Uz neviem co robit, skusil som:[*] Zmazat cookies/cache v browseri
[*] Odinstalovat vsetky addony v browseri
[*] Zmenit DNS servery na sietovej karte
[*] Skontrolovat router + resetovat ho do povodnych nastaveni
[*] Pouzit inu siet
[*] MBAM, Ccleaner, AdwCleaner, Symantec, Ad-Aware
Vzdy ma to presmeruje na searchadsredirect.com, IPcku to ma 208.91.196.145, jedna sa o nejaky pasivny DNS server. Prikladam RSIT. Vdaka!
Logfile of random's system information tool 1.10 (written by random/random)
Run by mmel at 2016-03-05 19:54:36
Microsoft Windows 8.1 Enterprise N
System drive C: has 15 GB (12%) free of 122 GB
Total RAM: 8065 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:54:37 PM, on 3/5/2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17037)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\KACE\KBOX\KBOXUserExtension.exe
C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Notepad++\notepad++.exe
C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mcomm.exe
C:\Users\mmel\AppData\Local\watchdog.exe
C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mlauncher.exe
C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
C:\Windows\CCM\SCNotification.exe
C:\Program Files\trend micro\mmel.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache34.ics.muni.cz:5555
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe" "/Trigger RunAtLogon"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
O4 - Startup: Virtual Router Manager.lnk = ?
O4 - Global Startup: vpngui.exe.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.*.akamai.net
O15 - Trusted Zone: *.*.americanexpress.com
O15 - Trusted Zone: *.*.boi-bol.com
O15 - Trusted Zone: *.*.chase.com
O15 - Trusted Zone: *.*.citibank.com
O15 - Trusted Zone: *.*.citidirect.com
O15 - Trusted Zone: *.*.coupahost.com
O15 - Trusted Zone: *.*.csob.cz
O15 - Trusted Zone: *.*.icims.com
O15 - Trusted Zone: *.*.jpmorgan.com
O15 - Trusted Zone: *.*.laiki.com
O15 - Trusted Zone: *.*.microsoft.com
O15 - Trusted Zone: *.*.netsuite.com
O15 - Trusted Zone: *.*.okta.com
O15 - Trusted Zone: *.*.salesforce.com
O15 - Trusted Zone: *.*.swedbank.com
O15 - Trusted Zone: *.crm
O15 - Trusted Zone: *.vlabs.holsystems.com
O15 - Trusted Zone: http://*.www.google-analytics.com (HKLM)
O15 - ESC Trusted Zone: http://*.www.google-analytics.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tul.swi.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tul.swi.net
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @oem67.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - c:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DameWare Mini Remote Control (dwmrcs) - SolarWinds - C:\Windows\dwrcs\dwrcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: KBOX SMMP Management Service (KBOXSMMP) - Dell Inc. - C:\Program Files (x86)\KACE\KBOX\KBOXSMMPService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware Service 11 (LavasoftAdAwareService11) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\Windows\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\o2flash.exe (file missing)
O23 - Service: O2SDIOAssist - Unknown owner - C:\Windows\SysWOW64\srvany.exe
O23 - Service: PanGPS - Palo Alto Networks - C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin64\snac64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Synergy - Unknown owner - C:\Program Files (x86)\Synergy\synergyd.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VirtualRouterService (Virtual Router) - Chris Pietschmann (http://pietschsoft.com) - C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13109 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
"dwm.exe"
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"c:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe"
C:\Windows\dwrcs\dwrcs.exe -service
dashost.exe {286e5fef-1725-4969-9f41df934e2846a8}
C:\Windows\system32\inetsrv\inetinfo.exe
"C:\Program Files (x86)\KACE\KBOX\KBOXSMMPService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
C:\Windows\system32\mqsvc.exe
"C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe"
