21 18944]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2015-05-21 161280]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2015-05-21 206080]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudserd.sys [2015-05-21 206080]
S3 stornvme;stornvme; C:\Windows\system32\drivers\stornvme.sys [2015-05-19 50616]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 29696]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2015-05-19 42496]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2015-05-19 42496]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-13 73984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 asComSvc;ASUS Com Service; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [2015-11-17 920736]
R2 asHmComSvc;ASUS HM Com Service; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2015-11-17 951936]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2015-05-19 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2015-05-19 27136]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-10-12 1156384]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-10-12 1873696]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2015-10-12 5568288]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-11-05 938616]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [2015-05-21 743688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-11-05 417584]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-06-18 1268568]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-21 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2015-05-19 27136]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-18 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-11-08 114688]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2015-09-19 2057736]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2015-05-19 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2015-05-19 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2015-05-18 1255736]
S3 WiaRpc;@%SystemRoot%\system32\wiarpc.dll,-2; C:\Windows\system32\svchost.exe [2015-05-19 27136]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-11 139944]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu
Zdravím, stáhni a ulož na plochu AdwCleaner,
ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po dokončení skenu klikni na Clean,
proběhne restart PC kdy dojde ke smazání nepořádku.
Po té mi sem zkopíruj Report.
Pak použij Mbam z mého podpisu a dej mi sem z něj log po smazání.
ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,
objeví se okno kde vlevo nahoře klikni na Scan.
Po dokončení skenu klikni na Clean,
proběhne restart PC kdy dojde ke smazání nepořádku.
Po té mi sem zkopíruj Report.
Pak použij Mbam z mého podpisu a dej mi sem z něj log po smazání.
Re: Prosím o kontrolu
# AdwCleaner v5.026 - Logfile created 29/12/2015 at 10:39:29
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : PC - PC-PC
# Running from : C:\Users\PC\Desktop\adwcleaner_5.026.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\Users\PC\AppData\Roaming\tencent
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : LaunchPreSignup
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1307 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 29.12.2015
Čas skenování: 10:44
Protokol: mbam log.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2015.12.29.02
Databáze rootkitů: v2015.12.26.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: PC
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 322993
Uplynulý čas: 8 min, 53 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 1
PUP.Optional.GoldClick, HKU\S-1-5-21-494490919-3553389126-219020364-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ProxyGate, C:\Users\PC\AppData\Roaming\ProxyGate\MainService.exe, , [f6e075352a6173c3738d446b3cc5d32d]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 5
PUP.Optional.GoldClick, C:\Users\PC\AppData\Roaming\ProxyGate\MainService.exe, , [f6e075352a6173c3738d446b3cc5d32d],
PUP.Optional.GoldClick, C:\Users\PC\AppData\Roaming\ProxyGate\ProxyGate.exe, , [f8de4763355659ddd32dd1de1fe2eb15],
PUP.Optional.GoldClick, C:\Users\PC\AppData\Roaming\ProxyGate\ProxyUPD.exe, , [a333ebbf444789adc53bbaf5a25fe818],
PUP.Optional.GoldClick, C:\Users\PC\AppData\Roaming\ProxyGate\Socket.exe, , [9442694135560a2c32cec5eaa160f40c],
Trojan.ModUPX, C:\Users\PC\AppData\Local\Temp\is-E68PF.tmp\work\run.exe, , [5c7ad8d22467a39354db94a4f50c2dd3],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Návod na Mbam je na starší verzi, tak snad je to správně
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : PC - PC-PC
# Running from : C:\Users\PC\Desktop\adwcleaner_5.026.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\myfree codec
[-] Folder Deleted : C:\Users\PC\AppData\Roaming\tencent
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : LaunchPreSignup
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1307 bytes] ##########
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 29.12.2015
Čas skenování: 10:44
Protokol: mbam log.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2015.12.29.02
Databáze rootkitů: v2015.12.26.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: PC
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 322993
Uplynulý čas: 8 min, 53 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 1
PUP.Optional.GoldClick, HKU\S-1-5-21-494490919-3553389126-219020364-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ProxyGate, C:\Users\PC\AppData\Roaming\ProxyGate\MainService.exe, , [f6e075352a6173c3738d446b3cc5d32d]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 5
PUP.Optional.GoldClick, C:\Users\PC\AppData\Roaming\ProxyGate\MainService.exe, , [f6e075352a6173c3738d446b3cc5d32d],
PUP.Optional.GoldClick, C:\Users\PC\AppData\Roaming\ProxyGate\ProxyGate.exe, , [f8de4763355659ddd32dd1de1fe2eb15],
PUP.Optional.GoldClick, C:\Users\PC\AppData\Roaming\ProxyGate\ProxyUPD.exe, , [a333ebbf444789adc53bbaf5a25fe818],
PUP.Optional.GoldClick, C:\Users\PC\AppData\Roaming\ProxyGate\Socket.exe, , [9442694135560a2c32cec5eaa160f40c],
Trojan.ModUPX, C:\Users\PC\AppData\Local\Temp\is-E68PF.tmp\work\run.exe, , [5c7ad8d22467a39354db94a4f50c2dd3],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Návod na Mbam je na starší verzi, tak snad je to správně
Re: Prosím o kontrolu
Vše je správněIbraj píše:Návod na Mbam je na starší verzi, tak snad je to správně
Nyní Mbam odinstaluj.
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
V případě nejasností je ZDE obrázkový návod.
Přispějete na provoz fóra?