Dobry den, prosim o kontrolu logu, pri praci s prohlizecem vyskakuji nezadouci okna
dekuji
Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2016-03-22 18:52:58
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 51 GB (51%) free of 100 GB
Total RAM: 4086 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:53:00, on 22.3.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Michal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Launcher3010] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox Phaser 3010
O4 - HKLM\..\Run: [3010 RUN] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRun3010] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox Phaser 3010,hide,\S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\ProgramData\SecurityUtility\QKKPZC32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ggbugreport - Unknown owner - C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Winsere - Unknown owner - C:\Program Files (x86)\Winsere\Winsere\Winsere.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: XRcnStatutsDatabase (XRNADB) - Xerox - C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
--
End of file - 6843 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
taskeng.exe {8A84428D-5113-4A7F-8703-A88F7C527B93}
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
C:\ProgramData\SecurityUtility\SecurityUtility.exe
C:\ProgramData\SecurityUtility\SecurityUtility.exe -app
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox Phaser 3010,hide,\S
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe"
\??\C:\Windows\system32\conhost.exe "-188042222397039305-406917229-1049027300582006273522100615123255835-103545309
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio64.exe
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Michal\Downloads\RSITx64.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Michal\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\OKLSFNHD1.job - C:\ProgramData\SecurityUtility\SecurityUtility.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"
prefs.js - "keyword.URL" - "http://search.tb.ask.com/search/GGmain. ... searchfor="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\searchplugins\
Google.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-10 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-10 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2015-04-30 1337000]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17 1085656]
"WinampAgent"=C:\Program Files (x86)\Winamp\Winampa.exe [2013-06-28 24576]
"Launcher3010"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2011-04-19 2570752]
"3010 RUN"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [2013-07-30 355840]
"StatusAutoRun3010"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [2013-07-30 4277760]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29 594992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\SecurityUtility\QKKPZC64.dll "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 261120]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-03-22 18:49:17 ----D---- C:\rsit
2016-03-22 18:49:17 ----D---- C:\Program Files\trend micro
2016-03-20 17:56:45 ----D---- C:\Program Files (x86)\Porrasturvat
2016-03-10 11:35:20 ----D---- C:\Windows\Sun
2016-03-10 11:18:48 ----D---- C:\Users\Michal\AppData\Roaming\Sun
2016-03-10 11:18:39 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-03-10 11:18:07 ----D---- C:\ProgramData\Oracle
2016-03-10 11:18:02 ----D---- C:\Program Files (x86)\Java
2016-03-08 18:32:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-08 18:32:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-03-06 10:29:20 ----D---- C:\Users\Michal\AppData\Roaming\dlg
2016-03-06 10:25:35 ----D---- C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2016-03-06 10:25:31 ----D---- C:\ProgramData\SecurityUtility
2016-03-06 10:25:01 ----D---- C:\Users\Michal\AppData\Roaming\Smart Driver Updater
2016-03-06 10:25:00 ----D---- C:\Program Files (x86)\Smart Driver Updater
2016-03-06 10:23:03 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-03-06 10:21:53 ----D---- C:\Program Files (x86)\WinTaske
2016-03-06 10:21:53 ----D---- C:\Program Files (x86)\Winsere
2016-03-06 10:21:47 ----D---- C:\Program Files (x86)\SearchesToYesbnd
======List of files/folders modified in the last 1 month======
2016-03-22 18:51:02 ----D---- C:\Windows\System32
2016-03-22 18:51:02 ----D---- C:\Windows\inf
2016-03-22 18:51:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-22 18:49:55 ----D---- C:\Windows\Temp
2016-03-22 18:49:25 ----D---- C:\Windows\Prefetch
2016-03-22 18:49:17 ----RD---- C:\Program Files
2016-03-22 18:43:53 ----D---- C:\Windows
2016-03-22 16:01:22 ----D---- C:\Windows\system32\LogFiles
2016-03-22 16:01:00 ----HD---- C:\ProgramData
2016-03-22 16:00:49 ----SHD---- C:\Windows\Installer
2016-03-22 16:00:47 ----RD---- C:\Program Files (x86)
2016-03-22 16:00:17 ----SHD---- C:\System Volume Information
2016-03-17 09:23:21 ----D---- C:\Windows\SysWOW64
2016-03-17 09:20:47 ----D---- C:\ProgramData\Adobe
2016-03-17 09:19:48 ----D---- C:\Users\Michal\AppData\Roaming\Adobe
2016-03-15 11:30:33 ----D---- C:\Windows\SYSWOW64\LogFiles
2016-03-14 13:46:31 ----D---- C:\Program Files (x86)\DOSBox-0.74
2016-03-10 19:11:55 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-03-10 11:19:14 ----D---- C:\Program Files (x86)\Common Files
2016-03-08 18:34:18 ----D---- C:\Windows\system32\Tasks
2016-03-08 18:34:17 ----D---- C:\Windows\Tasks
2016-03-08 18:34:17 ----D---- C:\Program Files (x86)\Google
2016-03-06 10:24:53 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2016-03-06 10:24:21 ----SD---- C:\ProgramData\Microsoft
2016-03-05 20:33:58 ----D---- C:\Windows\system32\drivers
2016-03-05 20:25:57 ----D---- C:\Program Files (x86)\GOG.com
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 280376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 26968]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2015-03-08 283064]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 17024]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 124568]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [2007-08-07 10240]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2007-08-03 293376]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2007-08-03 1481216]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [2009-07-13 64160]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2007-08-03 740352]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-17 82128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 23816]
R2 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [2007-02-11 65536]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [2007-08-07 412672]
R2 XRNADB;XRcnStatutsDatabase; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [2013-07-30 141824]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 366544]
S2 078b2995;StatMaker; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 ggbugreport;ggbugreport; C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe [2016-02-26 1593872]
S2 Winsere;Winsere; C:\Program Files (x86)\Winsere\Winsere\Winsere.exe [2016-02-26 306192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-04 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-25 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
vyskakovani nezadoucich oken
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vyskakovani nezadoucich oken
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vyskakovani nezadoucich oken
diky,tak tady je log:
# AdwCleaner v5.105 - Logfile created 22/03/2016 at 19:11:27
# Updated 21/03/2016 by Xplode
# Database : 2016-03-22.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Michal - MICHAL-PC
# Running from : C:\Users\Michal\Downloads\adwcleaner_5.105.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : ggbugreport
[-] Service Deleted : Winsere
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Smart Driver Updater
[-] Folder Deleted : C:\Program Files (x86)\SearchesToYesbnd
[-] Folder Deleted : C:\Program Files (x86)\Winsere
[-] Folder Deleted : C:\Program Files (x86)\WinTaske
