Dobrý den, poslední dobou mám problém s rychlostí NB. Při zapnutí NB dlouho načítá a práce ve vyhledávači je taky pomalá.
Při nečinnosti NB jede paměť na 40% a procesor taky na cca 40%.
Mám podezření na vir nebo škodlivý program.
Pravidelně provádím aktualizace legálního OS a pokud vím tak nainstalované programy jsou buď open verze nebo legální.
zde přikládám log z RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Josef at 2016-02-16 20:01:08
Microsoft Windows 8.1
System drive C: has 105 GB (23%) free of 459 GB
Total RAM: 3979 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:22, on 16. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\trend micro\Josef.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BacKGround Agent] C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @oem20.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe
O23 - Service: Quick Access RadioMgr Service (RMSvc) - Acer Incorporate - C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8221 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
"C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
dashost.exe {69d6fff2-ce7e-4470-a62065372d479d61}
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe"
"C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMTray.exe"
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QAEvent.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QAMsg.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QuickAccess.exe" -hide
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe"
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe"
"C:\Windows\system32\igfxext.exe" -Embedding
"C:\Windows\system32\igfxsrvc.exe" -Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\Packard Bell\Packard Bell Recovery Management\Notification\Notification.exe"
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
"C:\Windows\system32\StikyNot.exe"
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Users\Josef\Downloads\RSITx64.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\rsit\log.txt
C:\Windows\system32\wbem\WmiApSrv.exe
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-11 553056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-11 901600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-11 214112]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-11 678656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-11-25 770032]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-18 13657304]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-11-25 391152]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"=C:\Windows\system32\StikyNot.exe [2014-10-29 479744]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BacKGround Agent"=C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2014-07-22 51456]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-02-11 7139768]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29 595504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-11-02 624640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"ConsentPromptBehaviorAdmin"=0
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-02-16 20:01:08 ----D---- C:\rsit
2016-02-16 20:01:08 ----D---- C:\Program Files\trend micro
2016-02-15 18:51:15 ----D---- C:\AdwCleaner
2016-02-11 19:37:04 ----RD---- C:\Program Files (x86)\Skype
2016-02-11 19:20:57 ----A---- C:\Windows\system32\drivers\aswNetSec.sys
2016-02-11 19:20:57 ----A---- C:\Windows\system32\drivers\aswKbd.sys
2016-02-11 19:20:37 ----A---- C:\Windows\system32\aswBoot.exe
2016-02-11 19:20:18 ----A---- C:\Windows\avastSS.scr
2016-02-11 11:34:22 ----A---- C:\Windows\system32\invagent.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\generaltel.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\devinv.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-02-11 11:34:22 ----A---- C:\Windows\system32\appraiser.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\aeinv.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\acmigration.dll
2016-02-11 11:34:20 ----A---- C:\Windows\system32\lsasrv.dll
2016-02-11 11:34:18 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-02-11 11:34:18 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-02-11 11:34:18 ----A---- C:\Windows\system32\msv1_0.dll
2016-02-11 11:34:18 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-02-11 11:34:18 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-02-11 11:34:18 ----A---- C:\Windows\system32\dpapisrv.dll
2016-02-11 11:34:18 ----A---- C:\Windows\system32\certcli.dll
2016-02-11 11:34:04 ----A---- C:\Windows\system32\shell32.dll
2016-02-11 11:34:02 ----A---- C:\Windows\system32\twinui.dll
2016-02-11 11:33:58 ----A---- C:\Windows\SYSWOW64\twinui.dll
2016-02-11 11:33:54 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-02-11 11:33:52 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-02-11 11:33:52 ----A---- C:\Windows\system32\authui.dll
2016-02-11 11:33:15 ----A---- C:\Windows\system32\wuaueng.dll
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuwebv.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wudriver.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wucltux.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuauclt.exe
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuapp.exe
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuapi.dll
2016-02-11 11:28:31 ----A---- C:\Windows\system32\mshtml.dll
2016-02-11 11:28:31 ----A---- C:\Windows\system32\iertutil.dll
2016-02-11 11:28:30 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-02-11 11:28:30 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-02-11 11:28:30 ----A---- C:\Windows\system32\urlmon.dll
2016-02-11 11:28:28 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-02-11 11:28:27 ----A---- C:\Windows\system32\ieframe.dll
2016-02-11 11:28:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-02-10 22:04:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-10 22:04:44 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-10 22:04:44 ----A---- C:\Windows\system32\combase.dll
2016-02-10 22:04:43 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-02-10 22:04:43 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-02-10 22:04:43 ----A---- C:\Windows\SYSWOW64\combase.dll
2016-02-10 22:04:43 ----A---- C:\Windows\system32\ntdll.dll
2016-02-10 22:04:42 ----A---- C:\Windows\SYSWOW64\WinTypes.dll
2016-02-10 22:04:42 ----A---- C:\Windows\system32\WinTypes.dll
2016-02-10 22:04:42 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 22:04:41 ----A---- C:\Windows\SYSWOW64\wincorlib.dll
2016-02-10 22:04:31 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-10 22:04:30 ----A---- C:\Windows\system32\kerberos.dll
2016-02-10 22:04:29 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-02-10 22:04:28 ----A---- C:\Windows\SYSWOW64\WinSync.dll
2016-02-10 22:04:28 ----A---- C:\Windows\system32\WinSync.dll
2016-02-10 22:04:23 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-02-10 22:04:22 ----A---- C:\Windows\system32\EncDec.dll
2016-02-10 22:04:22 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\cfgbkend.dll
2016-02-10 22:04:21 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-10 22:04:21 ----A---- C:\Windows\system32\cfgbkend.dll
2016-02-10 22:04:19 ----A---- C:\Windows\system32\glcndFilter.dll
2016-02-10 22:04:18 ----A---- C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-10 22:04:17 ----A---- C:\Windows\SYSWOW64\glcndFilter.dll
2016-02-10 22:04:16 ----A---- C:\Windows\SYSWOW64\Windows.Data.Pdf.dll
2016-02-10 22:04:15 ----A---- C:\Windows\system32\win32k.sys
2016-02-10 22:04:04 ----A---- C:\Windows\system32\jscript9.dll
2016-02-10 22:04:02 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-02-10 22:04:00 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-02-10 22:04:00 ----A---- C:\Windows\system32\wininet.dll
2016-02-10 22:03:57 ----A---- C:\Windows\SYSWOW64\hlink.dll
2016-02-10 22:03:57 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-10 22:03:57 ----A---- C:\Windows\system32\hlink.dll
2016-02-10 22:03:57 ----A---- C:\Windows\system32\actxprxy.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\webcheck.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\vbscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\jscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\inetcomm.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\iedkcs32.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\ieapfltr.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\ie4uinit.exe
2016-02-10 22:03:41 ----A---- C:\Windows\system32\rdpcorets.dll
2016-02-10 22:03:40 ----A---- C:\Windows\system32\rdpudd.dll
