Zdravím, prosím o preventivku:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Roman at 2016-04-22 12:10:44
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 50 GB (22%) free of 229 GB
Total RAM: 32699 MB (89% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:10:46, on 22. 4. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe
C:\Program Files (x86)\Opera\36.0.2130.65\opera_crashreporter.exe
C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe
C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe
C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe
C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe
C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe
C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe
C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe
C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe
C:\Program Files\trend micro\Roman.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 5.255.87.150 cgpeers.com
O2 - BHO: Microsoft Web Test Recorder 12.0 Helper - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft Web Test Recorder 14.0 Helper - {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
O4 - Global Startup: Network Server.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office16\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://mapa.katasterportal.sk/kapor2/lib/mgaxctrl.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AfterFLICS v3 - Unknown owner - C:\Program Files (x86)\AFLICS\AfterFLICS.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc. (IPClampService) - Unknown owner - C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe
O23 - Service: JetBrains ETW Collector 104.0.20151218.123142 (jetbrainsetw.104.0.20151218.123142) - JetBrains s.r.o - C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray Satellite for Autodesk 3ds Max 2014 64-bit (mi-raysat_3dsmax2014_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 12398 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AFLICS\AfterFLICS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe" service
"C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe"
"C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe"
"C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Winstep\WsxService"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 2420
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
"C:\Program Files (x86)\Winstep\Nexus.exe" autostart
"C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
"C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\totalcmd\TOTALCMD64.EXE"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
taskmgr.exe /2
"C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\36.0.2130.65\opera_crashreporter.exe" --ran-launcher --crash-reporter-parent-id=5352
"C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe" --type=gpu-process --channel="5352.0.1229581599\1226059409" --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=5356 --supports-dual-gpus=false --gpu-driver-bug-workarounds=3,14,31,60,70 --gpu-vendor-id=0x10de --gpu-device-id=0x1187 --gpu-driver-vendor=NVIDIA --gpu-driver-version=10.18.13.5362 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=5356 --ignored=" --type=renderer "
"C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-direct-write --enable-features=DownloadResumption --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=5356 --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5352.2.1995666043\470328814"
"C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-direct-write --enable-features=DownloadResumption --lang=sk --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=5356 --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5352.3.1947856755\426854646"
"C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-direct-write --enable-features=DownloadResumption --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=5356 --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5352.4.501242809\128514009"
"C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-direct-write --enable-features=DownloadResumption --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=5356 --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5352.5.305115695\1022770236"
"C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-direct-write --enable-features=DownloadResumption --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=5356 --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5352.6.1262494812\620973091"
"C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-direct-write --enable-features=DownloadResumption --lang=sk --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=5356 --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5352.7.1649457691\1019668695"
"C:\Program Files (x86)\Opera\36.0.2130.65\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-direct-write --enable-features=DownloadResumption --lang=sk --disable-client-side-phishing-detection --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=on --with-feature:installer-hide-from-program-and-features=off --with-feature:installer-pref-default-overrides-support=on --crash-reporter-pid=5356 --device-scale-factor=1 --num-raster-threads=4 --content-image-texture-target=3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553,3553 --video-image-texture-target=3553 --channel="5352.9.499138597\972400815"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\system32\RunDll32.exe" "C:\Windows\system32\WerConCpl.dll", LaunchErcApp -queuereporting