[-] Folder Deleted : C:\Program Files (x86)\EnjooyCouupon
[-] Folder Deleted : C:\Program Files (x86)\FFindBeestDeal
[-] Folder Deleted : C:\Program Files (x86)\IISaavvEr
[-] Folder Deleted : C:\Program Files (x86)\RandoemPriiiCe
[-] Folder Deleted : C:\Program Files (x86)\RoanadomPrice
[-] Folder Deleted : C:\Program Files (x86)\RRaanduomuPrice
[-] Folder Deleted : C:\Program Files (x86)\TaKeTTheCoupon
[-] Folder Deleted : C:\Program Files (x86)\TakkeTheCooupuon
[-] Folder Deleted : C:\Program Files (x86)\UnniSaales
[-] Folder Deleted : C:\Program Files (x86)\uuniSaLes
[-] Folder Deleted : C:\ProgramData\SecurityUtility
[-] Folder Deleted : C:\ProgramData\5710423289685039425
[-] Folder Deleted : C:\ProgramData\{6f8885b7-b885-e9ed-6f88-885b7b8816de}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Driver Updater
[-] Folder Deleted : C:\Users\Michal\AppData\Roaming\Smart Driver Updater
[#] Folder Deleted : C:\Windows\SysNative\Tasks\WinTaske
***** [ Files ] *****
[-] File Deleted : C:\Windows\SysNative\log\iSafeKrnlCall.log
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : WinTaske
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\f1928d6d-2ca9-33d8-07d9-9c7f43eadb97
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{891e9dd5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D4889A3-53A7-4220-8364-1436531C5E59}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81293477-E6E2-4E20-BE1C-299562762363}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8772EB82-7261-4CD9-8A86-DE155B461D9E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E76BEF1-650D-4C37-92CA-301FE1715505}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9CABED0D-99E4-457C-A192-D528B389F53C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A7FD865F-BA72-491C-AEF8-2E97F09D721C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE293C34-0380-4BEB-B499-003F0A34605C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCC7246A-C835-49B3-8C73-7F7E2A278E74}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CED50656-D422-418C-8A20-A0F455842FA5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8B5D394-6974-40D4-9DFB-DAAD64E422D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD21586E-DBA7-4DEE-95BF-A9C3773C4594}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E795D762-C8BD-4214-9CBF-407425C370C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EC137CF8-6A75-47AE-958A-6127DE633658}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED2A17AC-87A9-4640-9DE9-07AB5B63E902}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA945208-7B36-41BD-AE30-DA38C02F2F11}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5D6736D5-0D77-46CE-9906-C4B2C679BF88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{995AEC82-0E5F-419A-864E-4E50012D0863}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1965763-A486-4E1E-B574-19E44B3842E8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D4889A3-53A7-4220-8364-1436531C5E59}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81293477-E6E2-4E20-BE1C-299562762363}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8772EB82-7261-4CD9-8A86-DE155B461D9E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E76BEF1-650D-4C37-92CA-301FE1715505}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9CABED0D-99E4-457C-A192-D528B389F53C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A7FD865F-BA72-491C-AEF8-2E97F09D721C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AE293C34-0380-4BEB-B499-003F0A34605C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCC7246A-C835-49B3-8C73-7F7E2A278E74}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CED50656-D422-418C-8A20-A0F455842FA5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8B5D394-6974-40D4-9DFB-DAAD64E422D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD21586E-DBA7-4DEE-95BF-A9C3773C4594}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E795D762-C8BD-4214-9CBF-407425C370C4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EC137CF8-6A75-47AE-958A-6127DE633658}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED2A17AC-87A9-4640-9DE9-07AB5B63E902}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FA945208-7B36-41BD-AE30-DA38C02F2F11}
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\Smart Driver Updater
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\SecurityUtility
[-] Key Deleted : HKLM\SOFTWARE\yessearchesSoftware
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityUtility
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Driver Updater_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\SecurityUtility
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
***** [ Web browsers ] *****
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.BUTTON_STRUCTURE", "[{\"b\":221359831,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221359832,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.startup.homepage.prev", "seznam.cz");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.startup.homepage.savedPrev", "true");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=A914A71F-6739-44C7-B794-E4376279AA23&n=781aa7c8&p2=^Z1^xdm040^YYA^cz&si=CM-l5u[...]
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.startup.page.savedPrev", 1);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.startup.page.tb", 1);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.version.last", "35.0");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.firstKnownVersion", "6.83.5.43684");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=A914A71F-6739-44C7-B794-E4376279AA23&n=781aa7c8&p2=^Z1^xdm040^YYA^cz&si=CM-l5umyt8MCFQHKtAodjDEAo[...]
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.hp.enabled", false);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.hp.guardType", "HPR");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.hp.user.defined", false);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.initialized", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installKeysSource", "Cookies");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installType", "XPI");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.contextKey", "");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.installDate", "2015012808");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.partnerId", "^Z1^xdm040^YYA^cz");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.partnerSubId", "CM-l5umyt8MCFQHKtAodjDEAoQ");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.pixelUrl", "hxxp://download.filmfanatic.com/install_pixels.jhtml?partner=^Z1^xdm040^YYA^cz&sub_id=CM-l5umyt8MCFQHKtAodjDEAoQ&coId=20e87[...]
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.success", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.toolbarId", "A914A71F-6739-44C7-B794-E4376279AA23");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.isCompliantUninstallImplementation", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.lastActivePing", "1425667538815");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.lastKnownVersion", "6.85.5.64987");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.options.defaultSearch", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.options.homePageEnabled", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.options.keywordEnabled", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.options.tabEnabled", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.partnerPixelFired", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.successUrl", "hxxp://download.filmfanatic.com/installComplete.jhtml");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.toolbar.ownSearch", false);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.toolbarCollapsed", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.weather.location", "10001");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "filmfanatic2@mindspark.com");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=A914A71F-6739-44C7-B794-E4376279AA23&n=781aa7c8&ind=2015012808&p2=^Z1^xdm040^YYA^cz&si=CM-l5umyt8MCFQHKtAodjDEAoQ&sear[...]