C:\Windows\system32\o2flash.exe
C:\Windows\SysWOW64\srvany.exe
"C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe"
C:\Windows\sysWOW64\SDIOAssist.exe
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\sms.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Synergy\synergyd.exe"
"C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe"
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:/Program Files (x86)/Synergy/synergyc.exe" -f --no-tray --debug INFO --name MMELOCIK-LT --ipc --stop-on-desk-switch --enable-drag-drop --profile-dir "C:\Users\mmel\AppData\Local" 10.140.66.156:80
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
6129
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\Explorer.EXE
ClassicStartMenu.exe -startup
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
C:\Windows\System32\RuntimeBroker.exe -Embedding
taskeng.exe {0B52257F-5177-4304-A037-0484A6C6311D}
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe" /u /c /a /s "UserSession"
taskhostex.exe
"c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
"c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
C:\Windows\System32\mobsync.exe -Embedding
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files\DellTPad\Apoint.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files\DellTPad\HidFind.exe"
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\KACE\KBOX\KBOXUserExtension.exe"
"C:\Program Files\Greenshot\Greenshot.exe"
"C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe"
"C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe"
"C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe" "/Trigger RunAtLogon"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE" /tsr
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Notepad++\notepad++.exe" "C:\AdwCleaner\AdwCleaner[C1].txt"
"C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mcomm.exe" "Debug=On&Digest=c3d8ae3c6d33965c676029ab8f044824&Dir=C:\Program Files (x86)\Citrix\GoToMeeting\3499\&LoaderPath=C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe&LogLevel=Terse&LogName=c:\users\marek~1.mel\appdata\local\temp\citrixlogs\gotomeeting\3499\2016-03-05_19.40.18.499\GoToMeeting.log&Path=g2mlauncher.exe&Plugin=G2MLauncher&PluginDebug=On&PluginStat=On&PluginStatDb=Off&Stat=On&StatDb=Off&Trigger=RunAtLogon&UniqueId=1e20"
"C:\Users\mmel\AppData\Local\watchdog.exe"
"C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mlauncher.exe" "StartID={F5CBAB62-C6B8-4AF7-90DB-F2006E0DD083}&Debug=On&Stat=On&StatDb=Off&Index=0"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe" -Embedding
C:\Windows\CCM\CcmExec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Microsoft Policy Platform\policyHost.exe" /service
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\CCM\SCNotification.exe"
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 580 584 592 65536 588
"C:\Users\mmel\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\G2MUpdateTask-S-1-5-21-2000478354-2025429265-682003330-62348.job - C:\Program Files (x86)\Citrix\GoToMeeting\4542\g2mupdate.exe
C:\Windows\tasks\G2MUploadTask-S-1-5-21-2000478354-2025429265-682003330-62348.job - C:\Program Files (x86)\Citrix\GoToMeeting\4542\g2mupload.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
=========Mozilla firefox=========
ProfilePath - C:\Users\mmel\AppData\Roaming\Mozilla\Firefox\Profiles\5cp7twgk.default
prefs.js - "browser.search.useDBForOrder" - true
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
C:\Program Files (x86)\Mozilla Firefox\plugins\
npMeetingJoinPluginOC.dll
nppdf32.dll
C:\Users\mmel\AppData\Roaming\Mozilla\Firefox\Profiles\5cp7twgk.default\searchplugins\