======List of files/folders modified in the last 1 month======
2016-02-16 20:13:14 ----D---- C:\Windows\Temp
2016-02-16 20:03:41 ----D---- C:\Windows\system32\config
2016-02-16 20:02:02 ----D---- C:\Windows\system32\sru
2016-02-16 20:01:20 ----D---- C:\Windows\Prefetch
2016-02-16 20:01:08 ----RD---- C:\Program Files
2016-02-16 19:54:51 ----D---- C:\Windows\SoftwareDistribution
2016-02-15 20:23:05 ----D---- C:\Windows\Microsoft.NET
2016-02-15 20:23:00 ----RSD---- C:\Windows\assembly
2016-02-15 20:07:44 ----D---- C:\Windows\SYSWOW64\vbox
2016-02-15 20:07:37 ----D---- C:\Windows\system32\vbox
2016-02-15 20:07:36 ----D---- C:\Windows\system32\DriverStore
2016-02-15 19:55:52 ----D---- C:\Windows\Inf
2016-02-15 19:55:43 ----D---- C:\Windows\debug
2016-02-15 19:08:24 ----D---- C:\Windows
2016-02-15 19:00:39 ----D---- C:\Windows\WinSxS
2016-02-15 18:55:43 ----RD---- C:\Windows\System32
2016-02-15 18:55:43 ----D---- C:\Windows\SysWOW64
2016-02-15 18:55:43 ----D---- C:\Windows\system32\drivers
2016-02-15 18:55:43 ----D---- C:\Windows\system32\appraiser
2016-02-15 18:55:43 ----D---- C:\Windows\apppatch
2016-02-15 18:55:42 ----RD---- C:\Windows\ToastData
2016-02-15 18:55:42 ----D---- C:\Windows\SYSWOW64\en-US
2016-02-15 18:55:42 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-02-15 18:55:42 ----D---- C:\Windows\system32\en-US
2016-02-15 18:55:42 ----D---- C:\Windows\system32\cs-CZ
2016-02-15 18:54:31 ----RD---- C:\Program Files (x86)
2016-02-15 18:46:55 ----HD---- C:\Program Files\WindowsApps
2016-02-15 18:46:50 ----D---- C:\Windows\AppReadiness
2016-02-15 18:46:49 ----SHD---- C:\Windows\Installer
2016-02-15 18:46:44 ----D---- C:\ProgramData\Microsoft Help
2016-02-15 18:45:20 ----D---- C:\Windows\CbsTemp
2016-02-15 17:07:27 ----D---- C:\Windows\system32\MRT
2016-02-15 16:54:26 ----A---- C:\Windows\system32\MRT.exe
2016-02-15 16:50:49 ----SHD---- C:\System Volume Information
2016-02-12 10:25:54 ----D---- C:\Windows\rescache
2016-02-11 19:38:25 ----D---- C:\Users\Josef\AppData\Roaming\Skype
2016-02-11 19:37:06 ----D---- C:\Program Files (x86)\Common Files
2016-02-11 19:36:00 ----D---- C:\ProgramData\Skype
2016-02-11 19:24:02 ----D---- C:\Windows\system32\Tasks
2016-02-11 19:20:35 ----D---- C:\ProgramData\AVAST Software
2016-02-11 19:19:51 ----D---- C:\Program Files\AVAST Software
2016-02-11 19:19:18 ----D---- C:\ProgramData\Oracle
2016-02-11 19:15:14 ----D---- C:\Program Files\Java
2016-02-11 19:14:12 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-11 11:47:25 ----D---- C:\Program Files\Windows Journal
2016-02-11 11:47:24 ----D---- C:\Windows\system32\wbem
2016-02-11 11:47:24 ----D---- C:\Program Files\Internet Explorer
2016-02-11 11:47:24 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-10 23:00:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-10 22:02:22 ----D---- C:\Windows\system32\catroot2
2016-02-06 21:57:38 ----D---- C:\The KMPlayer
2016-02-04 21:42:40 ----D---- C:\Program Files (x86)\Opera
2016-02-02 20:32:09 ----D---- C:\Windows\Tasks
2016-02-02 03:37:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-01-17 21:44:16 ----D---- C:\Program Files\Microsoft Silverlight
2016-01-17 21:44:15 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-01-17 21:42:40 ----SD---- C:\Windows\system32\CompatTel
2016-01-17 21:42:38 ----RSD---- C:\Windows\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-11 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-11 287016]
R0 NBVol;Nero Backup Volume Filter Driver; C:\Windows\system32\DRIVERS\NBVol.sys [2012-08-29 73016]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver; C:\Windows\system32\DRIVERS\NBVolUp.sys [2012-08-29 16696]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2016-02-11 154024]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-02-11 37144]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-02-11 552368]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-02-11 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-02-11 1065720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-11 463744]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-11 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-02-11 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-02-11 165344]
R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-06-23 123152]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2016-02-11 310904]
R3 athr;@oem15.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwbx.sys [2013-08-16 3859968]
R3 BTATH_BUS;@oem16.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-09-07 34384]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2013-09-07 594120]
R3 BTHUSB;@Bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-11-02 4207104]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 IntcDAud;@oem5.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-11-02 449496]
R3 iwdbus;@oem8.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2013-10-29 27032]
R3 LMDriver;@oem4.inf,%LMDriver.SVCDESC%;Launch Manager Wireless Driver; C:\Windows\System32\drivers\LMDriver.sys [2013-07-17 21360]
R3 RadioShim;@oem4.inf,%RadioShim.SVCDESC%;Shim for HID-KMDF Interface layer; C:\Windows\System32\drivers\RadioShim.sys [2013-07-17 14680]
R3 RSBASTOR;@oem14.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\Windows\system32\DRIVERS\RtsBaStor.sys [2013-09-04 309976]
R3 RTL8168;@oem12.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-08-15 830680]
R3 SynTP;@oem11.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-08-28 524016]
R3 TXEIx64;@oem9.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\Windows\System32\drivers\TXEIx64.sys [2013-07-02 87568]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 AthBTPort;@oem19.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-09-07 89800]
S3 bcbtums;@oem20.inf,%BCBTUMS.SvcDesc%;Bluetooth USB LD Filter; C:\Windows\system32\drivers\bcbtums.sys [2013-10-28 170712]
S3 BTATH_A2DP;@oem18.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-09-07 338120]
S3 btath_avdt;@oem18.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-09-07 116424]
S3 BTATH_HCRP;@oem21.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-09-07 179432]
S3 BTATH_LWFLT;@oem23.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-09-07 77464]
S3 BTATH_RCP;@oem25.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-09-07 137928]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\System32\drivers\bthpan.sys [2015-07-10 118272]
S3 BTHPORT;@Bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 btwampfl;@oem20.inf,%btwampfl.ServiceName%;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2013-10-28 166104]
S3 intaud_WaveExtensible;@oem7.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-10-29 39320]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 OATool;OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys []
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 TDKLIB;TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2013-09-07 312448]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-11 237096]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-02-11 119128]
R2 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2014-07-22 3058944]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2016-02-11 5570120]
R3 ePowerSvc;ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2013-07-06 663592]
R3 QASvc;Quick Access Service; C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe [2013-08-03 457768]
R3 RMSvc;Quick Access RadioMgr Service; C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe [2013-08-03 448040]
S2 BcmBtRSupport;@oem20.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\Windows\system32\BtwRSupportService.exe [2013-10-28 2255064]
S2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-06-23 406288]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-06-23 385808]
S2 BstHdUpdaterSvc;BlueStacks Updater Service; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-06-23 774928]
S2 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-04-24 227904]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S2 LMSvc;Launch Manager Service; C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe [2013-08-03 457768]
S2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-14 769432]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10 270016]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-11-25 279024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-22 43696]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-04-24 203344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
-----------------EOF-----------------
Předem děkuji za případnou pomoc nebo radu.