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [15369 bytes] - [22/03/2016 19:11:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [15330 bytes] - [22/03/2016 19:09:10]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15517 bytes] ##########
# AdwCleaner v5.105 - Logfile created 22/03/2016 at 19:11:27
# Updated 21/03/2016 by Xplode
# Database : 2016-03-22.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Michal - MICHAL-PC
# Running from : C:\Users\Michal\Downloads\adwcleaner_5.105.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : ggbugreport
[-] Service Deleted : Winsere
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\Smart Driver Updater
[-] Folder Deleted : C:\Program Files (x86)\SearchesToYesbnd
[-] Folder Deleted : C:\Program Files (x86)\Winsere
[-] Folder Deleted : C:\Program Files (x86)\WinTaske
[-] Folder Deleted : C:\Program Files (x86)\EnjooyCouupon
[-] Folder Deleted : C:\Program Files (x86)\FFindBeestDeal
[-] Folder Deleted : C:\Program Files (x86)\IISaavvEr
[-] Folder Deleted : C:\Program Files (x86)\RandoemPriiiCe
[-] Folder Deleted : C:\Program Files (x86)\RoanadomPrice
[-] Folder Deleted : C:\Program Files (x86)\RRaanduomuPrice
[-] Folder Deleted : C:\Program Files (x86)\TaKeTTheCoupon
[-] Folder Deleted : C:\Program Files (x86)\TakkeTheCooupuon
[-] Folder Deleted : C:\Program Files (x86)\UnniSaales
[-] Folder Deleted : C:\Program Files (x86)\uuniSaLes
[-] Folder Deleted : C:\ProgramData\SecurityUtility
[-] Folder Deleted : C:\ProgramData\5710423289685039425
[-] Folder Deleted : C:\ProgramData\{6f8885b7-b885-e9ed-6f88-885b7b8816de}
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Driver Updater
[-] Folder Deleted : C:\Users\Michal\AppData\Roaming\Smart Driver Updater
[#] Folder Deleted : C:\Windows\SysNative\Tasks\WinTaske
***** [ Files ] *****
[-] File Deleted : C:\Windows\SysNative\log\iSafeKrnlCall.log
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : WinTaske
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\f1928d6d-2ca9-33d8-07d9-9c7f43eadb97
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{891e9dd5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D4889A3-53A7-4220-8364-1436531C5E59}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81293477-E6E2-4E20-BE1C-299562762363}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8772EB82-7261-4CD9-8A86-DE155B461D9E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E76BEF1-650D-4C37-92CA-301FE1715505}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9CABED0D-99E4-457C-A192-D528B389F53C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A7FD865F-BA72-491C-AEF8-2E97F09D721C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AE293C34-0380-4BEB-B499-003F0A34605C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCC7246A-C835-49B3-8C73-7F7E2A278E74}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CED50656-D422-418C-8A20-A0F455842FA5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8B5D394-6974-40D4-9DFB-DAAD64E422D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD21586E-DBA7-4DEE-95BF-A9C3773C4594}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E795D762-C8BD-4214-9CBF-407425C370C4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EC137CF8-6A75-47AE-958A-6127DE633658}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED2A17AC-87A9-4640-9DE9-07AB5B63E902}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FA945208-7B36-41BD-AE30-DA38C02F2F11}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5ADB067E-40D9-49AD-BDFC-2DBD725D3842}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5D6736D5-0D77-46CE-9906-C4B2C679BF88}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{995AEC82-0E5F-419A-864E-4E50012D0863}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1965763-A486-4E1E-B574-19E44B3842E8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D4889A3-53A7-4220-8364-1436531C5E59}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81293477-E6E2-4E20-BE1C-299562762363}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8772EB82-7261-4CD9-8A86-DE155B461D9E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8E76BEF1-650D-4C37-92CA-301FE1715505}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9CABED0D-99E4-457C-A192-D528B389F53C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A7FD865F-BA72-491C-AEF8-2E97F09D721C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AE293C34-0380-4BEB-B499-003F0A34605C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BCC7246A-C835-49B3-8C73-7F7E2A278E74}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CED50656-D422-418C-8A20-A0F455842FA5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8B5D394-6974-40D4-9DFB-DAAD64E422D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD21586E-DBA7-4DEE-95BF-A9C3773C4594}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E795D762-C8BD-4214-9CBF-407425C370C4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EC137CF8-6A75-47AE-958A-6127DE633658}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED2A17AC-87A9-4640-9DE9-07AB5B63E902}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FA945208-7B36-41BD-AE30-DA38C02F2F11}
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\Smart Driver Updater
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\SecurityUtility
[-] Key Deleted : HKLM\SOFTWARE\yessearchesSoftware
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SecurityUtility
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Smart Driver Updater_is1
[-] Key Deleted : [x64] HKLM\SOFTWARE\SecurityUtility
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
***** [ Web browsers ] *****
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.BUTTON_STRUCTURE", "[{\"b\":221359831,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221359832,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.startup.homepage.prev", "seznam.cz");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.startup.homepage.savedPrev", "true");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.startup.homepage.tb", "hxxp://home.tb.ask.com/index.jhtml?ptb=A914A71F-6739-44C7-B794-E4376279AA23&n=781aa7c8&p2=^Z1^xdm040^YYA^cz&si=CM-l5u[...]
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.startup.page.savedPrev", 1);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.startup.page.tb", 1);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.browser.version.last", "35.0");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.competitorDNS", "{\"comment\":\"refresh every 1 week (7*24*60*60*1000)\",\"refreshPeriod\":604800000,\"list\":[{\"url\":\"hxxp://www.dnsrsearch.com/[...]
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.firstKnownVersion", "6.83.5.43684");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=A914A71F-6739-44C7-B794-E4376279AA23&n=781aa7c8&p2=^Z1^xdm040^YYA^cz&si=CM-l5umyt8MCFQHKtAodjDEAo[...]
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.hp.enabled", false);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.hp.guardType", "HPR");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.hp.user.defined", false);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.initialized", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installKeysSource", "Cookies");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installType", "XPI");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.contextKey", "");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.installDate", "2015012808");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.partnerId", "^Z1^xdm040^YYA^cz");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.partnerSubId", "CM-l5umyt8MCFQHKtAodjDEAoQ");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.pixelUrl", "hxxp://download.filmfanatic.com/install_pixels.jhtml?partner=^Z1^xdm040^YYA^cz&sub_id=CM-l5umyt8MCFQHKtAodjDEAoQ&coId=20e87[...]
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.success", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.installation.toolbarId", "A914A71F-6739-44C7-B794-E4376279AA23");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.isCompliantUninstallImplementation", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.lastActivePing", "1425667538815");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.lastKnownVersion", "6.85.5.64987");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.options.defaultSearch", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.options.homePageEnabled", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.options.keywordEnabled", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.options.tabEnabled", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.partnerPixelFired", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.successUrl", "hxxp://download.filmfanatic.com/installComplete.jhtml");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.toolbar.ownSearch", false);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.toolbarCollapsed", true);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark._paMembers_.weather.location", "10001");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "filmfanatic2@mindspark.com");
[-] [C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\prefs.js] [Preference] Deleted : user_pref("keyword.URL", "hxxp://search.tb.ask.com/search/GGmain.jhtml?st=kwd&ptb=A914A71F-6739-44C7-B794-E4376279AA23&n=781aa7c8&ind=2015012808&p2=^Z1^xdm040^YYA^cz&si=CM-l5umyt8MCFQHKtAodjDEAoQ&sear[...]
