Zdravím,
po spuštění počítače je OS dost zpomalený a internetové prohlížeče nereagují.. Zhruba po 10ti minutách je vše v pořádku
až na to, že si OS sám otevírá okna anebo stránky.
Stolní PC, Windows 8.1, HDD SMART OK, Paměti OK. Děkuji za čas.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Pavel at 2016-02-20 11:08:58
Microsoft Windows 8.1
System drive C: has 746 GB (79%) free of 938 GB
Total RAM: 8133 MB (81% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:08:59, on 20. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Pavel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5272 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
taskeng.exe {855E8CC2-F501-487F-88A8-AF4F4636E2BF}
taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\diMaster.dll" /prefetch:1
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe" /c /a /s UserSession2
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
dashost.exe {c5276625-c0dc-4169-b25189ca3f1d9416}
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cachedir="C:\Users\Pavel\AppData\Local\Steam\htmlcache" -steampid=3036 -buildid=1454620878 -steamid="0" --disable-gpu-compositing --disable-gpu --process-per-tab --enable-system-flash --disable-spell-checking --enable-widevine-cdm --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\system32\GWX\GWX.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-108460686-1593251965-3165503301-10011_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-108460686-1593251965-3165503301-10011 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3428 CREDAT:267521 /prefetch:2
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\WinStore\WSHost.exe -Embedding
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding
"C:\Users\Pavel\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05 1038648]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05 794424]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05 794424]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2016-02-04 3014224]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2016-02-02 3639280]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-01-15 8619224]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-02-20 11:07:08 ----D---- C:\rsit
2016-02-20 11:07:08 ----D---- C:\Program Files\trend micro
2016-02-16 17:13:48 ----A---- C:\Windows\system32\FNTCACHE.DAT
2016-02-16 16:47:50 ----A---- C:\Windows\tweaking.com-regbackup-PC-Windows-8.1-(64-bit).dat
2016-02-16 16:47:48 ----D---- C:\RegBackup
2016-02-15 17:08:32 ----D---- C:\Users\Pavel\AppData\Roaming\TeamViewer
2016-02-12 14:46:51 ----D---- C:\Windows\Minidump
2016-02-12 13:49:55 ----D---- C:\ProgramData\Malwarebytes
2016-02-12 13:37:41 ----D---- C:\AdwCleaner
2016-02-12 13:19:30 ----A---- C:\Windows\system32\mshtml.dll
2016-02-12 13:19:30 ----A---- C:\Windows\system32\iertutil.dll
2016-02-12 13:19:29 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-02-12 13:19:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-02-12 13:19:29 ----A---- C:\Windows\system32\urlmon.dll
2016-02-12 13:19:28 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-02-12 13:19:28 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-02-12 13:19:28 ----A---- C:\Windows\system32\ieframe.dll
2016-02-12 13:15:02 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-02-12 13:15:02 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-12 13:15:01 ----A---- C:\Windows\system32\EncDec.dll
2016-02-12 13:15:00 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-02-12 13:14:58 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-12 13:14:57 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-02-12 13:14:56 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-02-12 13:14:56 ----A---- C:\Windows\system32\cfgbkend.dll
2016-02-12 13:14:55 ----A---- C:\Windows\SYSWOW64\cfgbkend.dll
2016-02-12 13:14:44 ----A---- C:\Windows\system32\glcndFilter.dll
2016-02-12 13:14:42 ----A---- C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-12 13:14:41 ----A---- C:\Windows\SYSWOW64\glcndFilter.dll
2016-02-12 13:14:39 ----A---- C:\Windows\SYSWOW64\Windows.Data.Pdf.dll
2016-02-12 13:13:55 ----A---- C:\Windows\system32\shell32.dll
2016-02-12 13:13:53 ----A---- C:\Windows\system32\twinui.dll
2016-02-12 13:13:50 ----A---- C:\Windows\SYSWOW64\twinui.dll
2016-02-12 13:13:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-02-12 13:13:45 ----A---- C:\Windows\system32\authui.dll
2016-02-12 13:13:44 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-02-12 13:07:27 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-02-12 13:07:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-12 13:07:27 ----A---- C:\Windows\system32\ntdll.dll
2016-02-12 13:07:27 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-12 13:07:27 ----A---- C:\Windows\system32\combase.dll
2016-02-12 13:07:26 ----A---- C:\Windows\SYSWOW64\WinTypes.dll
2016-02-12 13:07:26 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-02-12 13:07:26 ----A---- C:\Windows\SYSWOW64\combase.dll
2016-02-12 13:07:26 ----A---- C:\Windows\system32\WinTypes.dll
2016-02-12 13:07:26 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-12 13:07:25 ----A---- C:\Windows\SYSWOW64\wincorlib.dll