Jožin 36
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zpomalený notebook,podezření na vir nebo škodlivý program
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
zdravím,
zatím zálohuji potřebná data.
ozvu se zítra.
Děkuji a přeji hezký večer.
Jožin 36
zatím zálohuji potřebná data.
ozvu se zítra.
Děkuji a přeji hezký večer.
Jožin 36
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
OK, zatím není zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
Dobrý den,
omlouvám se za zpoždění.
Provedl jsem scen AwdCleanem a zde přikládám text:
# AdwCleaner v5.034 - Logfile created 18/02/2016 at 16:53:49
# Updated 16/02/2016 by Xplode
# Database : 2016-02-16.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Josef - JOZIN
# Running from : C:\Users\Josef\Desktop\adwcleaner_5.034.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [652 bytes] ##########
Zatím děkuji a zdravím.
Jožin36
omlouvám se za zpoždění.
Provedl jsem scen AwdCleanem a zde přikládám text:
# AdwCleaner v5.034 - Logfile created 18/02/2016 at 16:53:49
# Updated 16/02/2016 by Xplode
# Database : 2016-02-16.2 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Josef - JOZIN
# Running from : C:\Users\Josef\Desktop\adwcleaner_5.034.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [652 bytes] ##########
Zatím děkuji a zdravím.
Jožin36
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
přikládám další log RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Josef at 2016-02-18 20:03:41
Microsoft Windows 8.1
System drive C: has 100 GB (22%) free of 459 GB
Total RAM: 3979 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:03:46, on 18. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\Josef.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BacKGround Agent] C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @oem20.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe
O23 - Service: Quick Access RadioMgr Service (RMSvc) - Acer Incorporate - C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8114 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
C:\Windows\system32\BtwRSupportService.exe
"C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe"
taskeng.exe {EA4BF4E7-5DB1-4822-BC71-A49E63D25CDC}
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe"
"C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {c9daf108-c34b-4174-9c8e080fe23c0ca4}
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMEvent.exe"
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe"
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe"
"C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe"
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QAEvent.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMTray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\igfxext.exe" -Embedding
"C:\Windows\system32\igfxsrvc.exe" -Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QAMsg.exe"
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QuickAccess.exe" -hide
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\02182016_195027.log
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
"c:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Josef\Desktop\RSITx64.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 564 568 576 65536 572
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-11 553056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-11 901600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-11 214112]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-11 678656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-11-25 770032]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-18 13657304]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-11-25 391152]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2014-10-29 479744]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BacKGround Agent"=C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2014-07-22 51456]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-02-15 7139768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-11-02 624640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"ConsentPromptBehaviorAdmin"=0
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-02-18 19:44:57 ----D---- C:\_OTM
2016-02-16 20:01:08 ----D---- C:\rsit
2016-02-16 20:01:08 ----D---- C:\Program Files\trend micro
2016-02-15 18:51:15 ----D---- C:\AdwCleaner
2016-02-11 19:37:04 ----RD---- C:\Program Files (x86)\Skype
2016-02-11 19:20:57 ----A---- C:\Windows\system32\drivers\aswNetSec.sys
2016-02-11 19:20:57 ----A---- C:\Windows\system32\drivers\aswKbd.sys
2016-02-11 19:20:37 ----A---- C:\Windows\system32\aswBoot.exe
2016-02-11 19:20:18 ----A---- C:\Windows\avastSS.scr
2016-02-11 11:34:22 ----A---- C:\Windows\system32\invagent.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\generaltel.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\devinv.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-02-11 11:34:22 ----A---- C:\Windows\system32\appraiser.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\aeinv.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\acmigration.dll
2016-02-11 11:34:20 ----A---- C:\Windows\system32\lsasrv.dll
2016-02-11 11:34:18 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-02-11 11:34:18 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-02-11 11:34:18 ----A---- C:\Windows\system32\msv1_0.dll
2016-02-11 11:34:18 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-02-11 11:34:18 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-02-11 11:34:18 ----A---- C:\Windows\system32\dpapisrv.dll
2016-02-11 11:34:18 ----A---- C:\Windows\system32\certcli.dll
2016-02-11 11:34:04 ----A---- C:\Windows\system32\shell32.dll
2016-02-11 11:34:02 ----A---- C:\Windows\system32\twinui.dll
2016-02-11 11:33:58 ----A---- C:\Windows\SYSWOW64\twinui.dll
2016-02-11 11:33:54 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-02-11 11:33:52 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-02-11 11:33:52 ----A---- C:\Windows\system32\authui.dll
2016-02-11 11:33:15 ----A---- C:\Windows\system32\wuaueng.dll
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuwebv.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wudriver.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wucltux.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuauclt.exe
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuapp.exe
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuapi.dll
2016-02-11 11:28:31 ----A---- C:\Windows\system32\mshtml.dll
2016-02-11 11:28:31 ----A---- C:\Windows\system32\iertutil.dll
2016-02-11 11:28:30 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-02-11 11:28:30 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-02-11 11:28:30 ----A---- C:\Windows\system32\urlmon.dll
2016-02-11 11:28:28 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-02-11 11:28:27 ----A---- C:\Windows\system32\ieframe.dll
2016-02-11 11:28:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-02-10 22:04:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-10 22:04:44 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-10 22:04:44 ----A---- C:\Windows\system32\combase.dll
2016-02-10 22:04:43 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-02-10 22:04:43 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-02-10 22:04:43 ----A---- C:\Windows\SYSWOW64\combase.dll
2016-02-10 22:04:43 ----A---- C:\Windows\system32\ntdll.dll
2016-02-10 22:04:42 ----A---- C:\Windows\SYSWOW64\WinTypes.dll
2016-02-10 22:04:42 ----A---- C:\Windows\system32\WinTypes.dll
2016-02-10 22:04:42 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 22:04:41 ----A---- C:\Windows\SYSWOW64\wincorlib.dll
2016-02-10 22:04:31 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-10 22:04:30 ----A---- C:\Windows\system32\kerberos.dll
2016-02-10 22:04:29 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-02-10 22:04:28 ----A---- C:\Windows\SYSWOW64\WinSync.dll
2016-02-10 22:04:28 ----A---- C:\Windows\system32\WinSync.dll
2016-02-10 22:04:23 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-02-10 22:04:22 ----A---- C:\Windows\system32\EncDec.dll