fogbugz-fogbugzswdevlocal.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10 218776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20 803520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_73\bin\ssv.dll [2016-02-10 551520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-10 212576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20 483520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10 153248]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20 683200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Vulnerability Protection - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\bin\IPS\IPSBHO.DLL [2015-10-23 392344]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-10 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 1720976]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-10 172640]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20 440512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20 803520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20 683200]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2013-06-10 681880]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-06-10 172016]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-06-10 399856]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-06-10 442352]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2014-04-20 161984]
"KBOXUserExtension"=C:\Program Files (x86)\KACE\KBOX\KBOXUserExtension.exe [2010-06-14 496128]
"Greenshot"=C:\Program Files\Greenshot\Greenshot.exe [2015-11-10 528384]
"GlobalProtect"=C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [2015-09-10 1802032]
"DameWare MRC Agent"=C:\Windows\dwrcs\DWRCST.exe [2012-11-02 425832]
""= []
"AdAwareTray"=C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [2016-01-28 9581280]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Lync"=C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [2015-02-10 19105944]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-02-12 8641240]
"GoToMeeting"=C:\Program Files (x86)\Citrix\GoToMeeting\3499\g2mstart.exe [2015-09-29 41536]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2016-02-10 50599552]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29 594992]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
vpngui.exe.lnk - c:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe
C:\Users\mmel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Send to OneNote.lnk - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
Virtual Router Manager.lnk - C:\Users\mmel\AppData\Roaming\Microsoft\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-06-10 442880]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSettings_{1965D917-E2FF-4B93-999C-901F0AB03984}.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SepMasterService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsv64.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-03-05 19:43:08 ----D---- C:\Program Files\trend micro
2016-03-05 19:43:07 ----D---- C:\rsit
2016-03-05 19:37:39 ----D---- C:\AdwCleaner
2016-03-05 18:55:24 ----D---- C:\Users\mmel\AppData\Roaming\Lavasoft
2016-03-05 16:45:43 ----D---- C:\Users\mmel\AppData\Roaming\LavasoftStatistics
2016-03-05 16:44:19 ----D---- C:\Program Files\Lavasoft
2016-03-05 16:43:23 ----D---- C:\Program Files\Common Files\Lavasoft
2016-03-05 16:42:47 ----D---- C:\ProgramData\Lavasoft
2016-03-05 16:34:20 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-03-05 16:34:06 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-05 16:34:06 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-03-05 16:34:06 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-03-05 16:34:06 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-03-04 07:30:24 ----D---- C:\Users\mmel\AppData\Roaming\Softplicity
2016-03-04 07:30:16 ----D---- C:\Program Files (x86)\CoolUtils
2016-02-29 09:03:12 ----D---- C:\ProgramData\Malwarebytes
2016-02-26 18:33:47 ----A---- C:\Windows\SYSWOW64\srvany.exe
2016-02-26 18:33:47 ----A---- C:\Windows\SYSWOW64\SDIOAssist.exe
2016-02-26 18:33:47 ----A---- C:\Windows\SYSWOW64\instsrv.exe
2016-02-26 18:33:37 ----D---- C:\Windows\devcon
2016-02-26 18:24:50 ----D---- C:\Windows\SYSWOW64\SDA
2016-02-12 08:02:00 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-02-11 13:48:33 ----D---- C:\Program Files\Bonjour
2016-02-11 13:48:33 ----D---- C:\Program Files (x86)\Bonjour
2016-02-11 13:40:59 ----D---- C:\Program Files (x86)\Synergy