2016-02-12 13:07:15 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-12 13:07:12 ----A---- C:\Windows\SYSWOW64\WinSync.dll
2016-02-12 13:07:12 ----A---- C:\Windows\system32\WinSync.dll
2016-02-12 13:07:10 ----A---- C:\Windows\system32\appraiser.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\invagent.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\generaltel.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\devinv.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-02-12 13:07:09 ----A---- C:\Windows\system32\aeinv.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\acmigration.dll
2016-02-12 13:07:05 ----A---- C:\Windows\system32\win32k.sys
2016-02-12 13:07:03 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-02-12 13:07:03 ----A---- C:\Windows\system32\kerberos.dll
2016-02-12 13:07:02 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-02-12 13:07:02 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\msv1_0.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\lsasrv.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-02-12 13:07:02 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-02-12 13:07:02 ----A---- C:\Windows\system32\dpapisrv.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\certcli.dll
2016-02-12 13:06:43 ----A---- C:\Windows\system32\jscript9.dll
2016-02-12 13:06:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-02-12 13:06:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-02-12 13:06:40 ----A---- C:\Windows\system32\wininet.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\hlink.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\webcheck.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\vbscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\jscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\inetcomm.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\iedkcs32.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\ieapfltr.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\ie4uinit.exe
2016-02-12 13:06:39 ----A---- C:\Windows\system32\hlink.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\actxprxy.dll
2016-02-12 13:06:33 ----A---- C:\Windows\system32\rdpudd.dll
2016-02-12 13:06:33 ----A---- C:\Windows\system32\rdpcorets.dll
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuwebv.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wudriver.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wucltux.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuaueng.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuauclt.exe
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuapp.exe
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuapi.dll
2016-02-12 13:02:37 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2016-02-12 13:02:32 ----D---- C:\ProgramData\RogueKiller
2016-01-22 17:55:54 ----D---- C:\Users\Pavel\AppData\Roaming\RotMG.Production
======List of files/folders modified in the last 1 month======
2016-02-20 11:07:23 ----D---- C:\Windows\Prefetch
2016-02-20 11:07:21 ----SHD---- C:\System Volume Information
2016-02-20 11:07:08 ----RD---- C:\Program Files
2016-02-20 11:05:19 ----D---- C:\ProgramData\Origin
2016-02-20 11:05:14 ----D---- C:\Program Files (x86)\Steam
2016-02-20 11:03:50 ----D---- C:\Windows\Temp
2016-02-20 11:00:00 ----D---- C:\Windows\system32\sru
2016-02-19 21:26:12 ----D---- C:\Windows\Microsoft.NET
2016-02-18 20:03:07 ----SHD---- C:\Windows\Installer
2016-02-18 20:02:53 ----D---- C:\Windows\SysWOW64
2016-02-17 16:42:45 ----D---- C:\Windows\system32\config
2016-02-16 18:04:59 ----D---- C:\Program Files (x86)\Origin
2016-02-16 17:14:01 ----D---- C:\Windows
2016-02-16 17:13:48 ----RD---- C:\Windows\System32
2016-02-16 17:12:40 ----D---- C:\Windows\debug
2016-02-12 17:45:36 ----D---- C:\Windows\Inf
2016-02-12 17:45:36 ----D---- C:\ProgramData\Package Cache
2016-02-12 14:56:13 ----D---- C:\Windows\Panther
2016-02-12 14:56:13 ----D---- C:\Windows\Logs
2016-02-12 14:53:41 ----RD---- C:\Program Files (x86)
2016-02-12 14:53:40 ----D---- C:\Windows\system32\drivers
2016-02-12 14:36:45 ----RSD---- C:\Windows\assembly
2016-02-12 14:24:29 ----D---- C:\Windows\rescache
2016-02-12 14:12:04 ----RD---- C:\Windows\Offline Web Pages
2016-02-12 14:11:39 ----D---- C:\Users\Pavel\AppData\Roaming\msct
2016-02-12 13:49:55 ----HD---- C:\ProgramData
2016-02-12 13:43:16 ----D---- C:\Windows\WinSxS
2016-02-12 13:39:56 ----D---- C:\Windows\system32\appraiser
2016-02-12 13:39:56 ----D---- C:\Windows\apppatch
2016-02-12 13:39:55 ----RD---- C:\Windows\ToastData
2016-02-12 13:39:55 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-02-12 13:39:55 ----D---- C:\Windows\system32\cs-CZ
2016-02-12 13:39:54 ----D---- C:\Windows\system32\wbem
2016-02-12 13:39:54 ----D---- C:\Program Files\Windows Journal
2016-02-12 13:39:53 ----D---- C:\Program Files\Internet Explorer
2016-02-12 13:39:53 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-12 13:32:05 ----D---- C:\Windows\AppReadiness
2016-02-12 13:32:04 ----HD---- C:\Program Files\WindowsApps
2016-02-12 13:31:59 ----D---- C:\Windows\CbsTemp
2016-02-12 13:26:00 ----D---- C:\Windows\system32\MRT
2016-02-12 13:23:21 ----D---- C:\Windows\Tasks
2016-02-12 13:22:11 ----A---- C:\Windows\system32\MRT.exe
2016-02-12 13:20:58 ----D---- C:\Windows\system32\catroot2