2016-02-10 22:04:22 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\cfgbkend.dll
2016-02-10 22:04:21 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-10 22:04:21 ----A---- C:\Windows\system32\cfgbkend.dll
2016-02-10 22:04:19 ----A---- C:\Windows\system32\glcndFilter.dll
2016-02-10 22:04:18 ----A---- C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-10 22:04:17 ----A---- C:\Windows\SYSWOW64\glcndFilter.dll
2016-02-10 22:04:16 ----A---- C:\Windows\SYSWOW64\Windows.Data.Pdf.dll
2016-02-10 22:04:15 ----A---- C:\Windows\system32\win32k.sys
2016-02-10 22:04:04 ----A---- C:\Windows\system32\jscript9.dll
2016-02-10 22:04:02 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-02-10 22:04:00 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-02-10 22:04:00 ----A---- C:\Windows\system32\wininet.dll
2016-02-10 22:03:57 ----A---- C:\Windows\SYSWOW64\hlink.dll
2016-02-10 22:03:57 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-10 22:03:57 ----A---- C:\Windows\system32\hlink.dll
2016-02-10 22:03:57 ----A---- C:\Windows\system32\actxprxy.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\webcheck.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\vbscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\jscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\inetcomm.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\iedkcs32.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\ieapfltr.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\ie4uinit.exe
2016-02-10 22:03:41 ----A---- C:\Windows\system32\rdpcorets.dll
2016-02-10 22:03:40 ----A---- C:\Windows\system32\rdpudd.dll
======List of files/folders modified in the last 1 month======
2016-02-18 20:01:54 ----D---- C:\Windows\Prefetch
2016-02-18 20:00:01 ----D---- C:\Windows\system32\sru
2016-02-18 19:57:50 ----D---- C:\Windows\Temp
2016-02-18 19:52:24 ----D---- C:\Windows\Minidump
2016-02-18 19:52:15 ----D---- C:\Windows
2016-02-18 19:50:28 ----D---- C:\Windows\Tasks
2016-02-18 19:32:02 ----D---- C:\Windows\Microsoft.NET
2016-02-18 17:10:36 ----SHD---- C:\Windows\Installer
2016-02-18 17:10:15 ----D---- C:\Windows\SysWOW64
2016-02-18 16:56:53 ----D---- C:\Windows\Inf
2016-02-18 16:43:08 ----D---- C:\Windows\SYSWOW64\drivers
2016-02-18 16:29:37 ----D---- C:\Program Files (x86)\Opera
2016-02-18 16:29:36 ----D---- C:\Windows\system32\Tasks
2016-02-17 00:10:12 ----D---- C:\Windows\rescache
2016-02-17 00:02:39 ----D---- C:\Windows\SYSWOW64\vbox
2016-02-17 00:02:39 ----D---- C:\Windows\system32\vbox
2016-02-16 21:13:06 ----RD---- C:\Windows\System32
2016-02-16 21:13:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-16 20:03:41 ----D---- C:\Windows\system32\config
2016-02-16 20:01:08 ----RD---- C:\Program Files
2016-02-16 19:54:51 ----D---- C:\Windows\SoftwareDistribution
2016-02-15 20:23:00 ----RSD---- C:\Windows\assembly
2016-02-15 20:07:36 ----D---- C:\Windows\system32\DriverStore
2016-02-15 19:55:43 ----D---- C:\Windows\debug
2016-02-15 19:00:39 ----D---- C:\Windows\WinSxS
2016-02-15 18:55:43 ----D---- C:\Windows\system32\drivers
2016-02-15 18:55:43 ----D---- C:\Windows\system32\appraiser
2016-02-15 18:55:43 ----D---- C:\Windows\apppatch
2016-02-15 18:55:42 ----RD---- C:\Windows\ToastData
2016-02-15 18:55:42 ----D---- C:\Windows\SYSWOW64\en-US
2016-02-15 18:55:42 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-02-15 18:55:42 ----D---- C:\Windows\system32\en-US
2016-02-15 18:55:42 ----D---- C:\Windows\system32\cs-CZ
2016-02-15 18:54:31 ----RD---- C:\Program Files (x86)
2016-02-15 18:46:56 ----D---- C:\Windows\AppReadiness
2016-02-15 18:46:55 ----HD---- C:\Program Files\WindowsApps
2016-02-15 18:46:44 ----D---- C:\ProgramData\Microsoft Help
2016-02-15 18:45:20 ----D---- C:\Windows\CbsTemp
2016-02-15 17:07:27 ----D---- C:\Windows\system32\MRT
2016-02-15 16:54:26 ----A---- C:\Windows\system32\MRT.exe
2016-02-15 16:50:49 ----SHD---- C:\System Volume Information
2016-02-11 19:38:25 ----D---- C:\Users\Josef\AppData\Roaming\Skype
2016-02-11 19:37:11 ----D---- C:\ProgramData\Skype
2016-02-11 19:37:06 ----D---- C:\Program Files (x86)\Common Files
2016-02-11 19:20:35 ----D---- C:\ProgramData\AVAST Software
2016-02-11 19:19:51 ----D---- C:\Program Files\AVAST Software
2016-02-11 19:19:18 ----D---- C:\ProgramData\Oracle
2016-02-11 19:15:14 ----D---- C:\Program Files\Java
2016-02-11 19:14:12 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-11 11:47:25 ----D---- C:\Program Files\Windows Journal
2016-02-11 11:47:24 ----D---- C:\Windows\system32\wbem
2016-02-11 11:47:24 ----D---- C:\Program Files\Internet Explorer
2016-02-11 11:47:24 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-10 22:02:22 ----D---- C:\Windows\system32\catroot2
2016-02-06 21:57:38 ----D---- C:\The KMPlayer
2016-02-02 03:37:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-11 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-11 287016]
R0 NBVol;Nero Backup Volume Filter Driver; C:\Windows\system32\DRIVERS\NBVol.sys [2012-08-29 73016]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver; C:\Windows\system32\DRIVERS\NBVolUp.sys [2012-08-29 16696]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2016-02-11 154024]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-02-11 37144]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-02-11 552368]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-02-11 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-02-11 1065720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-11 463744]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-11 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-02-11 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-02-11 165344]
R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-06-23 123152]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2016-02-11 310904]
R3 athr;@oem15.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwbx.sys [2013-08-16 3859968]
R3 BTATH_BUS;@oem16.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-09-07 34384]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2013-09-07 594120]
R3 BTHUSB;@Bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-11-02 4207104]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 IntcDAud;@oem5.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-11-02 449496]
R3 iwdbus;@oem8.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2013-10-29 27032]
R3 LMDriver;@oem4.inf,%LMDriver.SVCDESC%;Launch Manager Wireless Driver; C:\Windows\System32\drivers\LMDriver.sys [2013-07-17 21360]
R3 RadioShim;@oem4.inf,%RadioShim.SVCDESC%;Shim for HID-KMDF Interface layer; C:\Windows\System32\drivers\RadioShim.sys [2013-07-17 14680]
R3 RSBASTOR;@oem14.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\Windows\system32\DRIVERS\RtsBaStor.sys [2013-09-04 309976]
R3 RTL8168;@oem12.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-08-15 830680]
R3 SynTP;@oem11.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-08-28 524016]
R3 TXEIx64;@oem9.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\Windows\System32\drivers\TXEIx64.sys [2013-07-02 87568]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 AthBTPort;@oem19.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-09-07 89800]
S3 bcbtums;@oem20.inf,%BCBTUMS.SvcDesc%;Bluetooth USB LD Filter; C:\Windows\system32\drivers\bcbtums.sys [2013-10-28 170712]
S3 BTATH_A2DP;@oem18.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-09-07 338120]
S3 btath_avdt;@oem18.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-09-07 116424]
S3 BTATH_HCRP;@oem21.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-09-07 179432]
S3 BTATH_LWFLT;@oem23.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-09-07 77464]
S3 BTATH_RCP;@oem25.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-09-07 137928]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\System32\drivers\bthpan.sys [2015-07-10 118272]
S3 BTHPORT;@Bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 btwampfl;@oem20.inf,%btwampfl.ServiceName%;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2013-10-28 166104]