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [15369 bytes] - [22/03/2016 19:11:27]
C:\AdwCleaner\AdwCleaner[S1].txt - [15330 bytes] - [22/03/2016 19:09:10]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [15517 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vyskakovani nezadoucich oken
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vyskakovani nezadoucich oken
tady je
Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2016-03-22 20:25:08
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 50 GB (50%) free of 100 GB
Total RAM: 4086 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:25:17, on 22.3.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\SavUI.exe
C:\Program Files\trend micro\Michal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Launcher3010] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox Phaser 3010
O4 - HKLM\..\Run: [3010 RUN] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRun3010] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox Phaser 3010,hide,\S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\snac64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: XRcnStatutsDatabase (XRNADB) - Xerox - C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
--
End of file - 7443 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe"
\??\C:\Windows\system32\conhost.exe "-4151296612003302653575953506-1473438128-264935906-3254734851254590432-1104799075
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\system32\DRIVERS\o2flash.exe
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\sms.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio64.exe
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe"
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe" /u /c /a /s "UserSession"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\SavUI.exe" -Embedding
"C:\Users\Michal\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\OKLSFNHD1.job - C:\ProgramData\SecurityUtility\SecurityUtility.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\searchplugins\
Google.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Vulnerability Protection - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\bin\IPS\IPSBHO.DLL [2015-07-30 392344]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-10 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-10 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-03-11 8686296]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17 1085656]
"WinampAgent"=C:\Program Files (x86)\Winamp\Winampa.exe [2013-06-28 24576]
"Launcher3010"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2011-04-19 2570752]
"3010 RUN"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [2013-07-30 355840]
"StatusAutoRun3010"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [2013-07-30 4277760]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29 594992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 261120]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSettings_{C478A420-A500-4274-A52E-70EC7481342F}.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SepMasterService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-03-22 19:42:52 ----D---- C:\Program Files\Common Files\Symantec Shared
2016-03-22 19:42:52 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2016-03-22 19:42:49 ----D---- C:\Windows\system32\drivers\symefasi
2016-03-22 19:42:49 ----D---- C:\ProgramData\SymEFASI
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\sysfer.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\SymVPN.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\snacnp.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\FwsVpn.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\sysfer.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\SymVPN.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\snacnp.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\FwsVpn.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\drivers\WGX64.SYS
2016-03-22 19:42:05 ----A---- C:\Windows\system32\drivers\SysPlant.sys
2016-03-22 19:41:35 ----D---- C:\ProgramData\regid.1992-12.com.symantec
2016-03-22 19:41:32 ----D---- C:\Windows\system32\drivers\SEP
2016-03-22 19:41:31 ----D---- C:\ProgramData\Symantec
2016-03-22 19:41:31 ----D---- C:\Program Files (x86)\Symantec
2016-03-22 19:08:50 ----D---- C:\AdwCleaner
2016-03-22 18:49:17 ----D---- C:\rsit
2016-03-22 18:49:17 ----D---- C:\Program Files\trend micro
2016-03-20 17:56:45 ----D---- C:\Program Files (x86)\Porrasturvat
2016-03-10 11:35:20 ----D---- C:\Windows\Sun
2016-03-10 11:18:48 ----D---- C:\Users\Michal\AppData\Roaming\Sun
2016-03-10 11:18:39 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-03-10 11:18:07 ----D---- C:\ProgramData\Oracle
2016-03-10 11:18:02 ----D---- C:\Program Files (x86)\Java
2016-03-08 18:32:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-08 18:32:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-03-06 10:29:20 ----D---- C:\Users\Michal\AppData\Roaming\dlg
2016-03-06 10:25:35 ----D---- C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2016-03-06 10:23:03 ----D---- C:\Program Files (x86)\Microsoft Silverlight
======List of files/folders modified in the last 1 month======
2016-03-22 20:22:52 ----D---- C:\Windows\Temp
2016-03-22 20:16:15 ----D---- C:\Windows\System32
2016-03-22 20:16:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-22 20:16:14 ----D---- C:\Windows\inf
2016-03-22 20:10:28 ----D---- C:\Windows\Prefetch
2016-03-22 20:07:01 ----D---- C:\Windows
2016-03-22 20:02:43 ----D---- C:\Windows\SoftwareDistribution
2016-03-22 20:02:40 ----D---- C:\Program Files (x86)\Common Files
2016-03-22 20:00:13 ----D---- C:\Windows\system32\drivers
2016-03-22 20:00:08 ----D---- C:\Windows\system32\DriverStore
2016-03-22 19:57:48 ----SHD---- C:\System Volume Information
2016-03-22 19:43:12 ----SHD---- C:\Windows\Installer
2016-03-22 19:42:52 ----D---- C:\Program Files\Common Files
2016-03-22 19:42:49 ----HD---- C:\ProgramData
2016-03-22 19:42:05 ----D---- C:\Windows\SysWOW64
2016-03-22 19:41:31 ----RD---- C:\Program Files (x86)
2016-03-22 19:38:53 ----RD---- C:\Program Files
2016-03-22 19:11:31 ----D---- C:\Windows\system32\Tasks
2016-03-22 19:11:31 ----D---- C:\Windows\system32\log
2016-03-22 16:01:22 ----D---- C:\Windows\system32\LogFiles
2016-03-17 09:20:47 ----D---- C:\ProgramData\Adobe
2016-03-17 09:19:48 ----D---- C:\Users\Michal\AppData\Roaming\Adobe
2016-03-15 11:30:33 ----D---- C:\Windows\SYSWOW64\LogFiles
2016-03-14 13:46:31 ----D---- C:\Program Files (x86)\DOSBox-0.74
2016-03-10 19:11:55 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-03-08 18:34:17 ----D---- C:\Windows\Tasks
2016-03-08 18:34:17 ----D---- C:\Program Files (x86)\Google
2016-03-06 10:24:53 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2016-03-06 10:24:21 ----SD---- C:\ProgramData\Microsoft
2016-03-05 20:25:57 ----D---- C:\Program Files (x86)\GOG.com
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\symefasi\0501010.002\symefasi.sys [2016-03-22 1616088]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 26968]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\BASHDefs\20160317.011\BHDrvx64.sys [2016-03-16 1766640]
R1 ccSettings_{C478A420-A500-4274-A52E-70EC7481342F};Symantec Endpoint Protection 12.1.6318.6100.105 Settings Manager; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\ccSetx64.sys [2015-07-30 162392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2015-03-08 283064]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2016-03-15 498512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\IPSDefs\20160321.011\IDSvia64.sys [2016-03-21 767224]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SRTSP64.SYS [2015-07-30 890584]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SRTSPX64.SYS [2015-07-30 37592]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\Ironx64.SYS [2015-07-30 270040]
R1 SYMNETS;Symantec Network Security WFP Driver; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SYMNETS.SYS [2015-07-30 594136]
R1 SysPlant;SysPlant for NT; C:\Windows\system32\Drivers\SysPlant.sys [2016-03-22 168304]