2016-02-12 13:03:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-06 19:48:51 ----D---- C:\Program Files (x86)\Origin Games
2016-02-02 03:37:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [2015-11-12 1621232]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-11-21 157016]
R1 adgnetworkwfpdrv;adgnetworkwfpdrv; C:\Windows\system32\drivers\adgnetworkwfpdrv.sys [2015-06-02 55800]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [2015-10-08 1665608]
R1 ccSet_NIS;NIS Settings Manager; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [2015-09-23 173808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-11-18 498512]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160219.001\IDSvia64.sys [2016-02-13 767224]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [2015-09-23 50936]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [2015-09-23 297720]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [2015-11-12 577768]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-04-24 18959360]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-04-24 589312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-11-18 157520]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport – ovladač pro řadič Qualcomm Atheros AR81xx PCI-E Ethernet; C:\Windows\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160219.020\ENG64.SYS [2015-12-22 138488]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160219.020\EX64.SYS [2015-12-22 2148080]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [2015-11-12 928496]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2015-10-05 111344]
S0 SymELAM;Symantec ELAM Driver; C:\Windows\system32\drivers\NISx64\1605050.00F\SymELAM.sys [2015-09-23 24192]
S3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;Služba Reflektor UMDF pro zprostředkovatele umístění (LocationProvider); C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-04-24 244736]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-11-21 38792]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [2015-11-20 282016]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-11-12 76888]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2015-11-12 189248]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-02-04 835152]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-06 144200]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-11-21 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-06 144200]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2016-02-02 2104840]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
AdwCleaner[C2].txt
# AdwCleaner v5.036 - Logfile created 24/02/2016 at 19:04:55
# Updated 22/02/2016 by Xplode
# Database : 2016-02-24.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Pavel - PC
# Running from : C:\Users\Pavel\Desktop\adwcleaner_5.036.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1261 bytes] - [12/02/2016 13:39:40]
C:\AdwCleaner\AdwCleaner[C2].txt - [753 bytes] - [24/02/2016 19:04:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [1139 bytes] - [12/02/2016 13:38:34]
C:\AdwCleaner\AdwCleaner[S2].txt - [637 bytes] - [16/02/2016 16:54:49]
C:\AdwCleaner\AdwCleaner[S3].txt - [641 bytes] - [16/02/2016 16:54:59]
C:\AdwCleaner\AdwCleaner[S4].txt - [1028 bytes] - [24/02/2016 19:04:05]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1115 bytes] ##########
# AdwCleaner v5.036 - Logfile created 24/02/2016 at 19:04:55
# Updated 22/02/2016 by Xplode
# Database : 2016-02-24.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Pavel - PC
# Running from : C:\Users\Pavel\Desktop\adwcleaner_5.036.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1261 bytes] - [12/02/2016 13:39:40]
C:\AdwCleaner\AdwCleaner[C2].txt - [753 bytes] - [24/02/2016 19:04:55]
C:\AdwCleaner\AdwCleaner[S1].txt - [1139 bytes] - [12/02/2016 13:38:34]
C:\AdwCleaner\AdwCleaner[S2].txt - [637 bytes] - [16/02/2016 16:54:49]
C:\AdwCleaner\AdwCleaner[S3].txt - [641 bytes] - [16/02/2016 16:54:59]
C:\AdwCleaner\AdwCleaner[S4].txt - [1028 bytes] - [24/02/2016 19:04:05]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1115 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
log.txt
Logfile of random's system information tool 1.10 (written by random/random)
Run by Pavel at 2016-02-25 17:24:27
Microsoft Windows 8.1
System drive C: has 745 GB (79%) free of 938 GB
Total RAM: 8133 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:24:28, on 25. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Pavel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5325 bytes
======Listing Processes======
wininit.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\diMaster.dll" /prefetch:1
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
taskeng.exe {E35F1EDE-3F9F-4FAF-8230-AB519B934ACA}
taskhostex.exe
"C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe" /c /a /s UserSession2
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