S3 intaud_WaveExtensible;@oem7.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-10-29 39320]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 OATool;OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys []
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 TDKLIB;TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2013-09-07 312448]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-11 237096]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-02-11 119128]
R2 BcmBtRSupport;@oem20.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\Windows\system32\BtwRSupportService.exe [2013-10-28 2255064]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-06-23 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-06-23 774928]
R2 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2014-07-22 3058944]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-04-24 227904]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 LMSvc;Launch Manager Service; C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe [2013-08-03 457768]
R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-14 769432]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2016-02-11 5570120]
R3 ePowerSvc;ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2013-07-06 663592]
R3 QASvc;Quick Access Service; C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe [2013-08-03 457768]
R3 RMSvc;Quick Access RadioMgr Service; C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe [2013-08-03 448040]
S2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-06-23 406288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-18 270016]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-11-25 279024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-22 43696]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-04-24 203344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Josef at 2016-02-18 20:03:41
Microsoft Windows 8.1
System drive C: has 100 GB (22%) free of 459 GB
Total RAM: 3979 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:03:46, on 18. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\Josef.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BacKGround Agent] C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @oem20.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @c:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - c:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe
O23 - Service: Quick Access RadioMgr Service (RMSvc) - Acer Incorporate - C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8114 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe"
C:\Windows\system32\BtwRSupportService.exe
"C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe"
taskeng.exe {EA4BF4E7-5DB1-4822-BC71-A49E63D25CDC}
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe"
"C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {c9daf108-c34b-4174-9c8e080fe23c0ca4}
"C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe"
"C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMEvent.exe"
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe"
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe"
"C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe"
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QAEvent.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMTray.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\system32\igfxext.exe" -Embedding
"C:\Windows\system32\igfxsrvc.exe" -Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QAMsg.exe"
"C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Packard Bell\Packard Bell Quick Access\QuickAccess.exe" -hide
"C:\Windows\notepad.exe" C:\_OTM\MovedFiles\02182016_195027.log
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe"
"c:\Program Files (x86)\Nero\Update\NASvc.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Users\Josef\Desktop\RSITx64.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 564 568 576 65536 572
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_74\bin\ssv.dll [2016-02-11 553056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-11 901600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 690392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_74\bin\jp2ssv.dll [2016-02-11 214112]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-11 678656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-11-25 770032]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-18 13657304]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-11-25 391152]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 108144]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2014-10-29 479744]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BacKGround Agent"=C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2014-07-22 51456]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-02-15 7139768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-11-02 624640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
"ConsentPromptBehaviorAdmin"=0
"EnableLinkedConnections"=1
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-02-18 19:44:57 ----D---- C:\_OTM
2016-02-16 20:01:08 ----D---- C:\rsit
2016-02-16 20:01:08 ----D---- C:\Program Files\trend micro
2016-02-15 18:51:15 ----D---- C:\AdwCleaner
2016-02-11 19:37:04 ----RD---- C:\Program Files (x86)\Skype
2016-02-11 19:20:57 ----A---- C:\Windows\system32\drivers\aswNetSec.sys
2016-02-11 19:20:57 ----A---- C:\Windows\system32\drivers\aswKbd.sys
2016-02-11 19:20:37 ----A---- C:\Windows\system32\aswBoot.exe
2016-02-11 19:20:18 ----A---- C:\Windows\avastSS.scr
2016-02-11 11:34:22 ----A---- C:\Windows\system32\invagent.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\generaltel.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\devinv.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-02-11 11:34:22 ----A---- C:\Windows\system32\appraiser.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\aeinv.dll
2016-02-11 11:34:22 ----A---- C:\Windows\system32\acmigration.dll
2016-02-11 11:34:20 ----A---- C:\Windows\system32\lsasrv.dll
2016-02-11 11:34:18 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-02-11 11:34:18 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-02-11 11:34:18 ----A---- C:\Windows\system32\msv1_0.dll
2016-02-11 11:34:18 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-02-11 11:34:18 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-02-11 11:34:18 ----A---- C:\Windows\system32\dpapisrv.dll
2016-02-11 11:34:18 ----A---- C:\Windows\system32\certcli.dll
2016-02-11 11:34:04 ----A---- C:\Windows\system32\shell32.dll
2016-02-11 11:34:02 ----A---- C:\Windows\system32\twinui.dll
2016-02-11 11:33:58 ----A---- C:\Windows\SYSWOW64\twinui.dll
2016-02-11 11:33:54 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-02-11 11:33:52 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-02-11 11:33:52 ----A---- C:\Windows\system32\authui.dll
2016-02-11 11:33:15 ----A---- C:\Windows\system32\wuaueng.dll
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2016-02-11 11:33:14 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuwebv.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wudriver.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wucltux.dll
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuauclt.exe
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuapp.exe
2016-02-11 11:33:14 ----A---- C:\Windows\system32\wuapi.dll
2016-02-11 11:28:31 ----A---- C:\Windows\system32\mshtml.dll
2016-02-11 11:28:31 ----A---- C:\Windows\system32\iertutil.dll
2016-02-11 11:28:30 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-02-11 11:28:30 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-02-11 11:28:30 ----A---- C:\Windows\system32\urlmon.dll
2016-02-11 11:28:28 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-02-11 11:28:27 ----A---- C:\Windows\system32\ieframe.dll
2016-02-11 11:28:26 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-02-10 22:04:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-10 22:04:44 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-10 22:04:44 ----A---- C:\Windows\system32\combase.dll