======List of files/folders modified in the last 1 month======
2016-03-05 19:54:21 ----D---- C:\Windows\Prefetch
2016-03-05 19:50:36 ----D---- C:\Users\mmel\AppData\Roaming\Skype
2016-03-05 19:48:16 ----D---- C:\Windows\Temp
2016-03-05 19:45:53 ----D---- C:\Users\mmel\AppData\Roaming\ClassicShell
2016-03-05 19:43:54 ----D---- C:\Windows\System32
2016-03-05 19:43:54 ----D---- C:\Windows\Inf
2016-03-05 19:43:54 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-05 19:43:08 ----RD---- C:\Program Files
2016-03-05 19:41:58 ----A---- C:\Windows\SMSCFG.ini
2016-03-05 19:41:39 ----D---- C:\Windows\system32\inetsrv
2016-03-05 19:39:33 ----SHD---- C:\System Volume Information
2016-03-05 19:00:00 ----D---- C:\Windows\system32\sru
2016-03-05 17:09:20 ----D---- C:\Windows\ccmsetup
2016-03-05 16:58:34 ----D---- C:\Windows\Microsoft.NET
2016-03-05 16:57:36 ----D---- C:\Windows\system32\DriverStore
2016-03-05 16:45:42 ----SHD---- C:\Windows\Installer
2016-03-05 16:45:42 ----SHD---- C:\Config.Msi
2016-03-05 16:44:23 ----D---- C:\Windows\system32\drivers
2016-03-05 16:43:23 ----D---- C:\Program Files\Common Files
2016-03-05 16:42:47 ----HD---- C:\ProgramData
2016-03-05 16:34:06 ----RD---- C:\Program Files (x86)
2016-03-05 16:31:39 ----D---- C:\Windows\system32\NDF
2016-03-05 16:28:18 ----D---- C:\Windows\Tasks
2016-03-05 16:25:28 ----D---- C:\Windows
2016-03-05 16:10:38 ----D---- C:\Program Files\Java
2016-03-05 16:07:02 ----A---- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-03-05 16:06:01 ----RSD---- C:\Windows\assembly
2016-03-05 13:34:26 ----D---- C:\Windows\AppReadiness
2016-03-05 12:25:17 ----D---- C:\Windows\SoftwareDistribution
2016-03-04 21:49:09 ----D---- C:\Users\mmel\AppData\Roaming\vlc
2016-03-04 08:19:20 ----D---- C:\Windows\system32\FxsTmp
2016-03-03 13:31:56 ----D---- C:\Users\mmel\AppData\Roaming\Notepad++
2016-03-03 13:31:55 ----D---- C:\Program Files (x86)\Notepad++
2016-03-03 09:06:07 ----D---- C:\Windows\system32\config
2016-03-03 09:04:27 ----D---- C:\ProgramData\Skype
2016-02-27 13:44:33 ----D---- C:\Users\mmel\AppData\Roaming\Adobe
2016-02-26 18:33:47 ----D---- C:\Windows\SysWOW64
2016-02-26 18:33:35 ----D---- C:\Windows\system32\catroot
2016-02-26 18:24:51 ----D---- C:\Program Files (x86)\InstallShield Installation Information
2016-02-26 18:24:50 ----D---- C:\Program Files (x86)\O2Micro
2016-02-13 10:52:20 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-13 10:51:06 ----D---- C:\Windows\Minidump
2016-02-10 15:47:12 ----D---- C:\ProgramData\Oracle
2016-02-10 15:18:46 ----D---- C:\Program Files (x86)\Java
2016-02-10 15:18:06 ----D---- C:\Program Files (x86)\Common Files
2016-02-10 15:17:38 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2016-02-10 15:17:37 ----A---- C:\Windows\system32\javaws.exe
2016-02-10 15:17:37 ----A---- C:\Windows\system32\javaw.exe
2016-02-10 15:17:37 ----A---- C:\Windows\system32\java.exe
2016-02-10 15:16:57 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-02-10 08:53:14 ----HD---- C:\Program Files\WindowsApps
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 stdcfltn;Disk Class Filter Driver for Accelerometer; C:\Windows\system32\DRIVERS\stdcfltn.sys [2012-07-14 22168]
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\symefasi\0502000.004\symefasi.sys [2016-01-26 1626336]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\BASHDefs\20160125.011\BHDrvx64.sys [2015-11-03 1665608]
R1 ccSettings_{1965D917-E2FF-4B93-999C-901F0AB03984};Symantec Endpoint Protection 12.1.6608.6300.105 Settings Manager; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\ccSetx64.sys [2015-10-23 162392]
R1 DwMirror;DwMirror; C:\Windows\system32\DRIVERS\DamewareMini.sys [2008-03-14 5632]
R1 dwvkbd;@oem64.inf,%dwvkbd64.SvcDesc%;DameWare Virtual Keyboard 64 bit Driver; C:\Windows\system32\DRIVERS\dwvkbd64.sys [2008-03-13 30720]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2015-11-18 498512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\IPSDefs\20160304.011\IDSvia64.sys [2016-02-16 767224]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SRTSP64.SYS [2015-10-23 890584]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SRTSPX64.SYS [2015-10-23 37592]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\Ironx64.SYS [2015-10-23 270040]