dashost.exe {0aaff899-b69f-4689-aac6521e457d85a5}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cachedir="C:\Users\Pavel\AppData\Local\Steam\htmlcache" -steampid=1200 -buildid=1454620878 -steamid="0" --disable-gpu-compositing --disable-gpu --process-per-tab --enable-system-flash --disable-spell-checking --enable-widevine-cdm --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --enable-pinch --lang=en-US --lang=en-US --log-file="C:\Program Files (x86)\Steam\bin\debug.log" --product-version="Valve Steam Client" --disable-spell-checking --enable-system-flash --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="3280.0.735173758\1457145978" --font-cache-shared-handle=1308 /prefetch:673131151
"C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-108460686-1593251965-3165503301-10013_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-108460686-1593251965-3165503301-10013 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 568 572 580 65536 576
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4960 CREDAT:267521 /prefetch:2
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Pavel\Desktop\RSITx64.exe"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05 1038648]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05 794424]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05 794424]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2016-02-04 3014224]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2016-02-02 3639280]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-01-15 8619224]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-02-25 16:45:59 ----D---- C:\_OTM
2016-02-20 11:07:08 ----D---- C:\rsit
2016-02-20 11:07:08 ----D---- C:\Program Files\trend micro
2016-02-16 17:13:48 ----A---- C:\Windows\system32\FNTCACHE.DAT
2016-02-16 16:47:50 ----A---- C:\Windows\tweaking.com-regbackup-PC-Windows-8.1-(64-bit).dat
2016-02-16 16:47:48 ----D---- C:\RegBackup
2016-02-15 17:08:32 ----D---- C:\Users\Pavel\AppData\Roaming\TeamViewer
2016-02-12 14:46:51 ----D---- C:\Windows\Minidump
2016-02-12 13:49:55 ----D---- C:\ProgramData\Malwarebytes
2016-02-12 13:37:41 ----D---- C:\AdwCleaner
2016-02-12 13:19:30 ----A---- C:\Windows\system32\mshtml.dll
2016-02-12 13:19:30 ----A---- C:\Windows\system32\iertutil.dll
2016-02-12 13:19:29 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-02-12 13:19:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-02-12 13:19:29 ----A---- C:\Windows\system32\urlmon.dll
2016-02-12 13:19:28 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-02-12 13:19:28 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-02-12 13:19:28 ----A---- C:\Windows\system32\ieframe.dll
2016-02-12 13:15:02 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-02-12 13:15:02 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-12 13:15:01 ----A---- C:\Windows\system32\EncDec.dll
2016-02-12 13:15:00 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-02-12 13:14:58 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-12 13:14:57 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-02-12 13:14:56 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-02-12 13:14:56 ----A---- C:\Windows\system32\cfgbkend.dll
2016-02-12 13:14:55 ----A---- C:\Windows\SYSWOW64\cfgbkend.dll
2016-02-12 13:14:44 ----A---- C:\Windows\system32\glcndFilter.dll
2016-02-12 13:14:42 ----A---- C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-12 13:14:41 ----A---- C:\Windows\SYSWOW64\glcndFilter.dll
2016-02-12 13:14:39 ----A---- C:\Windows\SYSWOW64\Windows.Data.Pdf.dll
2016-02-12 13:13:55 ----A---- C:\Windows\system32\shell32.dll
2016-02-12 13:13:53 ----A---- C:\Windows\system32\twinui.dll
2016-02-12 13:13:50 ----A---- C:\Windows\SYSWOW64\twinui.dll
2016-02-12 13:13:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-02-12 13:13:45 ----A---- C:\Windows\system32\authui.dll
2016-02-12 13:13:44 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-02-12 13:07:27 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-02-12 13:07:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-12 13:07:27 ----A---- C:\Windows\system32\ntdll.dll
2016-02-12 13:07:27 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-12 13:07:27 ----A---- C:\Windows\system32\combase.dll
2016-02-12 13:07:26 ----A---- C:\Windows\SYSWOW64\WinTypes.dll
2016-02-12 13:07:26 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-02-12 13:07:26 ----A---- C:\Windows\SYSWOW64\combase.dll
2016-02-12 13:07:26 ----A---- C:\Windows\system32\WinTypes.dll
2016-02-12 13:07:26 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-12 13:07:25 ----A---- C:\Windows\SYSWOW64\wincorlib.dll
2016-02-12 13:07:15 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-12 13:07:12 ----A---- C:\Windows\SYSWOW64\WinSync.dll
2016-02-12 13:07:12 ----A---- C:\Windows\system32\WinSync.dll
2016-02-12 13:07:10 ----A---- C:\Windows\system32\appraiser.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\invagent.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\generaltel.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\devinv.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-02-12 13:07:09 ----A---- C:\Windows\system32\aeinv.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\acmigration.dll
2016-02-12 13:07:05 ----A---- C:\Windows\system32\win32k.sys
2016-02-12 13:07:03 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-02-12 13:07:03 ----A---- C:\Windows\system32\kerberos.dll