taskhost.exe C:\Windows\system32\defrag.exe -c
"C:\Users\Roman\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Allway Sync_{4D9616FB91180E14D3F6C2C191292889}.job - C:\Program Files\Allway Sync\Bin\syncappw.exe -e -m -l -s "4D9616FB91180E14D3F6C2C191292889"
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-07 901600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{432dd630-7e03-4c97-9d62-b99f52df4fc2}]
Microsoft Web Test Recorder 12.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05 71520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20 462400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-07 678656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3}]
Microsoft Web Test Recorder 14.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07 75104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20 173120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-14 13671792]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2015-03-12 13318424]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nexus"=C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-28 16957056]
"AdobeBridge"= []
"Allway Sync"=C:\Program Files\Allway Sync\Bin\syncappw.exe [2014-06-26 95952]
"OneDrive"=C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-17 554176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
C:\Users\Roman\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [2007-10-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Display Manager.lnk]
C:\PROGRA~2\Dell\DELLDI~1\ddm.exe [2015-10-06 693952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk]
C:\PROGRA~2\WIBUKEY\Server\WkSvMgr.exe [2016-02-09 6580080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-02-21 292848]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2014-04-13 2099200]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-03-23 7139256]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01 596504]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Network Server.lnk - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Send to OneNote.lnk - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Rebus\Rebus Manager\RebusManager.exe"="C:\Rebus\Rebus Manager\RebusManager.exe:*:Enabled:RebusManager"
"C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe"="C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe:*:Enabled:Daum PotPlayer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
======File associations======
.ini - open - "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
======List of files/folders created in the last 1 month======
2016-04-22 12:10:44 ----D---- C:\rsit
2016-04-17 16:32:59 ----D---- C:\Program Files (x86)\Microsoft OneDrive
2016-04-17 16:32:54 ----D---- C:\ProgramData\Microsoft OneDrive
2016-04-15 11:42:00 ----D---- C:\Program Files (x86)\JetBrains
2016-04-15 11:41:09 ----D---- C:\Users\Roman\AppData\Roaming\JetBrains
2016-04-13 13:12:34 ----A---- C:\Users\Roman\AppData\Roaming\PureRef.ini
2016-04-10 14:13:01 ----D---- C:\Program Files\PureRef
2016-03-27 12:41:30 ----D---- C:\Program Files (x86)\AppInsights
2016-03-27 12:33:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-03-27 12:27:57 ----D---- C:\Program Files\IIS Express
2016-03-27 12:27:57 ----D---- C:\Program Files (x86)\IIS Express
2016-03-27 12:27:31 ----D---- C:\Program Files (x86)\Microsoft Office365 Tools
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\ucrtbase.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-23 14:33:37 ----D---- C:\Users\Roman\AppData\Roaming\Sun
2016-03-23 13:49:54 ----A---- C:\Windows\system32\drivers\aswKbd.sys
======List of files/folders modified in the last 1 month======
2016-04-22 12:10:45 ----D---- C:\Windows\Temp
2016-04-22 12:10:45 ----D---- C:\Program Files\trend micro
2016-04-22 11:50:08 ----D---- C:\Windows\System32
2016-04-22 11:50:08 ----D---- C:\Windows\inf
2016-04-22 11:50:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-22 11:46:07 ----D---- C:\Users\Roman\AppData\Roaming\uTorrent
2016-04-22 11:44:49 ----D---- C:\Users\Roman\AppData\Roaming\KeePass
2016-04-22 11:44:47 ----D---- C:\Program Files (x86)\uTorrent2
2016-04-22 09:33:55 ----D---- C:\Users\Roman\AppData\Roaming\CDisplayEx
2016-04-21 20:20:13 ----D---- C:\Users\Roman\AppData\Roaming\foobar2000
2016-04-20 15:54:27 ----D---- C:\Windows\Minidump
2016-04-20 15:54:24 ----D---- C:\Windows
2016-04-20 08:55:19 ----D---- C:\ProgramData\Oracle
2016-04-20 08:52:24 ----SHD---- C:\Windows\Installer
2016-04-20 08:52:24 ----D---- C:\Program Files (x86)\Java
2016-04-20 08:52:22 ----D---- C:\Windows\SysWOW64
2016-04-20 08:52:11 ----D---- C:\Program Files (x86)\Common Files
2016-04-20 08:51:55 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-04-19 12:56:40 ----D---- C:\Users\Roman\AppData\Roaming\Dropbox
2016-04-18 14:48:07 ----HD---- C:\ProgramData
2016-04-18 10:41:47 ----D---- C:\Program Files\7-Zip
2016-04-18 09:47:31 ----D---- C:\Windows\Tasks
2016-04-18 09:47:31 ----D---- C:\Windows\system32\Tasks
2016-04-18 09:13:51 ----D---- C:\Program Files (x86)\Steam
2016-04-18 09:13:16 ----D---- C:\Windows\pss