2016-02-10 22:04:43 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-02-10 22:04:43 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-02-10 22:04:43 ----A---- C:\Windows\SYSWOW64\combase.dll
2016-02-10 22:04:43 ----A---- C:\Windows\system32\ntdll.dll
2016-02-10 22:04:42 ----A---- C:\Windows\SYSWOW64\WinTypes.dll
2016-02-10 22:04:42 ----A---- C:\Windows\system32\WinTypes.dll
2016-02-10 22:04:42 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 22:04:41 ----A---- C:\Windows\SYSWOW64\wincorlib.dll
2016-02-10 22:04:31 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-10 22:04:30 ----A---- C:\Windows\system32\kerberos.dll
2016-02-10 22:04:29 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-02-10 22:04:28 ----A---- C:\Windows\SYSWOW64\WinSync.dll
2016-02-10 22:04:28 ----A---- C:\Windows\system32\WinSync.dll
2016-02-10 22:04:23 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-02-10 22:04:22 ----A---- C:\Windows\system32\EncDec.dll
2016-02-10 22:04:22 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-02-10 22:04:21 ----A---- C:\Windows\SYSWOW64\cfgbkend.dll
2016-02-10 22:04:21 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-10 22:04:21 ----A---- C:\Windows\system32\cfgbkend.dll
2016-02-10 22:04:19 ----A---- C:\Windows\system32\glcndFilter.dll
2016-02-10 22:04:18 ----A---- C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-10 22:04:17 ----A---- C:\Windows\SYSWOW64\glcndFilter.dll
2016-02-10 22:04:16 ----A---- C:\Windows\SYSWOW64\Windows.Data.Pdf.dll
2016-02-10 22:04:15 ----A---- C:\Windows\system32\win32k.sys
2016-02-10 22:04:04 ----A---- C:\Windows\system32\jscript9.dll
2016-02-10 22:04:02 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-02-10 22:04:00 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-02-10 22:04:00 ----A---- C:\Windows\system32\wininet.dll
2016-02-10 22:03:57 ----A---- C:\Windows\SYSWOW64\hlink.dll
2016-02-10 22:03:57 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-10 22:03:57 ----A---- C:\Windows\system32\hlink.dll
2016-02-10 22:03:57 ----A---- C:\Windows\system32\actxprxy.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-02-10 22:03:56 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\webcheck.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\vbscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\jscript.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\inetcomm.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\iedkcs32.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\ieapfltr.dll
2016-02-10 22:03:56 ----A---- C:\Windows\system32\ie4uinit.exe
2016-02-10 22:03:41 ----A---- C:\Windows\system32\rdpcorets.dll
2016-02-10 22:03:40 ----A---- C:\Windows\system32\rdpudd.dll
======List of files/folders modified in the last 1 month======
2016-02-18 20:01:54 ----D---- C:\Windows\Prefetch
2016-02-18 20:00:01 ----D---- C:\Windows\system32\sru
2016-02-18 19:57:50 ----D---- C:\Windows\Temp
2016-02-18 19:52:24 ----D---- C:\Windows\Minidump
2016-02-18 19:52:15 ----D---- C:\Windows
2016-02-18 19:50:28 ----D---- C:\Windows\Tasks
2016-02-18 19:32:02 ----D---- C:\Windows\Microsoft.NET
2016-02-18 17:10:36 ----SHD---- C:\Windows\Installer
2016-02-18 17:10:15 ----D---- C:\Windows\SysWOW64
2016-02-18 16:56:53 ----D---- C:\Windows\Inf
2016-02-18 16:43:08 ----D---- C:\Windows\SYSWOW64\drivers
2016-02-18 16:29:37 ----D---- C:\Program Files (x86)\Opera
2016-02-18 16:29:36 ----D---- C:\Windows\system32\Tasks
2016-02-17 00:10:12 ----D---- C:\Windows\rescache
2016-02-17 00:02:39 ----D---- C:\Windows\SYSWOW64\vbox
2016-02-17 00:02:39 ----D---- C:\Windows\system32\vbox
2016-02-16 21:13:06 ----RD---- C:\Windows\System32
2016-02-16 21:13:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-16 20:03:41 ----D---- C:\Windows\system32\config
2016-02-16 20:01:08 ----RD---- C:\Program Files
2016-02-16 19:54:51 ----D---- C:\Windows\SoftwareDistribution
2016-02-15 20:23:00 ----RSD---- C:\Windows\assembly
2016-02-15 20:07:36 ----D---- C:\Windows\system32\DriverStore
2016-02-15 19:55:43 ----D---- C:\Windows\debug
2016-02-15 19:00:39 ----D---- C:\Windows\WinSxS
2016-02-15 18:55:43 ----D---- C:\Windows\system32\drivers
2016-02-15 18:55:43 ----D---- C:\Windows\system32\appraiser
2016-02-15 18:55:43 ----D---- C:\Windows\apppatch
2016-02-15 18:55:42 ----RD---- C:\Windows\ToastData
2016-02-15 18:55:42 ----D---- C:\Windows\SYSWOW64\en-US
2016-02-15 18:55:42 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-02-15 18:55:42 ----D---- C:\Windows\system32\en-US
2016-02-15 18:55:42 ----D---- C:\Windows\system32\cs-CZ
2016-02-15 18:54:31 ----RD---- C:\Program Files (x86)
2016-02-15 18:46:56 ----D---- C:\Windows\AppReadiness
2016-02-15 18:46:55 ----HD---- C:\Program Files\WindowsApps
2016-02-15 18:46:44 ----D---- C:\ProgramData\Microsoft Help
2016-02-15 18:45:20 ----D---- C:\Windows\CbsTemp
2016-02-15 17:07:27 ----D---- C:\Windows\system32\MRT
2016-02-15 16:54:26 ----A---- C:\Windows\system32\MRT.exe
2016-02-15 16:50:49 ----SHD---- C:\System Volume Information
2016-02-11 19:38:25 ----D---- C:\Users\Josef\AppData\Roaming\Skype
2016-02-11 19:37:11 ----D---- C:\ProgramData\Skype
2016-02-11 19:37:06 ----D---- C:\Program Files (x86)\Common Files
2016-02-11 19:20:35 ----D---- C:\ProgramData\AVAST Software
2016-02-11 19:19:51 ----D---- C:\Program Files\AVAST Software
2016-02-11 19:19:18 ----D---- C:\ProgramData\Oracle
2016-02-11 19:15:14 ----D---- C:\Program Files\Java
2016-02-11 19:14:12 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-11 11:47:25 ----D---- C:\Program Files\Windows Journal
2016-02-11 11:47:24 ----D---- C:\Windows\system32\wbem
2016-02-11 11:47:24 ----D---- C:\Program Files\Internet Explorer
2016-02-11 11:47:24 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-10 22:02:22 ----D---- C:\Windows\system32\catroot2
2016-02-06 21:57:38 ----D---- C:\The KMPlayer
2016-02-02 03:37:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-11 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-11 287016]
R0 NBVol;Nero Backup Volume Filter Driver; C:\Windows\system32\DRIVERS\NBVol.sys [2012-08-29 73016]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver; C:\Windows\system32\DRIVERS\NBVolUp.sys [2012-08-29 16696]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2016-02-11 154024]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-02-11 37144]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-02-11 552368]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-02-11 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-02-11 1065720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-11 463744]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-11 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-02-11 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-02-11 165344]
R2 BstHdDrv;BlueStacks Hypervisor; \??\C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-06-23 123152]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2016-02-11 310904]
R3 athr;@oem15.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athwbx.sys [2013-08-16 3859968]
R3 BTATH_BUS;@oem16.inf,%BTATH_BUS.SVCDESC%;Qualcomm Atheros Bluetooth Bus; C:\Windows\System32\drivers\btath_bus.sys [2013-09-07 34384]
R3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [2013-09-07 594120]
R3 BTHUSB;@Bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-11-02 4207104]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-10-22 3692632]
R3 IntcDAud;@oem5.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-11-02 449496]
R3 iwdbus;@oem8.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2013-10-29 27032]
R3 LMDriver;@oem4.inf,%LMDriver.SVCDESC%;Launch Manager Wireless Driver; C:\Windows\System32\drivers\LMDriver.sys [2013-07-17 21360]
R3 RadioShim;@oem4.inf,%RadioShim.SVCDESC%;Shim for HID-KMDF Interface layer; C:\Windows\System32\drivers\RadioShim.sys [2013-07-17 14680]
R3 RSBASTOR;@oem14.inf,%Rts5208%;Realtek PCIE CardReader Driver - BA; C:\Windows\system32\DRIVERS\RtsBaStor.sys [2013-09-04 309976]
R3 RTL8168;@oem12.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2013-08-15 830680]
R3 SynTP;@oem11.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-08-28 524016]