2016-02-12 13:07:02 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-02-12 13:07:02 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\msv1_0.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\lsasrv.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-02-12 13:07:02 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-02-12 13:07:02 ----A---- C:\Windows\system32\dpapisrv.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\certcli.dll
2016-02-12 13:06:43 ----A---- C:\Windows\system32\jscript9.dll
2016-02-12 13:06:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-02-12 13:06:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-02-12 13:06:40 ----A---- C:\Windows\system32\wininet.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\hlink.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\webcheck.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\vbscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\jscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\inetcomm.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\iedkcs32.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\ieapfltr.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\ie4uinit.exe
2016-02-12 13:06:39 ----A---- C:\Windows\system32\hlink.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\actxprxy.dll
2016-02-12 13:06:33 ----A---- C:\Windows\system32\rdpudd.dll
2016-02-12 13:06:33 ----A---- C:\Windows\system32\rdpcorets.dll
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuwebv.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wudriver.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wucltux.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuaueng.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuauclt.exe
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuapp.exe
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuapi.dll
2016-02-12 13:02:37 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2016-02-12 13:02:32 ----D---- C:\ProgramData\RogueKiller
======List of files/folders modified in the last 1 month======
2016-02-25 17:02:00 ----D---- C:\Windows\system32\sru
2016-02-25 16:51:13 ----D---- C:\Windows\Temp
2016-02-25 16:50:55 ----SHD---- C:\System Volume Information
2016-02-25 16:49:11 ----D---- C:\ProgramData\Origin
2016-02-25 16:49:10 ----D---- C:\Program Files (x86)\Steam
2016-02-25 16:45:59 ----D---- C:\Windows\Tasks
2016-02-25 16:45:28 ----D---- C:\Windows\Prefetch
2016-02-24 21:35:12 ----D---- C:\Windows\Microsoft.NET
2016-02-22 23:18:20 ----D---- C:\Program Files (x86)\Origin
2016-02-20 11:07:08 ----RD---- C:\Program Files
2016-02-18 20:03:07 ----SHD---- C:\Windows\Installer
2016-02-18 20:02:53 ----D---- C:\Windows\SysWOW64
2016-02-17 16:42:45 ----D---- C:\Windows\system32\config
2016-02-16 17:14:01 ----D---- C:\Windows
2016-02-16 17:13:48 ----RD---- C:\Windows\System32
2016-02-16 17:12:40 ----D---- C:\Windows\debug
2016-02-12 17:45:36 ----D---- C:\Windows\Inf
2016-02-12 17:45:36 ----D---- C:\ProgramData\Package Cache
2016-02-12 14:56:13 ----D---- C:\Windows\Panther
2016-02-12 14:56:13 ----D---- C:\Windows\Logs
2016-02-12 14:53:41 ----RD---- C:\Program Files (x86)
2016-02-12 14:53:40 ----D---- C:\Windows\system32\drivers
2016-02-12 14:36:45 ----RSD---- C:\Windows\assembly
2016-02-12 14:24:29 ----D---- C:\Windows\rescache
2016-02-12 14:12:04 ----RD---- C:\Windows\Offline Web Pages
2016-02-12 14:11:39 ----D---- C:\Users\Pavel\AppData\Roaming\msct
2016-02-12 13:49:55 ----HD---- C:\ProgramData
2016-02-12 13:43:16 ----D---- C:\Windows\WinSxS
2016-02-12 13:39:56 ----D---- C:\Windows\system32\appraiser
2016-02-12 13:39:56 ----D---- C:\Windows\apppatch
2016-02-12 13:39:55 ----RD---- C:\Windows\ToastData
2016-02-12 13:39:55 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-02-12 13:39:55 ----D---- C:\Windows\system32\cs-CZ
2016-02-12 13:39:54 ----D---- C:\Windows\system32\wbem
2016-02-12 13:39:54 ----D---- C:\Program Files\Windows Journal
2016-02-12 13:39:53 ----D---- C:\Program Files\Internet Explorer
2016-02-12 13:39:53 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-12 13:32:05 ----D---- C:\Windows\AppReadiness
2016-02-12 13:32:04 ----HD---- C:\Program Files\WindowsApps
2016-02-12 13:31:59 ----D---- C:\Windows\CbsTemp
2016-02-12 13:26:00 ----D---- C:\Windows\system32\MRT
2016-02-12 13:22:11 ----A---- C:\Windows\system32\MRT.exe
2016-02-12 13:20:58 ----D---- C:\Windows\system32\catroot2
2016-02-12 13:03:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-06 19:48:51 ----D---- C:\Program Files (x86)\Origin Games
2016-02-02 03:37:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [2015-11-12 1621232]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-11-21 157016]
R1 adgnetworkwfpdrv;adgnetworkwfpdrv; C:\Windows\system32\drivers\adgnetworkwfpdrv.sys [2015-06-02 55800]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [2015-10-08 1665608]