2016-04-17 17:18:15 ----RD---- C:\Program Files (x86)
2016-04-17 17:18:00 ----SHD---- C:\System Volume Information
2016-04-16 21:03:43 ----D---- C:\Windows\Microsoft.NET
2016-04-16 16:44:22 ----AH---- C:\winscplog.txt
2016-04-16 15:26:18 ----RSD---- C:\Windows\assembly
2016-04-16 15:26:15 ----D---- C:\ProgramData\Microsoft Help
2016-04-16 15:25:24 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-04-16 15:25:12 ----D---- C:\Program Files (x86)\Microsoft Office
2016-04-16 15:24:49 ----D---- C:\Windows\system32\DriverStore
2016-04-16 12:36:08 ----D---- C:\Windows\system32\config
2016-04-14 09:43:56 ----D---- C:\Users\Roman\AppData\Roaming\TrueCrypt
2016-04-14 09:19:40 ----D---- C:\Program Files (x86)\Opera
2016-04-10 14:13:01 ----RD---- C:\Program Files
2016-04-10 14:13:01 ----D---- C:\ProgramData\Package Cache
2016-04-10 14:12:46 ----D---- C:\Windows\system32\catroot2
2016-04-08 18:20:06 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-04 21:54:02 ----D---- C:\Windows\winsxs
2016-04-03 12:24:51 ----D---- C:\Program Files (x86)\Calibre2
2016-03-27 13:21:06 ----D---- C:\ProgramData\Microsoft Visual Studio
2016-03-27 12:41:16 ----D---- C:\Program Files\Git
2016-03-27 12:41:13 ----D---- C:\ProgramData\Git
2016-03-27 12:36:06 ----D---- C:\Program Files (x86)\Microsoft SDKs
2016-03-27 12:35:44 ----D---- C:\Windows\SYSWOW64\1033
2016-03-27 12:35:39 ----D---- C:\Windows\system32\1033
2016-03-27 12:34:42 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-03-27 12:30:22 ----D---- C:\Program Files (x86)\Microsoft Web Tools
2016-03-27 12:26:54 ----D---- C:\Program Files (x86)\NuGet
2016-03-27 12:18:56 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-03-27 12:07:20 ----D---- C:\Windows\system32\catroot
2016-03-23 17:56:18 ----D---- C:\Program Files (x86)\Brackets
2016-03-23 13:49:54 ----D---- C:\Windows\system32\drivers
2016-03-23 13:49:54 ----D---- C:\ProgramData\AVAST Software
2016-03-23 13:49:54 ----D---- C:\Program Files\AVAST Software
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-07 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-10 287016]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-02-21 20464]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2016-02-07 154024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-03-23 37144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-02-07 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-03-09 1070904]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-23 463744]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2013-03-04 40344]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2014-06-21 231376]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2014-05-16 254240]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2014-05-16 128288]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-07 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-03-09 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-02-07 165344]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2016-02-07 310904]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey64.sys [2016-02-09 106760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-14 3896920]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-02-21 370672]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-02-21 791024]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-03-20 118272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-07-25 204648]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\system32\DRIVERS\PdiPorts.sys [2006-11-16 19248]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-12-18 888536]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2014-05-16 141600]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2014-05-16 156448]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-07-24 34816]
R3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [2014-01-28 268800]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 MSICDSetup;MSICDSetup; \??\G:\CDriver64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-03-13 38032]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2014-09-03 169984]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Serial emulation driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S4 RsFx0310;RsFx0310 Driver; C:\Windows\system32\DRIVERS\RsFx0310.sys [2015-04-21 249024]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AfterFLICS v3;AfterFLICS v3; C:\Program Files (x86)\AFLICS\AfterFLICS.exe [2015-07-18 68610]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-07 237096]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 BotkindSyncService;Botkind Service; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [2015-08-21 182784]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-10-11 65536]
R2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.; C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe [2007-11-20 45700]