R1 Teefer2;Symantec Endpoint Protection Firewall; C:\Windows\system32\DRIVERS\Teefer.sys [2015-07-30 116256]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 17024]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [2007-08-07 10240]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2007-08-03 293376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2016-03-15 157520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2007-08-03 1481216]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\VirusDefs\20160322.003\ENG64.SYS [2016-03-15 138488]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\VirusDefs\20160322.003\EX64.SYS [2016-03-15 2148080]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [2009-07-13 64160]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2016-03-22 178392]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2007-08-03 740352]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 SyDvCtrl;SyDvCtrl; \??\C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\SyDvCtrl64.sys [2015-07-30 36952]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-17 82128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [2007-02-11 65536]
R2 SepMasterService;Symantec Endpoint Protection; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe [2015-07-30 145008]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [2007-08-07 412672]
R2 XRNADB;XRcnStatutsDatabase; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [2013-07-30 141824]
S2 078b2995;StatMaker; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-04 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SNAC;Symantec Network Access Control; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\snac64.exe [2015-07-30 396344]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-25 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2016-03-22 20:25:08
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 50 GB (50%) free of 100 GB
Total RAM: 4086 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:25:17, on 22.3.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\SavUI.exe
C:\Program Files\trend micro\Michal.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Launcher3010] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox Phaser 3010
O4 - HKLM\..\Run: [3010 RUN] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRun3010] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox Phaser 3010,hide,\S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\snac64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: XRcnStatutsDatabase (XRNADB) - Xerox - C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
--
End of file - 7443 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe"
\??\C:\Windows\system32\conhost.exe "-4151296612003302653575953506-1473438128-264935906-3254734851254590432-1104799075
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\system32\DRIVERS\o2flash.exe
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\sms.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio64.exe
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe"
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe" /u /c /a /s "UserSession"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\SavUI.exe" -Embedding
"C:\Users\Michal\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\OKLSFNHD1.job - C:\ProgramData\SecurityUtility\SecurityUtility.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\searchplugins\
Google.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Vulnerability Protection - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\bin\IPS\IPSBHO.DLL [2015-07-30 392344]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-10 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-10 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-03-11 8686296]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17 1085656]
"WinampAgent"=C:\Program Files (x86)\Winamp\Winampa.exe [2013-06-28 24576]
"Launcher3010"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2011-04-19 2570752]
"3010 RUN"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [2013-07-30 355840]
"StatusAutoRun3010"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [2013-07-30 4277760]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29 594992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 261120]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSettings_{C478A420-A500-4274-A52E-70EC7481342F}.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SepMasterService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-03-22 19:42:52 ----D---- C:\Program Files\Common Files\Symantec Shared
2016-03-22 19:42:52 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2016-03-22 19:42:49 ----D---- C:\Windows\system32\drivers\symefasi
2016-03-22 19:42:49 ----D---- C:\ProgramData\SymEFASI
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\sysfer.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\SymVPN.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\snacnp.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\FwsVpn.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\sysfer.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\SymVPN.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\snacnp.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\FwsVpn.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\drivers\WGX64.SYS
2016-03-22 19:42:05 ----A---- C:\Windows\system32\drivers\SysPlant.sys
2016-03-22 19:41:35 ----D---- C:\ProgramData\regid.1992-12.com.symantec
2016-03-22 19:41:32 ----D---- C:\Windows\system32\drivers\SEP
2016-03-22 19:41:31 ----D---- C:\ProgramData\Symantec
2016-03-22 19:41:31 ----D---- C:\Program Files (x86)\Symantec
2016-03-22 19:08:50 ----D---- C:\AdwCleaner
2016-03-22 18:49:17 ----D---- C:\rsit
2016-03-22 18:49:17 ----D---- C:\Program Files\trend micro
2016-03-20 17:56:45 ----D---- C:\Program Files (x86)\Porrasturvat
2016-03-10 11:35:20 ----D---- C:\Windows\Sun
2016-03-10 11:18:48 ----D---- C:\Users\Michal\AppData\Roaming\Sun
2016-03-10 11:18:39 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-03-10 11:18:07 ----D---- C:\ProgramData\Oracle
2016-03-10 11:18:02 ----D---- C:\Program Files (x86)\Java
2016-03-08 18:32:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-08 18:32:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-03-06 10:29:20 ----D---- C:\Users\Michal\AppData\Roaming\dlg
2016-03-06 10:25:35 ----D---- C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2016-03-06 10:23:03 ----D---- C:\Program Files (x86)\Microsoft Silverlight
======List of files/folders modified in the last 1 month======
2016-03-22 20:22:52 ----D---- C:\Windows\Temp
2016-03-22 20:16:15 ----D---- C:\Windows\System32
2016-03-22 20:16:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-22 20:16:14 ----D---- C:\Windows\inf
2016-03-22 20:10:28 ----D---- C:\Windows\Prefetch
2016-03-22 20:07:01 ----D---- C:\Windows
2016-03-22 20:02:43 ----D---- C:\Windows\SoftwareDistribution
2016-03-22 20:02:40 ----D---- C:\Program Files (x86)\Common Files
2016-03-22 20:00:13 ----D---- C:\Windows\system32\drivers
2016-03-22 20:00:08 ----D---- C:\Windows\system32\DriverStore
2016-03-22 19:57:48 ----SHD---- C:\System Volume Information
2016-03-22 19:43:12 ----SHD---- C:\Windows\Installer
2016-03-22 19:42:52 ----D---- C:\Program Files\Common Files
2016-03-22 19:42:49 ----HD---- C:\ProgramData
2016-03-22 19:42:05 ----D---- C:\Windows\SysWOW64
2016-03-22 19:41:31 ----RD---- C:\Program Files (x86)
2016-03-22 19:38:53 ----RD---- C:\Program Files
2016-03-22 19:11:31 ----D---- C:\Windows\system32\Tasks
2016-03-22 19:11:31 ----D---- C:\Windows\system32\log
2016-03-22 16:01:22 ----D---- C:\Windows\system32\LogFiles
2016-03-17 09:20:47 ----D---- C:\ProgramData\Adobe
2016-03-17 09:19:48 ----D---- C:\Users\Michal\AppData\Roaming\Adobe
2016-03-15 11:30:33 ----D---- C:\Windows\SYSWOW64\LogFiles
2016-03-14 13:46:31 ----D---- C:\Program Files (x86)\DOSBox-0.74
2016-03-10 19:11:55 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-03-08 18:34:17 ----D---- C:\Windows\Tasks
2016-03-08 18:34:17 ----D---- C:\Program Files (x86)\Google
2016-03-06 10:24:53 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2016-03-06 10:24:21 ----SD---- C:\ProgramData\Microsoft
2016-03-05 20:25:57 ----D---- C:\Program Files (x86)\GOG.com