R1 ccSet_NIS;NIS Settings Manager; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [2015-09-23 173808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-11-18 498512]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160224.001\IDSvia64.sys [2016-02-13 767224]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [2015-09-23 50936]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [2015-09-23 297720]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [2015-11-12 577768]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-04-24 18959360]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-04-24 589312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-11-18 157520]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport – ovladač pro řadič Qualcomm Atheros AR81xx PCI-E Ethernet; C:\Windows\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160224.037\ENG64.SYS [2015-12-22 138488]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160224.037\EX64.SYS [2015-12-22 2148080]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [2015-11-12 928496]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2015-10-05 111344]
S0 SymELAM;Symantec ELAM Driver; C:\Windows\system32\drivers\NISx64\1605050.00F\SymELAM.sys [2015-09-23 24192]
S3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;Služba Reflektor UMDF pro zprostředkovatele umístění (LocationProvider); C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-04-24 244736]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-11-21 38792]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [2015-11-20 282016]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-11-12 76888]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2015-11-12 189248]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-02-04 835152]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-06 144200]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-11-21 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-06 144200]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2016-02-02 2104840]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Pavel at 2016-02-25 17:24:27
Microsoft Windows 8.1
System drive C: has 745 GB (79%) free of 938 GB
Total RAM: 8133 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:24:28, on 25. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\trend micro\Pavel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5325 bytes
======Listing Processes======
wininit.exe
C:\Windows\system32\lsass.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\diMaster.dll" /prefetch:1
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
taskeng.exe {E35F1EDE-3F9F-4FAF-8230-AB519B934ACA}
taskhostex.exe
"C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe" /c /a /s UserSession2
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
dashost.exe {0aaff899-b69f-4689-aac6521e457d85a5}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" -cachedir="C:\Users\Pavel\AppData\Local\Steam\htmlcache" -steampid=1200 -buildid=1454620878 -steamid="0" --disable-gpu-compositing --disable-gpu --process-per-tab --enable-system-flash --disable-spell-checking --enable-widevine-cdm --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Steam\bin\steamwebhelper.exe" --type=renderer --disable-gpu-compositing --enable-pinch --lang=en-US --lang=en-US --log-file="C:\Program Files (x86)\Steam\bin\debug.log" --product-version="Valve Steam Client" --disable-spell-checking --enable-system-flash --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --disable-gpu-compositing --channel="3280.0.735173758\1457145978" --font-cache-shared-handle=1308 /prefetch:673131151
"C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-108460686-1593251965-3165503301-10013_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-108460686-1593251965-3165503301-10013 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 568 572 580 65536 576
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4960 CREDAT:267521 /prefetch:2
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Users\Pavel\Desktop\RSITx64.exe"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05 1038648]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05 794424]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05 794424]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2016-02-04 3014224]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2016-02-02 3639280]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-01-15 8619224]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-02-25 16:45:59 ----D---- C:\_OTM
2016-02-20 11:07:08 ----D---- C:\rsit
2016-02-20 11:07:08 ----D---- C:\Program Files\trend micro
2016-02-16 17:13:48 ----A---- C:\Windows\system32\FNTCACHE.DAT
2016-02-16 16:47:50 ----A---- C:\Windows\tweaking.com-regbackup-PC-Windows-8.1-(64-bit).dat
2016-02-16 16:47:48 ----D---- C:\RegBackup
2016-02-15 17:08:32 ----D---- C:\Users\Pavel\AppData\Roaming\TeamViewer
2016-02-12 14:46:51 ----D---- C:\Windows\Minidump
2016-02-12 13:49:55 ----D---- C:\ProgramData\Malwarebytes
2016-02-12 13:37:41 ----D---- C:\AdwCleaner
2016-02-12 13:19:30 ----A---- C:\Windows\system32\mshtml.dll
2016-02-12 13:19:30 ----A---- C:\Windows\system32\iertutil.dll
2016-02-12 13:19:29 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-02-12 13:19:29 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-02-12 13:19:29 ----A---- C:\Windows\system32\urlmon.dll
2016-02-12 13:19:28 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-02-12 13:19:28 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-02-12 13:19:28 ----A---- C:\Windows\system32\ieframe.dll
2016-02-12 13:15:02 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-02-12 13:15:02 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-12 13:15:01 ----A---- C:\Windows\system32\EncDec.dll