R3 TXEIx64;@oem9.inf,%TEE_SvcDesc%;Intel(R) Trusted Execution Engine Interface ; C:\Windows\System32\drivers\TXEIx64.sys [2013-07-02 87568]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 AthBTPort;@oem19.inf,%BTHSUPPORT.SvcDesc%;Qualcomm Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys [2013-09-07 89800]
S3 bcbtums;@oem20.inf,%BCBTUMS.SvcDesc%;Bluetooth USB LD Filter; C:\Windows\system32\drivers\bcbtums.sys [2013-10-28 170712]
S3 BTATH_A2DP;@oem18.inf,%BTATH_A2DP.SvcDesc%;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys [2013-09-07 338120]
S3 btath_avdt;@oem18.inf,%btath_avdt.SvcDesc%;Qualcomm Atheros Bluetooth AVDT Service; C:\Windows\system32\drivers\btath_avdt.sys [2013-09-07 116424]
S3 BTATH_HCRP;@oem21.inf,%BTATH_HCRP.SvcDesc%;Bluetooth HCRP Server driver; C:\Windows\System32\drivers\btath_hcrp.sys [2013-09-07 179432]
S3 BTATH_LWFLT;@oem23.inf,%BTATH_LWFLT%;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys [2013-09-07 77464]
S3 BTATH_RCP;@oem25.inf,%BTATH_RCP%;Bluetooth AVRCP Device; C:\Windows\System32\drivers\btath_rcp.sys [2013-09-07 137928]
S3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2014-10-29 53248]
S3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\System32\drivers\BthLEEnum.sys [2013-12-04 226304]
S3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Zařízení Bluetooth (síť PAN); C:\Windows\System32\drivers\bthpan.sys [2015-07-10 118272]
S3 BTHPORT;@Bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2015-05-11 1201664]
S3 btwampfl;@oem20.inf,%btwampfl.ServiceName%;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2013-10-28 166104]
S3 intaud_WaveExtensible;@oem7.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-10-29 39320]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys []
S3 OATool;OATool; \??\C:\Users\Administrator\AppData\Local\Temp\OAToolx64.sys []
S3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
S3 TDKLIB;TDKLIB; \??\C:\Users\Administrator\AppData\Local\Temp\TdkLib64.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AtherosSvc;AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [2013-09-07 312448]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-11 237096]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-02-11 119128]
R2 BcmBtRSupport;@oem20.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\Windows\system32\BtwRSupportService.exe [2013-10-28 2255064]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-06-23 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [2014-06-23 774928]
R2 CCDMonitorService;CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2014-07-22 3058944]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 GamesAppIntegrationService;GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2014-04-24 227904]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [2013-07-02 733696]
R2 LMSvc;Launch Manager Service; C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe [2013-08-03 457768]
R2 NAUpdate;@c:\Program Files (x86)\Nero\Update\NASvc.exe,-200; c:\Program Files (x86)\Nero\Update\NASvc.exe [2012-07-14 769432]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2016-02-11 5570120]
R3 ePowerSvc;ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2013-07-06 663592]
R3 QASvc;Quick Access Service; C:\Program Files\Packard Bell\Packard Bell Quick Access\QASvc.exe [2013-08-03 457768]
R3 RMSvc;Quick Access RadioMgr Service; C:\Program Files\Packard Bell\Packard Bell Quick Access\RMSvc.exe [2013-08-03 448040]
S2 BstHdAndroidSvc;BlueStacks Android Service; C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-06-23 406288]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-18 270016]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-11-25 279024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-22 43696]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2014-04-24 203344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01 144200]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [2013-07-02 822232]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
Tak jsem provedl OTM a připadá mi že žádná změna při načítání OS, ale zkusím ještě jednou restartovat.
Třeba se mi to po tom úklidu jenom zdá.
Za chvíli dám vědět.
Děkuji a zatím.
Třeba se mi to po tom úklidu jenom zdá.
Za chvíli dám vědět.
Děkuji a zatím.
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
Tak po restartu OS načítal cca 3 min.
Ale na druhou stranu co bych od tohoto typu NB chtěl,že?
Každopádně si myslím, že na pozadí mi běží nějaké programy o kterých třeba nevím-moc se nich nevyznám. Není to jedna s možností rychlosti? Jinak procesor 36 % , paměť 36% při spuštěné opeře a načtených dvou stránkách.
Ale na druhou stranu co bych od tohoto typu NB chtěl,že?
Každopádně si myslím, že na pozadí mi běží nějaké programy o kterých třeba nevím-moc se nich nevyznám. Není to jedna s možností rychlosti? Jinak procesor 36 % , paměť 36% při spuštěné opeře a načtených dvou stránkách.
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
Zkusíme ještě MBAM: http://www.malwarebytes.org/mbam.php . Udělejte kompletní sken, dejte log a předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
zde je log. z MBAM:
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 18. 2. 2016 22:32, SYSTEM, JOZIN, Protection, Malware Protection, Starting,
Protection, 18. 2. 2016 22:32, SYSTEM, JOZIN, Protection, Malware Protection, Started,
Protection, 18. 2. 2016 22:32, SYSTEM, JOZIN, Protection, Malicious Website Protection, Starting,
Protection, 18. 2. 2016 22:32, SYSTEM, JOZIN, Protection, Malicious Website Protection, Started,
Update, 18. 2. 2016 22:33, SYSTEM, JOZIN, Manual, Remediation Database, 2015.9.16.1, 2016.2.12.1,
Update, 18. 2. 2016 22:33, SYSTEM, JOZIN, Manual, IP Database, 2015.9.21.2, 2016.2.8.1,
Update, 18. 2. 2016 22:33, SYSTEM, JOZIN, Manual, Rootkit Database, 2015.9.18.1, 2016.2.17.1,
Update, 18. 2. 2016 22:33, SYSTEM, JOZIN, Manual, Domain Database, 2015.9.22.3, 2016.2.18.6,
Update, 18. 2. 2016 22:33, SYSTEM, JOZIN, Manual, Malware Database, 2015.9.22.5, 2016.2.18.5,
Protection, 18. 2. 2016 22:33, SYSTEM, JOZIN, Protection, Refresh, Starting,
Protection, 18. 2. 2016 22:33, SYSTEM, JOZIN, Protection, Malicious Website Protection, Stopping,
Protection, 18. 2. 2016 22:33, SYSTEM, JOZIN, Protection, Malicious Website Protection, Stopped,
Protection, 18. 2. 2016 22:34, SYSTEM, JOZIN, Protection, Refresh, Success,
Protection, 18. 2. 2016 22:34, SYSTEM, JOZIN, Protection, Malicious Website Protection, Starting,
Protection, 18. 2. 2016 22:34, SYSTEM, JOZIN, Protection, Malicious Website Protection, Started,
(end)
Zatím jsem nic nemazal.
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 18. 2. 2016 22:32, SYSTEM, JOZIN, Protection, Malware Protection, Starting,
Protection, 18. 2. 2016 22:32, SYSTEM, JOZIN, Protection, Malware Protection, Started,
Protection, 18. 2. 2016 22:32, SYSTEM, JOZIN, Protection, Malicious Website Protection, Starting,
Protection, 18. 2. 2016 22:32, SYSTEM, JOZIN, Protection, Malicious Website Protection, Started,
Update, 18. 2. 2016 22:33, SYSTEM, JOZIN, Manual, Remediation Database, 2015.9.16.1, 2016.2.12.1,
Update, 18. 2. 2016 22:33, SYSTEM, JOZIN, Manual, IP Database, 2015.9.21.2, 2016.2.8.1,
Update, 18. 2. 2016 22:33, SYSTEM, JOZIN, Manual, Rootkit Database, 2015.9.18.1, 2016.2.17.1,
Update, 18. 2. 2016 22:33, SYSTEM, JOZIN, Manual, Domain Database, 2015.9.22.3, 2016.2.18.6,
Update, 18. 2. 2016 22:33, SYSTEM, JOZIN, Manual, Malware Database, 2015.9.22.5, 2016.2.18.5,
Protection, 18. 2. 2016 22:33, SYSTEM, JOZIN, Protection, Refresh, Starting,
Protection, 18. 2. 2016 22:33, SYSTEM, JOZIN, Protection, Malicious Website Protection, Stopping,
Protection, 18. 2. 2016 22:33, SYSTEM, JOZIN, Protection, Malicious Website Protection, Stopped,
Protection, 18. 2. 2016 22:34, SYSTEM, JOZIN, Protection, Refresh, Success,
Protection, 18. 2. 2016 22:34, SYSTEM, JOZIN, Protection, Malicious Website Protection, Starting,
Protection, 18. 2. 2016 22:34, SYSTEM, JOZIN, Protection, Malicious Website Protection, Started,
(end)
Zatím jsem nic nemazal.