R2 jetbrainsetw.104.0.20151218.123142;JetBrains ETW Collector 104.0.20151218.123142; C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe [2015-12-18 1495248]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-09-15 86016]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-07-23 937616]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2016-02-07 5570120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 15768]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-06-21 1471352]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [2014-02-20 142336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-26 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-26 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 202928]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-02-02 835152]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-22 119808]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 VsEtwService120;Visual Studio ETW Event Collection Service; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-04 87728]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2015-11-19 56040]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-06-20 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 MSSQL$CENTURION;SQL Server (CENTURION); C:\Program Files\Microsoft SQL Server\MSSQL12.CENTURION\MSSQL\Binn\sqlservr.exe [2015-04-21 372416]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2013-10-04 197824]
S4 MySQL57;MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [2015-10-12 38587904]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 SQLAgent$CENTURION;SQL Server Agent (CENTURION); C:\Program Files\Microsoft SQL Server\MSSQL12.CENTURION\MSSQL\Binn\SQLAGENT.EXE [2015-04-21 613056]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2013-10-04 454336]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2014-02-21 270016]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2015-04-21 134336]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Preventivka
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preventivka
# AdwCleaner v5.112 - Logfile created 24/04/2016 at 09:12:00
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Roman - CENTURION
# Running from : C:\Users\Roman\Desktop\adwcleaner_5.112.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\Users\Roman\AppData\Local\DriverToolkit
***** [ Files ] *****
[-] File Deleted : C:\Users\Lucia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
[-] File Deleted : C:\Users\Lucia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key Deleted : HKCU\Software\DriverToolkit
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1238 bytes] - [24/04/2016 09:12:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [1351 bytes] - [24/04/2016 09:11:02]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1384 bytes] ##########
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (X64)
# Username : Roman - CENTURION
# Running from : C:\Users\Roman\Desktop\adwcleaner_5.112.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files (x86)\DriverToolkit
[-] Folder Deleted : C:\Users\Roman\AppData\Local\DriverToolkit
***** [ Files ] *****
[-] File Deleted : C:\Users\Lucia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
[-] File Deleted : C:\Users\Lucia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal
***** [ DLLs ] *****
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
[-] Key Deleted : HKCU\Software\DriverToolkit
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [1238 bytes] - [24/04/2016 09:12:00]
C:\AdwCleaner\AdwCleaner[S1].txt - [1351 bytes] - [24/04/2016 09:11:02]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1384 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preventivka
Logfile of random's system information tool 1.10 (written by random/random)
Run by Roman at 2016-04-24 12:18:59
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 47 GB (21%) free of 229 GB
Total RAM: 32699 MB (89% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:00, on 24. 4. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\vshub.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\Microsoft.VsHub.Server.HttpHost.exe
C:\Program Files\trend micro\Roman.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 5.255.87.150 cgpeers.com
O2 - BHO: Microsoft Web Test Recorder 12.0 Helper - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft Web Test Recorder 14.0 Helper - {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
O4 - Global Startup: Network Server.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office16\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://mapa.katasterportal.sk/kapor2/lib/mgaxctrl.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AfterFLICS v3 - Unknown owner - C:\Program Files (x86)\AFLICS\AfterFLICS.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc. (IPClampService) - Unknown owner - C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe
O23 - Service: JetBrains ETW Collector 104.0.20151218.123142 (jetbrainsetw.104.0.20151218.123142) - JetBrains s.r.o - C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray Satellite for Autodesk 3ds Max 2014 64-bit (mi-raysat_3dsmax2014_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 12082 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AFLICS\AfterFLICS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe" service
taskeng.exe {A485578A-00D2-46A0-AF02-04ADA59057F4}
"C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe"
"C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe"
"C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files (x86)\uTorrent\uTorrent.exe"