2016-02-12 13:15:00 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-02-12 13:14:58 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-12 13:14:57 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-02-12 13:14:56 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-02-12 13:14:56 ----A---- C:\Windows\system32\cfgbkend.dll
2016-02-12 13:14:55 ----A---- C:\Windows\SYSWOW64\cfgbkend.dll
2016-02-12 13:14:44 ----A---- C:\Windows\system32\glcndFilter.dll
2016-02-12 13:14:42 ----A---- C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-12 13:14:41 ----A---- C:\Windows\SYSWOW64\glcndFilter.dll
2016-02-12 13:14:39 ----A---- C:\Windows\SYSWOW64\Windows.Data.Pdf.dll
2016-02-12 13:13:55 ----A---- C:\Windows\system32\shell32.dll
2016-02-12 13:13:53 ----A---- C:\Windows\system32\twinui.dll
2016-02-12 13:13:50 ----A---- C:\Windows\SYSWOW64\twinui.dll
2016-02-12 13:13:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-02-12 13:13:45 ----A---- C:\Windows\system32\authui.dll
2016-02-12 13:13:44 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-02-12 13:07:27 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-02-12 13:07:27 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-12 13:07:27 ----A---- C:\Windows\system32\ntdll.dll
2016-02-12 13:07:27 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-12 13:07:27 ----A---- C:\Windows\system32\combase.dll
2016-02-12 13:07:26 ----A---- C:\Windows\SYSWOW64\WinTypes.dll
2016-02-12 13:07:26 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-02-12 13:07:26 ----A---- C:\Windows\SYSWOW64\combase.dll
2016-02-12 13:07:26 ----A---- C:\Windows\system32\WinTypes.dll
2016-02-12 13:07:26 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-12 13:07:25 ----A---- C:\Windows\SYSWOW64\wincorlib.dll
2016-02-12 13:07:15 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-12 13:07:12 ----A---- C:\Windows\SYSWOW64\WinSync.dll
2016-02-12 13:07:12 ----A---- C:\Windows\system32\WinSync.dll
2016-02-12 13:07:10 ----A---- C:\Windows\system32\appraiser.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\invagent.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\generaltel.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\devinv.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-02-12 13:07:09 ----A---- C:\Windows\system32\aeinv.dll
2016-02-12 13:07:09 ----A---- C:\Windows\system32\acmigration.dll
2016-02-12 13:07:05 ----A---- C:\Windows\system32\win32k.sys
2016-02-12 13:07:03 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-02-12 13:07:03 ----A---- C:\Windows\system32\kerberos.dll
2016-02-12 13:07:02 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-02-12 13:07:02 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\msv1_0.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\lsasrv.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-02-12 13:07:02 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-02-12 13:07:02 ----A---- C:\Windows\system32\dpapisrv.dll
2016-02-12 13:07:02 ----A---- C:\Windows\system32\certcli.dll
2016-02-12 13:06:43 ----A---- C:\Windows\system32\jscript9.dll
2016-02-12 13:06:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-02-12 13:06:40 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-02-12 13:06:40 ----A---- C:\Windows\system32\wininet.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-02-12 13:06:39 ----A---- C:\Windows\SYSWOW64\hlink.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\webcheck.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\vbscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\jscript.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\inetcomm.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\iedkcs32.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\ieapfltr.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\ie4uinit.exe
2016-02-12 13:06:39 ----A---- C:\Windows\system32\hlink.dll
2016-02-12 13:06:39 ----A---- C:\Windows\system32\actxprxy.dll
2016-02-12 13:06:33 ----A---- C:\Windows\system32\rdpudd.dll
2016-02-12 13:06:33 ----A---- C:\Windows\system32\rdpcorets.dll
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2016-02-12 13:06:30 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuwebv.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wudriver.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wucltux.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuaueng.dll
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuauclt.exe
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuapp.exe
2016-02-12 13:06:30 ----A---- C:\Windows\system32\wuapi.dll
2016-02-12 13:02:37 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2016-02-12 13:02:32 ----D---- C:\ProgramData\RogueKiller
======List of files/folders modified in the last 1 month======
2016-02-25 17:02:00 ----D---- C:\Windows\system32\sru
2016-02-25 16:51:13 ----D---- C:\Windows\Temp
2016-02-25 16:50:55 ----SHD---- C:\System Volume Information
2016-02-25 16:49:11 ----D---- C:\ProgramData\Origin
2016-02-25 16:49:10 ----D---- C:\Program Files (x86)\Steam
2016-02-25 16:45:59 ----D---- C:\Windows\Tasks
2016-02-25 16:45:28 ----D---- C:\Windows\Prefetch
2016-02-24 21:35:12 ----D---- C:\Windows\Microsoft.NET
2016-02-22 23:18:20 ----D---- C:\Program Files (x86)\Origin