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\symefasi\0501010.002\symefasi.sys [2016-03-22 1616088]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 26968]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\BASHDefs\20160317.011\BHDrvx64.sys [2016-03-16 1766640]
R1 ccSettings_{C478A420-A500-4274-A52E-70EC7481342F};Symantec Endpoint Protection 12.1.6318.6100.105 Settings Manager; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\ccSetx64.sys [2015-07-30 162392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2015-03-08 283064]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2016-03-15 498512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\IPSDefs\20160321.011\IDSvia64.sys [2016-03-21 767224]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SRTSP64.SYS [2015-07-30 890584]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SRTSPX64.SYS [2015-07-30 37592]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\Ironx64.SYS [2015-07-30 270040]
R1 SYMNETS;Symantec Network Security WFP Driver; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SYMNETS.SYS [2015-07-30 594136]
R1 SysPlant;SysPlant for NT; C:\Windows\system32\Drivers\SysPlant.sys [2016-03-22 168304]
R1 Teefer2;Symantec Endpoint Protection Firewall; C:\Windows\system32\DRIVERS\Teefer.sys [2015-07-30 116256]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 17024]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [2007-08-07 10240]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2007-08-03 293376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2016-03-15 157520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2007-08-03 1481216]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\VirusDefs\20160322.003\ENG64.SYS [2016-03-15 138488]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\VirusDefs\20160322.003\EX64.SYS [2016-03-15 2148080]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [2009-07-13 64160]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2016-03-22 178392]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2007-08-03 740352]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 SyDvCtrl;SyDvCtrl; \??\C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\SyDvCtrl64.sys [2015-07-30 36952]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-17 82128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [2007-02-11 65536]
R2 SepMasterService;Symantec Endpoint Protection; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe [2015-07-30 145008]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [2007-08-07 412672]
R2 XRNADB;XRcnStatutsDatabase; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [2013-07-30 141824]
S2 078b2995;StatMaker; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-04 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SNAC;Symantec Network Access Control; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\snac64.exe [2015-07-30 396344]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-25 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vyskakovani nezadoucich oken
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.:files
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\OKLSFNHD1.job
C:\ProgramData\SecurityUtility
:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vyskakovani nezadoucich oken
log RSIT:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2016-03-22 21:24:28
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 50 GB (50%) free of 100 GB
Total RAM: 4086 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:24:32, on 22.3.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe
C:\Program Files\trend micro\Michal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/secu ... V12_1_MR_6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/secu ... V12_1_MR_6
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Launcher3010] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox Phaser 3010
O4 - HKLM\..\Run: [3010 RUN] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRun3010] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox Phaser 3010,hide,\S
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\snac64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: XRcnStatutsDatabase (XRNADB) - Xerox - C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
--
End of file - 6939 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
taskeng.exe {344EF68C-E408-482F-91E0-E3844EDB6B6A}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\system32\GWX\GWX.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe"
\??\C:\Windows\system32\conhost.exe "1812778599-66865397-239230437126004623314739206782078062276-2117398731963056525
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\system32\DRIVERS\o2flash.exe
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\sms.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio64.exe
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe" /u /c /a /s "UserSession"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Users\Michal\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
=========Mozilla firefox=========
ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\searchplugins\
Google.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Vulnerability Protection - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\bin\IPS\IPSBHO.DLL [2015-07-30 392344]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-10 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-10 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-03-11 8686296]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17 1085656]
"WinampAgent"=C:\Program Files (x86)\Winamp\Winampa.exe [2013-06-28 24576]
"Launcher3010"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2011-04-19 2570752]
"3010 RUN"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [2013-07-30 355840]
"StatusAutoRun3010"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [2013-07-30 4277760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 261120]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSettings_{C478A420-A500-4274-A52E-70EC7481342F}.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SepMasterService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-03-22 21:19:42 ----D---- C:\_OTM
2016-03-22 19:42:52 ----D---- C:\Program Files\Common Files\Symantec Shared
2016-03-22 19:42:52 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2016-03-22 19:42:49 ----D---- C:\Windows\system32\drivers\symefasi
2016-03-22 19:42:49 ----D---- C:\ProgramData\SymEFASI
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\sysfer.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\SymVPN.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\snacnp.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\FwsVpn.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\sysfer.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\SymVPN.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\snacnp.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\FwsVpn.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\drivers\WGX64.SYS
2016-03-22 19:42:05 ----A---- C:\Windows\system32\drivers\SysPlant.sys
2016-03-22 19:41:35 ----D---- C:\ProgramData\regid.1992-12.com.symantec
2016-03-22 19:41:32 ----D---- C:\Windows\system32\drivers\SEP
2016-03-22 19:41:31 ----D---- C:\ProgramData\Symantec
2016-03-22 19:41:31 ----D---- C:\Program Files (x86)\Symantec
2016-03-22 19:08:50 ----D---- C:\AdwCleaner
2016-03-22 18:49:17 ----D---- C:\rsit
2016-03-22 18:49:17 ----D---- C:\Program Files\trend micro
2016-03-20 17:56:45 ----D---- C:\Program Files (x86)\Porrasturvat
2016-03-10 11:35:20 ----D---- C:\Windows\Sun
2016-03-10 11:18:48 ----D---- C:\Users\Michal\AppData\Roaming\Sun
2016-03-10 11:18:39 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-03-10 11:18:07 ----D---- C:\ProgramData\Oracle
2016-03-10 11:18:02 ----D---- C:\Program Files (x86)\Java
2016-03-08 18:32:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-08 18:32:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-03-06 10:29:20 ----D---- C:\Users\Michal\AppData\Roaming\dlg
2016-03-06 10:25:35 ----D---- C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2016-03-06 10:23:03 ----D---- C:\Program Files (x86)\Microsoft Silverlight
======List of files/folders modified in the last 1 month======
2016-03-22 21:23:26 ----D---- C:\Windows\Prefetch