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
Log z MBAM vypadá asi takto:
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 17. 2. 2016
Čas skenování: 22:08
Protokol:
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2016.02.17.06
Databáze rootkitů: v2016.02.17.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Jiří
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 418849
Uplynulý čas: 40 min, 8 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 0
(Nenalezeny žádné škodlivé položky)
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 6
PUP.Optional.InstallBrain, C:\Users\Jiří\Downloads\VideoPerformerSetup.exe, , [7a50c69b1980999d2747c015b74943bd],
PUP.Optional.ClientConnect, C:\Users\Jiří\Downloads\bsplayer267-1076 (1).exe, , [d8f28cd5603932048d30359832ce20e0],
PUP.Optional.ClientConnect, C:\Users\Jiří\Downloads\bsplayer267-1076.exe, , [4e7c9ac7f3a6bc7ad6e75f6e58a80af6],
PUP.Optional.Ilivid, C:\Users\Jiří\Downloads\iLividSetup_C-r362-t-bc.exe, , [05c511507128e84eb6098953b34de020],
PUP.Optional.Ilivid, C:\Users\Jiří\Downloads\iLividSetup_D-r362-t-bc.exe, , [3e8cc69b049512245b643e9eb44cde22],
PUP.Optional.OneClickDownloader, C:\Users\Jiří\Downloads\DownloadSetup.exe, , [00ca5f02aeeb0531c3ec5fdcce338a76],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
Omlouvám se zde je log co jste chtěl:
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 19. 2. 2016
Čas skenování: 17:45
Protokol: log mbam.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2016.02.19.04
Databáze rootkitů: v2016.02.17.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Josef
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 340979
Uplynulý čas: 17 min, 21 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 6
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, , [8907b4aed8c1a98d9484718c996a8779],
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\HDQ-1.2cV03.01-nv, , [ccc4adb59bfe9c9a1f5cbc2528db4db3],
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\HDQ-1.2cV03.01, , [eba54d15bddca6906d1df8e9c14203fd],
PUP.Optional.CrossRider, HKU\S-1-5-21-878734475-2902513596-1258235634-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D07F30FF-16C9-4068-A839-E1E7C8853746}, , [622e31317d1cff377c29855da26134cc],
PUP.Optional.CrossRider, HKU\S-1-5-21-878734475-2902513596-1258235634-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FD60DAFC-9C87-406B-ADDD-BF375B3A51A9}, , [6a2691d178210d29d7ce30b25fa428d8],
PUP.Optional.CrossRider, HKU\S-1-5-21-878734475-2902513596-1258235634-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\WINDOWS_IE_AC_001\SOFTWARE\Crossrider, , [1f71352d4455ca6cc6af5bf2ae5633cd],
Hodnoty registru: 2
PUP.Optional.CrossRider, HKU\S-1-5-21-878734475-2902513596-1258235634-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D07F30FF-16C9-4068-A839-E1E7C8853746}|AppName, 57a8df63-03eb-4588-b605-02b5ec0a584e-2.exe-codedownloader.exe, , [622e31317d1cff377c29855da26134cc]
PUP.Optional.CrossRider, HKU\S-1-5-21-878734475-2902513596-1258235634-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FD60DAFC-9C87-406B-ADDD-BF375B3A51A9}|AppName, 57a8df63-03eb-4588-b605-02b5ec0a584e-2.exe-codedownloader.exe, , [6a2691d178210d29d7ce30b25fa428d8]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 4
PUP.Optional.CrossRider, C:\Users\Josef\AppData\Roaming\GOMM.exe, , [4b45c59dbddc9d99272bec1d28dd8c74],
PUP.Optional.SearchSuite, C:\Users\Josef\Downloads\TorchSetup-r275-n-bc.exe, , [cfc1d290b7e2989e1529f35d34cdbc44],
PUP.Optional.Solimba, C:\Users\Josef\Downloads\Deer Hunter 2014.exe, , [642c73efb3e6ab8b818de5f37789817f],
PUP.Optional.InstallCore, C:\Users\Josef\Downloads\deer-hunter-2014-1.0.4.exe, , [d3bdd38fcbcef83ed0f71c1e946dd729],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
děkuji
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 19. 2. 2016
Čas skenování: 17:45
Protokol: log mbam.txt
Správce: Ano
Verze: 2.2.0.1024
Databáze malwaru: v2016.02.19.04
Databáze rootkitů: v2016.02.17.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto
OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Josef
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 340979
Uplynulý čas: 17 min, 21 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 6
PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, , [8907b4aed8c1a98d9484718c996a8779],
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\HDQ-1.2cV03.01-nv, , [ccc4adb59bfe9c9a1f5cbc2528db4db3],
PUP.Optional.CrossRider, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\HDQ-1.2cV03.01, , [eba54d15bddca6906d1df8e9c14203fd],
PUP.Optional.CrossRider, HKU\S-1-5-21-878734475-2902513596-1258235634-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D07F30FF-16C9-4068-A839-E1E7C8853746}, , [622e31317d1cff377c29855da26134cc],
PUP.Optional.CrossRider, HKU\S-1-5-21-878734475-2902513596-1258235634-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FD60DAFC-9C87-406B-ADDD-BF375B3A51A9}, , [6a2691d178210d29d7ce30b25fa428d8],
PUP.Optional.CrossRider, HKU\S-1-5-21-878734475-2902513596-1258235634-1001_Classes\LOCAL SETTINGS\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APPCONTAINER\STORAGE\WINDOWS_IE_AC_001\SOFTWARE\Crossrider, , [1f71352d4455ca6cc6af5bf2ae5633cd],
Hodnoty registru: 2
PUP.Optional.CrossRider, HKU\S-1-5-21-878734475-2902513596-1258235634-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D07F30FF-16C9-4068-A839-E1E7C8853746}|AppName, 57a8df63-03eb-4588-b605-02b5ec0a584e-2.exe-codedownloader.exe, , [622e31317d1cff377c29855da26134cc]
PUP.Optional.CrossRider, HKU\S-1-5-21-878734475-2902513596-1258235634-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{FD60DAFC-9C87-406B-ADDD-BF375B3A51A9}|AppName, 57a8df63-03eb-4588-b605-02b5ec0a584e-2.exe-codedownloader.exe, , [6a2691d178210d29d7ce30b25fa428d8]
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 4
PUP.Optional.CrossRider, C:\Users\Josef\AppData\Roaming\GOMM.exe, , [4b45c59dbddc9d99272bec1d28dd8c74],
PUP.Optional.SearchSuite, C:\Users\Josef\Downloads\TorchSetup-r275-n-bc.exe, , [cfc1d290b7e2989e1529f35d34cdbc44],
PUP.Optional.Solimba, C:\Users\Josef\Downloads\Deer Hunter 2014.exe, , [642c73efb3e6ab8b818de5f37789817f],
PUP.Optional.InstallCore, C:\Users\Josef\Downloads\deer-hunter-2014-1.0.4.exe, , [d3bdd38fcbcef83ed0f71c1e946dd729],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
děkuji
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zpomalený notebook,podezření na vir nebo škodlivý progra
Smažte všechny nálezy.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?