2016-02-20 11:07:08 ----RD---- C:\Program Files
2016-02-18 20:03:07 ----SHD---- C:\Windows\Installer
2016-02-18 20:02:53 ----D---- C:\Windows\SysWOW64
2016-02-17 16:42:45 ----D---- C:\Windows\system32\config
2016-02-16 17:14:01 ----D---- C:\Windows
2016-02-16 17:13:48 ----RD---- C:\Windows\System32
2016-02-16 17:12:40 ----D---- C:\Windows\debug
2016-02-12 17:45:36 ----D---- C:\Windows\Inf
2016-02-12 17:45:36 ----D---- C:\ProgramData\Package Cache
2016-02-12 14:56:13 ----D---- C:\Windows\Panther
2016-02-12 14:56:13 ----D---- C:\Windows\Logs
2016-02-12 14:53:41 ----RD---- C:\Program Files (x86)
2016-02-12 14:53:40 ----D---- C:\Windows\system32\drivers
2016-02-12 14:36:45 ----RSD---- C:\Windows\assembly
2016-02-12 14:24:29 ----D---- C:\Windows\rescache
2016-02-12 14:12:04 ----RD---- C:\Windows\Offline Web Pages
2016-02-12 14:11:39 ----D---- C:\Users\Pavel\AppData\Roaming\msct
2016-02-12 13:49:55 ----HD---- C:\ProgramData
2016-02-12 13:43:16 ----D---- C:\Windows\WinSxS
2016-02-12 13:39:56 ----D---- C:\Windows\system32\appraiser
2016-02-12 13:39:56 ----D---- C:\Windows\apppatch
2016-02-12 13:39:55 ----RD---- C:\Windows\ToastData
2016-02-12 13:39:55 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-02-12 13:39:55 ----D---- C:\Windows\system32\cs-CZ
2016-02-12 13:39:54 ----D---- C:\Windows\system32\wbem
2016-02-12 13:39:54 ----D---- C:\Program Files\Windows Journal
2016-02-12 13:39:53 ----D---- C:\Program Files\Internet Explorer
2016-02-12 13:39:53 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-12 13:32:05 ----D---- C:\Windows\AppReadiness
2016-02-12 13:32:04 ----HD---- C:\Program Files\WindowsApps
2016-02-12 13:31:59 ----D---- C:\Windows\CbsTemp
2016-02-12 13:26:00 ----D---- C:\Windows\system32\MRT
2016-02-12 13:22:11 ----A---- C:\Windows\system32\MRT.exe
2016-02-12 13:20:58 ----D---- C:\Windows\system32\catroot2
2016-02-12 13:03:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-06 19:48:51 ----D---- C:\Program Files (x86)\Origin Games
2016-02-02 03:37:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [2015-11-12 1621232]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-11-21 157016]
R1 adgnetworkwfpdrv;adgnetworkwfpdrv; C:\Windows\system32\drivers\adgnetworkwfpdrv.sys [2015-06-02 55800]
R1 BHDrvx64;BHDrvx64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160213.003\BHDrvx64.sys [2015-10-08 1665608]
R1 ccSet_NIS;NIS Settings Manager; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [2015-09-23 173808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-11-18 498512]
R1 IDSVia64;IDSVia64; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160224.001\IDSvia64.sys [2016-02-13 767224]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [2015-09-23 50936]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [2015-09-23 297720]
R1 SymNetS;Symantec Network Security WFP Driver; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [2015-11-12 577768]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-04-24 18959360]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-04-24 589312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-11-18 157520]
R3 L1C;@netl1c63x64.inf,%L1C.Service.DispName%;NDIS Miniport – ovladač pro řadič Qualcomm Atheros AR81xx PCI-E Ethernet; C:\Windows\system32\DRIVERS\L1C63x64.sys [2013-06-18 129224]
R3 NAVENG;NAVENG; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160224.037\ENG64.SYS [2015-12-22 138488]
R3 NAVEX15;NAVEX15; \??\C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160224.037\EX64.SYS [2015-12-22 2148080]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [2015-11-12 928496]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2015-10-05 111344]
S0 SymELAM;Symantec ELAM Driver; C:\Windows\system32\drivers\NISx64\1605050.00F\SymELAM.sys [2015-09-23 24192]
S3 WUDFSensorLP;@locationprovider.inf,%WudfLocationProviderDisplayName%;Služba Reflektor UMDF pro zprostředkovatele umístění (LocationProvider); C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-11-21 226304]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-04-24 244736]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-11-21 38792]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [2015-11-20 282016]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2015-11-12 76888]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2015-11-12 189248]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-02-04 835152]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-06 144200]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-11-21 38792]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-06 144200]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2016-02-02 2104840]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Zdravím,
zatím bez změn - samovolné otevírání oken či zástupců na ploše, změnilo se rozlišení, občas nejdou otevřít dlaždice
zatím bez změn - samovolné otevírání oken či zástupců na ploše, změnilo se rozlišení, občas nejdou otevřít dlaždice
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosím o kontrolu logu
Už je to vyřešeno - způsobovala to vadná klávesnice. Díky moc 
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosím o kontrolu logu
I to je možné. Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?