R1 SYMNETS;Symantec Network Security WFP Driver; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SYMNETS.SYS [2015-10-23 594136]
R1 SysPlant;SysPlant for NT; C:\Windows\system32\Drivers\SysPlant.sys [2016-01-26 168304]
R1 Teefer2;@oem40.inf,%Teefer2_Desc%;Symantec Endpoint Protection Firewall; C:\Windows\system32\DRIVERS\Teefer.sys [2015-10-23 112648]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2014-04-18 36600]
R3 ApfiltrService;@oem45.inf,%Filter.SvcDesc%;Alps Touch Pad Filter Driver for Windows x64; C:\Windows\System32\drivers\Apfiltr.sys [2013-06-10 446840]
R3 b57nd60a;@netb57va.inf,%SvcDispName%;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys [2013-06-18 425984]
R3 bcbtums;@oem67.inf,%BCBTUMS.SvcDesc%;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2013-09-05 170712]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2013-08-22 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Bluetooth Low Energy Driver; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2013-08-22 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2014-03-18 81920]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\c:\Windows\system32\Drivers\CVPNDRVA.sys [2011-03-04 306536]
R3 DellRbtn;@oem9.inf,%DellRbtn%;Airplane Mode Switch; C:\Windows\System32\drivers\DellRbtn.sys [2013-02-12 10752]
R3 DNE;@oem70.inf,%DneMP_Desc%;Deterministic Network Enhancer Miniport; C:\Windows\system32\DRIVERS\dne64x.sys [2008-11-17 157968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-11-18 157520]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-06-10 5358016]
R3 IntcDAud;@oem48.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-06-10 342528]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-10-05 25816]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-03-05 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-10-05 64216]
R3 MEIx64;@oem68.inf,%HECI_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\System32\drivers\HECIx64.sys [2012-07-18 62784]
R3 MQAC;@mqutil.dll,-6101; C:\Windows\system32\drivers\mqac.sys [2014-06-16 173568]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\VirusDefs\20160304.020\ENG64.SYS [2015-10-27 138488]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Data\Definitions\VirusDefs\20160304.020\EX64.SYS [2015-10-27 2148080]
R3 NETwNe64;@netwew00.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\Windows\system32\DRIVERS\NETwew00.sys [2013-07-08 3344352]
R3 O2SDJRDR;O2SDJRDR; C:\Windows\system32\DRIVERS\o2sdjw7x64.sys [2011-11-14 84712]
R3 PanGpd;@oem36.inf,%PanGpd.Service.DispName%;PanGP Virtual Miniport; C:\Windows\system32\DRIVERS\pangpd.sys [2015-09-10 36352]
R3 prepdrvr;SMS Process Event Driver; C:\Windows\system32\DRIVERS\prepdrv.sys [2013-09-11 26984]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2014-03-18 167424]
R3 ST_Accel;@oem8.inf,%ST_Accel.SVCDESC%;STMicroelectronics Accelerometer Service; C:\Windows\System32\drivers\ST_Accel.sys [2012-10-19 73368]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2016-01-26 178392]
S0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-06-10 647736]
S0 SymELAM;Symantec ELAM Driver; C:\Windows\system32\Drivers\SEP\0C0119D0\189C.105\x64\SymELAM.sys [2015-10-23 23568]
S3 Acceler;@oem29.inf,%Accelern.SVCDESC%;Accelerometer Service; C:\Windows\System32\drivers\accelern.sys [2013-06-10 27760]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2014-03-18 1200640]
S3 btwampfl;@oem67.inf,%btwampfl.ServiceName%;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2013-09-05 166104]
S3 CVirtA;Cisco Systems VPN Adapter for 64-bit Windows; C:\Windows\system32\DRIVERS\CVirtA64.sys [2010-02-08 14992]
S3 d554gps;@oem32.inf,%ServiceName%;Dell Wireless HSPA Mini-Card GPS Port; C:\Windows\System32\drivers\d554gps64.sys [2013-06-10 103184]