"C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Winstep\WsxService"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 2404
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
"C:\Program Files (x86)\Winstep\Nexus.exe" autostart
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
"C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
"C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\vshub.exe" EXECUTE -n vshub --console false --locationOutputPipeName 51f1ffed69094f1cbbfd23e7e38c97d9 -c:3116 --hubStartedEventName=0507c265804f4e69a5c8c41526475a2e
"C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\Microsoft.VsHub.Server.HttpHost.exe" --hostId 4acc143b-ffb6-47e4-8177-6d944e95d333 --controllerHostLocUri http://localhost:49154/vshub/24637d5483 ... HubService --hubName vshub --isFiddlerModeOn false -c:3116
\??\C:\Windows\system32\conhost.exe "-1934945316756036580670467268980515364-1023215608-272939707511252044-487599629
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe26_ Global\UsGthrCtrlFltPipeMssGthrPipe26 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\MSBuild\14.0\bin\VBCSCompiler.exe" "-pipename:Roman.1.GE6kSCQEbMXsysJ19S0qExhvU5zqX2Bc34kg0RSsgmc"
\??\C:\Windows\system32\conhost.exe "-668903074-1814471860-6479567-229290846-19627119531019002603-537820277110967319
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
"C:\Users\Roman\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Allway Sync_{4D9616FB91180E14D3F6C2C191292889}.job - C:\Program Files\Allway Sync\Bin\syncappw.exe -e -m -l -s "4D9616FB91180E14D3F6C2C191292889"
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-07 901600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{432dd630-7e03-4c97-9d62-b99f52df4fc2}]
Microsoft Web Test Recorder 12.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05 71520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20 462400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-07 678656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3}]
Microsoft Web Test Recorder 14.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07 75104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20 173120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-14 13671792]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2015-03-12 13318424]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nexus"=C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-28 16957056]
"AdobeBridge"= []
"Allway Sync"=C:\Program Files\Allway Sync\Bin\syncappw.exe [2014-06-26 95952]
"OneDrive"=C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-23 554176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
C:\Users\Roman\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [2007-10-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Display Manager.lnk]
C:\PROGRA~2\Dell\DELLDI~1\ddm.exe [2015-10-06 693952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk]
C:\PROGRA~2\WIBUKEY\Server\WkSvMgr.exe [2016-02-09 6580080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-02-21 292848]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2014-04-13 2099200]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-03-23 7139256]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01 596504]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Network Server.lnk - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Send to OneNote.lnk - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Rebus\Rebus Manager\RebusManager.exe"="C:\Rebus\Rebus Manager\RebusManager.exe:*:Enabled:RebusManager"
"C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe"="C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe:*:Enabled:Daum PotPlayer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
======File associations======
.ini - open - "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
======List of files/folders created in the last 1 month======
2016-04-24 09:10:56 ----D---- C:\AdwCleaner
2016-04-22 12:10:44 ----D---- C:\rsit
2016-04-17 16:32:59 ----D---- C:\Program Files (x86)\Microsoft OneDrive
2016-04-17 16:32:54 ----D---- C:\ProgramData\Microsoft OneDrive
2016-04-15 11:42:00 ----D---- C:\Program Files (x86)\JetBrains
2016-04-15 11:41:09 ----D---- C:\Users\Roman\AppData\Roaming\JetBrains
2016-04-13 13:12:34 ----A---- C:\Users\Roman\AppData\Roaming\PureRef.ini
2016-04-10 14:13:01 ----D---- C:\Program Files\PureRef
2016-03-27 12:41:30 ----D---- C:\Program Files (x86)\AppInsights
2016-03-27 12:33:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-03-27 12:27:57 ----D---- C:\Program Files\IIS Express
2016-03-27 12:27:57 ----D---- C:\Program Files (x86)\IIS Express
2016-03-27 12:27:31 ----D---- C:\Program Files (x86)\Microsoft Office365 Tools
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\ucrtbase.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
======List of files/folders modified in the last 1 month======
2016-04-24 12:19:00 ----D---- C:\Windows\Temp
2016-04-24 12:19:00 ----D---- C:\Program Files\trend micro
2016-04-24 12:18:54 ----D---- C:\Users\Roman\AppData\Roaming\KeePass
2016-04-24 12:18:51 ----D---- C:\Users\Roman\AppData\Roaming\foobar2000
2016-04-24 12:17:02 ----D---- C:\Users\Roman\AppData\Roaming\uTorrent
2016-04-24 09:17:06 ----D---- C:\Windows\System32
2016-04-24 09:17:06 ----D---- C:\Windows\inf