2016-03-22 21:21:12 ----SHD---- C:\System Volume Information
2016-03-22 21:19:43 ----D---- C:\Windows\Tasks
2016-03-22 21:19:28 ----D---- C:\Windows\Temp
2016-03-22 20:16:15 ----D---- C:\Windows\System32
2016-03-22 20:16:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-22 20:16:14 ----D---- C:\Windows\inf
2016-03-22 20:07:01 ----D---- C:\Windows
2016-03-22 20:02:43 ----D---- C:\Windows\SoftwareDistribution
2016-03-22 20:02:40 ----D---- C:\Program Files (x86)\Common Files
2016-03-22 20:00:13 ----D---- C:\Windows\system32\drivers
2016-03-22 20:00:08 ----D---- C:\Windows\system32\DriverStore
2016-03-22 19:43:12 ----SHD---- C:\Windows\Installer
2016-03-22 19:42:52 ----D---- C:\Program Files\Common Files
2016-03-22 19:42:49 ----HD---- C:\ProgramData
2016-03-22 19:42:05 ----D---- C:\Windows\SysWOW64
2016-03-22 19:41:31 ----RD---- C:\Program Files (x86)
2016-03-22 19:38:53 ----RD---- C:\Program Files
2016-03-22 19:11:31 ----D---- C:\Windows\system32\Tasks
2016-03-22 19:11:31 ----D---- C:\Windows\system32\log
2016-03-22 16:01:22 ----D---- C:\Windows\system32\LogFiles
2016-03-17 09:20:47 ----D---- C:\ProgramData\Adobe
2016-03-17 09:19:48 ----D---- C:\Users\Michal\AppData\Roaming\Adobe
2016-03-15 11:30:33 ----D---- C:\Windows\SYSWOW64\LogFiles
2016-03-14 13:46:31 ----D---- C:\Program Files (x86)\DOSBox-0.74
2016-03-10 19:11:55 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-03-08 18:34:17 ----D---- C:\Program Files (x86)\Google
2016-03-06 10:24:53 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2016-03-06 10:24:21 ----SD---- C:\ProgramData\Microsoft
2016-03-05 20:25:57 ----D---- C:\Program Files (x86)\GOG.com
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\symefasi\0501010.002\symefasi.sys [2016-03-22 1616088]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 26968]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\BASHDefs\20160317.011\BHDrvx64.sys [2016-03-16 1766640]
R1 ccSettings_{C478A420-A500-4274-A52E-70EC7481342F};Symantec Endpoint Protection 12.1.6318.6100.105 Settings Manager; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\ccSetx64.sys [2015-07-30 162392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2015-03-08 283064]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2016-03-15 498512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\IPSDefs\20160321.011\IDSvia64.sys [2016-03-21 767224]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SRTSP64.SYS [2015-07-30 890584]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SRTSPX64.SYS [2015-07-30 37592]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\Ironx64.SYS [2015-07-30 270040]
R1 SYMNETS;Symantec Network Security WFP Driver; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SYMNETS.SYS [2015-07-30 594136]
R1 SysPlant;SysPlant for NT; C:\Windows\system32\Drivers\SysPlant.sys [2016-03-22 168304]
R1 Teefer2;Symantec Endpoint Protection Firewall; C:\Windows\system32\DRIVERS\Teefer.sys [2015-07-30 116256]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 17024]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [2007-08-07 10240]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2007-08-03 293376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2016-03-15 157520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2007-08-03 1481216]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\VirusDefs\20160322.003\ENG64.SYS [2016-03-15 138488]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\VirusDefs\20160322.003\EX64.SYS [2016-03-15 2148080]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [2009-07-13 64160]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2016-03-22 178392]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2007-08-03 740352]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 SyDvCtrl;SyDvCtrl; \??\C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\SyDvCtrl64.sys [2015-07-30 36952]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-17 82128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [2007-02-11 65536]
R2 SepMasterService;Symantec Endpoint Protection; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe [2015-07-30 145008]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [2007-08-07 412672]
R2 XRNADB;XRcnStatutsDatabase; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [2013-07-30 141824]
S2 078b2995;StatMaker; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-04 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SNAC;Symantec Network Access Control; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\snac64.exe [2015-07-30 396344]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-25 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Michal at 2016-03-22 21:24:28
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 50 GB (50%) free of 100 GB
Total RAM: 4086 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:24:32, on 22.3.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe
C:\Program Files\trend micro\Michal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/secu ... V12_1_MR_6
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/secu ... V12_1_MR_6
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Launcher3010] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox Phaser 3010
O4 - HKLM\..\Run: [3010 RUN] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe"
O4 - HKLM\..\Run: [StatusAutoRun3010] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox Phaser 3010,hide,\S
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\snac64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)
O23 - Service: XRcnStatutsDatabase (XRNADB) - Xerox - C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe
--
End of file - 6939 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
taskeng.exe {344EF68C-E408-482F-91E0-E3844EDB6B6A}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\system32\GWX\GWX.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmW.exe"
\??\C:\Windows\system32\conhost.exe "1812778599-66865397-239230437126004623314739206782078062276-2117398731963056525
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\svchost.exe -k utcsvc
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\system32\DRIVERS\o2flash.exe
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe" /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\sms.dll" /prefetch:1
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\DRIVERS\xaudio64.exe
"C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe" /u /c /a /s "UserSession"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Users\Michal\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
=========Mozilla firefox=========
ProfilePath - C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "about:home"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.73.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.73.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 21.0.0.182 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
C:\Users\Michal\AppData\Roaming\Mozilla\Firefox\Profiles\41ovwc7e.default\searchplugins\
Google.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Vulnerability Protection - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\bin\IPS\IPSBHO.DLL [2015-07-30 392344]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-10 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-10 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 385560]
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1832760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2016-03-11 8686296]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-17 1085656]
"WinampAgent"=C:\Program Files (x86)\Winamp\Winampa.exe [2013-06-28 24576]
"Launcher3010"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe [2011-04-19 2570752]
"3010 RUN"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe [2013-07-30 355840]
"StatusAutoRun3010"=C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe [2013-07-30 4277760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 261120]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSettings_{C478A420-A500-4274-A52E-70EC7481342F}.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SepMasterService]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-03-22 21:19:42 ----D---- C:\_OTM