S3 dc3d;@oem40.inf,%dc3d.SvcDesc%;MS Hardware Device Detection Driver (USB); C:\Windows\System32\drivers\dc3d.sys [2011-05-18 47616]
S3 dcdbas;@oem25.inf,%dcdbas.SVCDESC%;System Management Driver; C:\Windows\System32\drivers\dcdbas64.sys [2013-06-10 39016]
S3 ecnssndis;@oem44.inf,%Ericsson.SvcDesc%; Mobile Broadband Driver; C:\Windows\System32\Drivers\wwuss64.sys [2013-06-10 26664]
S3 ecnssndisfltr;@oem44.inf,%Ericsson.FltSvcDesc%; Mobile Broadband Driver Filter; C:\Windows\System32\Drivers\wwussf64.sys [2013-06-10 29736]
S3 Mbm3CBus;@oem40.inf,%d557.Service.Desc%;Dell Wireless 5540 HSPA Mini-Card Device (WDM); C:\Windows\System32\drivers\Mbm3CBus.sys [2013-06-10 419400]
S3 Mbm3DevMt;@oem42.inf,%d557.Service.Name%;Dell Wireless HSPA Mini-Card Device Management Driver (WDM); C:\Windows\System32\drivers\Mbm3DevMt.sys [2013-06-10 430664]
S3 O2MDFW8x64;O2MDFW8x64; C:\Windows\System32\drivers\O2MDFw8x64.sys [2013-06-10 74368]
S3 O2MDRW8x64;O2MDRW8x64; C:\Windows\System32\drivers\O2MDRw8x64.sys [2013-06-10 91008]
S3 Point64;@oem76.inf,%point64.SvcDesc%;Microsoft Mouse and Keyboard Center Filter Driver; C:\Windows\System32\drivers\point64.sys [2014-03-19 50896]
S3 SyDvCtrl;SyDvCtrl; \??\C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin64\SyDvCtrl64.sys [2015-10-23 36952]
S3 Trufos;Trufos; C:\Windows\system32\DRIVERS\Trufos.sys [2015-12-09 452040]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2014-03-18 121088]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2013-08-22 37768]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-10-07 345376]
R2 CcmExec;SMS Agent Host; C:\Windows\CCM\CcmExec.exe [2015-10-04 1773744]
R2 CVPND;Cisco Systems, Inc. VPN Service; c:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [2011-03-04 1529856]
R2 dwmrcs;DameWare Mini Remote Control; C:\Windows\dwrcs\dwrcs.exe [2012-11-02 869736]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2014-06-16 16896]
R2 KBOXSMMP;KBOX SMMP Management Service; C:\Program Files (x86)\KACE\KBOX\KBOXSMMPService.exe [2010-06-14 2237440]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 MSMQ;@mqutil.dll,-6102; C:\Windows\system32\mqsvc.exe [2014-06-16 25600]
R2 NovaPdfServer;novaPDF Server; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [2015-07-14 41760]
R2 O2FLASH;O2FLASH; C:\Windows\system32\o2flash.exe [2011-11-16 244328]
R2 O2SDIOAssist;O2SDIOAssist; C:\Windows\SysWOW64\srvany.exe [2003-04-18 8192]
R2 PanGPS;PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [2015-09-10 2672944]
R2 SepMasterService;Symantec Endpoint Protection; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin\ccSvcHst.exe [2015-10-23 145008]
R2 Synergy;Synergy; C:\Program Files (x86)\Synergy\synergyd.exe [2015-11-19 253120]
R3 lpasvc;Microsoft Policy Platform Local Authority; C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-08-02 50280]
S2 BcmBtRSupport;@oem67.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\Windows\system32\BtwRSupportService.exe [2013-09-05 2252504]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S2 LavasoftAdAwareService11;Ad-Aware Service 11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [2016-01-28 712432]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10 269504]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-08-10 50784]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-06-10 279024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 lppsvc;Microsoft Policy Platform Processor; C:\Program Files\Microsoft Policy Platform\policyHost.exe [2012-08-02 50280]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-02-12 146888]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 150648]
S3 smstsmgr;ConfigMgr Task Sequence Agent; C:\Windows\CCM\TSManager.exe [2015-04-14 316600]
S3 SNAC;Symantec Network Access Control; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6608.6300.105\Bin64\snac64.exe [2015-10-23 396344]
S4 CmRcService;Configuration Manager Remote Control; C:\Windows\CCM\RemCtrl\CmRcService.exe [2015-04-14 671928]
-----------------EOF-----------------
Spusťte tuto utilitu:
Přispějete na provoz fóra?