2016-03-22 19:42:52 ----D---- C:\Program Files\Common Files\Symantec Shared
2016-03-22 19:42:52 ----A---- C:\Windows\system32\drivers\SYMEVENT64x86.SYS
2016-03-22 19:42:49 ----D---- C:\Windows\system32\drivers\symefasi
2016-03-22 19:42:49 ----D---- C:\ProgramData\SymEFASI
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\sysfer.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\SymVPN.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\snacnp.dll
2016-03-22 19:42:05 ----A---- C:\Windows\SYSWOW64\FwsVpn.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\sysfer.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\SymVPN.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\snacnp.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\FwsVpn.dll
2016-03-22 19:42:05 ----A---- C:\Windows\system32\drivers\WGX64.SYS
2016-03-22 19:42:05 ----A---- C:\Windows\system32\drivers\SysPlant.sys
2016-03-22 19:41:35 ----D---- C:\ProgramData\regid.1992-12.com.symantec
2016-03-22 19:41:32 ----D---- C:\Windows\system32\drivers\SEP
2016-03-22 19:41:31 ----D---- C:\ProgramData\Symantec
2016-03-22 19:41:31 ----D---- C:\Program Files (x86)\Symantec
2016-03-22 19:08:50 ----D---- C:\AdwCleaner
2016-03-22 18:49:17 ----D---- C:\rsit
2016-03-22 18:49:17 ----D---- C:\Program Files\trend micro
2016-03-20 17:56:45 ----D---- C:\Program Files (x86)\Porrasturvat
2016-03-10 11:35:20 ----D---- C:\Windows\Sun
2016-03-10 11:18:48 ----D---- C:\Users\Michal\AppData\Roaming\Sun
2016-03-10 11:18:39 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-03-10 11:18:07 ----D---- C:\ProgramData\Oracle
2016-03-10 11:18:02 ----D---- C:\Program Files (x86)\Java
2016-03-08 18:32:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-08 18:32:25 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-03-06 10:29:20 ----D---- C:\Users\Michal\AppData\Roaming\dlg
2016-03-06 10:25:35 ----D---- C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
2016-03-06 10:23:03 ----D---- C:\Program Files (x86)\Microsoft Silverlight
======List of files/folders modified in the last 1 month======
2016-03-22 21:23:26 ----D---- C:\Windows\Prefetch
2016-03-22 21:21:12 ----SHD---- C:\System Volume Information
2016-03-22 21:19:43 ----D---- C:\Windows\Tasks
2016-03-22 21:19:28 ----D---- C:\Windows\Temp
2016-03-22 20:16:15 ----D---- C:\Windows\System32
2016-03-22 20:16:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-03-22 20:16:14 ----D---- C:\Windows\inf
2016-03-22 20:07:01 ----D---- C:\Windows
2016-03-22 20:02:43 ----D---- C:\Windows\SoftwareDistribution
2016-03-22 20:02:40 ----D---- C:\Program Files (x86)\Common Files
2016-03-22 20:00:13 ----D---- C:\Windows\system32\drivers
2016-03-22 20:00:08 ----D---- C:\Windows\system32\DriverStore
2016-03-22 19:43:12 ----SHD---- C:\Windows\Installer
2016-03-22 19:42:52 ----D---- C:\Program Files\Common Files
2016-03-22 19:42:49 ----HD---- C:\ProgramData
2016-03-22 19:42:05 ----D---- C:\Windows\SysWOW64
2016-03-22 19:41:31 ----RD---- C:\Program Files (x86)
2016-03-22 19:38:53 ----RD---- C:\Program Files
2016-03-22 19:11:31 ----D---- C:\Windows\system32\Tasks
2016-03-22 19:11:31 ----D---- C:\Windows\system32\log
2016-03-22 16:01:22 ----D---- C:\Windows\system32\LogFiles
2016-03-17 09:20:47 ----D---- C:\ProgramData\Adobe
2016-03-17 09:19:48 ----D---- C:\Users\Michal\AppData\Roaming\Adobe
2016-03-15 11:30:33 ----D---- C:\Windows\SYSWOW64\LogFiles
2016-03-14 13:46:31 ----D---- C:\Program Files (x86)\DOSBox-0.74
2016-03-10 19:11:55 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-03-08 18:34:17 ----D---- C:\Program Files (x86)\Google
2016-03-06 10:24:53 ----SD---- C:\Users\Michal\AppData\Roaming\Microsoft
2016-03-06 10:24:21 ----SD---- C:\ProgramData\Microsoft
2016-03-05 20:25:57 ----D---- C:\Program Files (x86)\GOG.com
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SymEFASI;Symantec Extended File Attributes (SI); C:\Windows\system32\drivers\symefasi\0501010.002\symefasi.sys [2016-03-22 1616088]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 26968]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\BASHDefs\20160317.011\BHDrvx64.sys [2016-03-16 1766640]
R1 ccSettings_{C478A420-A500-4274-A52E-70EC7481342F};Symantec Endpoint Protection 12.1.6318.6100.105 Settings Manager; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\ccSetx64.sys [2015-07-30 162392]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2015-03-08 283064]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2016-03-15 498512]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\IPSDefs\20160321.011\IDSvia64.sys [2016-03-21 767224]
R1 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SRTSP64.SYS [2015-07-30 890584]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SRTSPX64.SYS [2015-07-30 37592]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\Ironx64.SYS [2015-07-30 270040]
R1 SYMNETS;Symantec Network Security WFP Driver; C:\Windows\system32\Drivers\SEP\0C0118AE\17D4.105\x64\SYMNETS.SYS [2015-07-30 594136]
R1 SysPlant;SysPlant for NT; C:\Windows\system32\Drivers\SysPlant.sys [2016-03-22 168304]
R1 Teefer2;Symantec Endpoint Protection Firewall; C:\Windows\system32\DRIVERS\Teefer.sys [2015-07-30 116256]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\Windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\Windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 VWiFiFlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 17024]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio64.sys [2007-08-07 10240]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2007-08-03 293376]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2016-03-15 157520]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2007-08-03 1481216]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-09-23 6180832]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\VirusDefs\20160322.003\ENG64.SYS [2016-03-15 138488]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Data\Definitions\VirusDefs\20160322.003\EX64.SYS [2016-03-15 2148080]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 64bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [2009-07-13 64160]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2016-03-22 178392]
R3 vpcbus;Služba hostitelské sběrnice programu Virtual PC; C:\Windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;Služba konektoru virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2007-08-03 740352]
S3 netr28ux;RT2870 USB Wireless LAN Card Driver pro systém Windows Vista; C:\Windows\system32\DRIVERS\netr28ux.sys [2009-06-10 867328]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 SyDvCtrl;SyDvCtrl; \??\C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\SyDvCtrl64.sys [2015-07-30 36952]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 vpcuxd;Služba zástupné procedury virtualizace rozhraní USB; C:\Windows\system32\DRIVERS\vpcuxd.sys [2010-11-20 16384]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\drivers\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-17 82128]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 O2FLASH;O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [2007-02-11 65536]
R2 SepMasterService;Symantec Endpoint Protection; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin\ccSvcHst.exe [2015-07-30 145008]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio64.exe [2007-08-07 412672]
R2 XRNADB;XRcnStatutsDatabase; C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe [2013-07-30 141824]
S2 078b2995;StatMaker; C:\Windows\syswow64\rundll32.exe [2009-07-14 44544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-05-22 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-03-04 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SNAC;Symantec Network Access Control; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.6318.6100.105\Bin64\snac64.exe [2015-07-30 396344]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-25 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vyskakovani nezadoucich oken
Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vyskakovani nezadoucich oken
vypadá to dobře, díky moc
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vyskakovani nezadoucich oken
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?