2016-04-24 09:17:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-24 09:12:00 ----RD---- C:\Program Files (x86)
2016-04-24 09:10:40 ----D---- C:\Program Files (x86)\uTorrent2
2016-04-22 19:58:29 ----D---- C:\Users\Roman\AppData\Roaming\vlc
2016-04-22 15:08:44 ----RSD---- C:\Windows\Fonts
2016-04-22 09:33:55 ----D---- C:\Users\Roman\AppData\Roaming\CDisplayEx
2016-04-20 15:54:27 ----D---- C:\Windows\Minidump
2016-04-20 15:54:24 ----D---- C:\Windows
2016-04-20 08:55:19 ----D---- C:\ProgramData\Oracle
2016-04-20 08:52:24 ----SHD---- C:\Windows\Installer
2016-04-20 08:52:24 ----D---- C:\Program Files (x86)\Java
2016-04-20 08:52:22 ----D---- C:\Windows\SysWOW64
2016-04-20 08:52:11 ----D---- C:\Program Files (x86)\Common Files
2016-04-20 08:51:55 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-04-19 12:56:40 ----D---- C:\Users\Roman\AppData\Roaming\Dropbox
2016-04-18 14:48:07 ----HD---- C:\ProgramData
2016-04-18 10:41:47 ----D---- C:\Program Files\7-Zip
2016-04-18 09:47:31 ----D---- C:\Windows\Tasks
2016-04-18 09:47:31 ----D---- C:\Windows\system32\Tasks
2016-04-18 09:13:51 ----D---- C:\Program Files (x86)\Steam
2016-04-18 09:13:16 ----D---- C:\Windows\pss
2016-04-17 17:18:00 ----SHD---- C:\System Volume Information
2016-04-16 21:03:43 ----D---- C:\Windows\Microsoft.NET
2016-04-16 16:44:22 ----AH---- C:\winscplog.txt
2016-04-16 15:26:18 ----RSD---- C:\Windows\assembly
2016-04-16 15:26:15 ----D---- C:\ProgramData\Microsoft Help
2016-04-16 15:25:24 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-04-16 15:25:12 ----D---- C:\Program Files (x86)\Microsoft Office
2016-04-16 15:24:49 ----D---- C:\Windows\system32\DriverStore
2016-04-16 12:36:08 ----D---- C:\Windows\system32\config
2016-04-14 09:43:56 ----D---- C:\Users\Roman\AppData\Roaming\TrueCrypt
2016-04-14 09:19:40 ----D---- C:\Program Files (x86)\Opera
2016-04-10 14:13:01 ----RD---- C:\Program Files
2016-04-10 14:13:01 ----D---- C:\ProgramData\Package Cache
2016-04-10 14:12:46 ----D---- C:\Windows\system32\catroot2
2016-04-08 18:20:06 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-04 21:54:02 ----D---- C:\Windows\winsxs
2016-04-03 12:24:51 ----D---- C:\Program Files (x86)\Calibre2
2016-03-27 13:21:06 ----D---- C:\ProgramData\Microsoft Visual Studio
2016-03-27 12:41:16 ----D---- C:\Program Files\Git
2016-03-27 12:41:13 ----D---- C:\ProgramData\Git
2016-03-27 12:36:06 ----D---- C:\Program Files (x86)\Microsoft SDKs
2016-03-27 12:35:44 ----D---- C:\Windows\SYSWOW64\1033
2016-03-27 12:35:39 ----D---- C:\Windows\system32\1033
2016-03-27 12:34:42 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-03-27 12:30:22 ----D---- C:\Program Files (x86)\Microsoft Web Tools
2016-03-27 12:26:54 ----D---- C:\Program Files (x86)\NuGet
2016-03-27 12:18:56 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-03-27 12:07:20 ----D---- C:\Windows\system32\catroot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-07 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-10 287016]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-02-21 20464]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2016-02-07 154024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-03-23 37144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-02-07 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-03-09 1070904]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-23 463744]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2013-03-04 40344]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2014-06-21 231376]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2014-05-16 254240]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2014-05-16 128288]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-07 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-03-09 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-02-07 165344]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2016-02-07 310904]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey64.sys [2016-02-09 106760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-14 3896920]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-02-21 370672]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-02-21 791024]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-03-20 118272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-07-25 204648]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\system32\DRIVERS\PdiPorts.sys [2006-11-16 19248]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-12-18 888536]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2014-05-16 141600]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2014-05-16 156448]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-07-24 34816]
R3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [2014-01-28 268800]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 MSICDSetup;MSICDSetup; \??\G:\CDriver64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-03-13 38032]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2014-09-03 169984]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Serial emulation driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S4 RsFx0310;RsFx0310 Driver; C:\Windows\system32\DRIVERS\RsFx0310.sys [2015-04-21 249024]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AfterFLICS v3;AfterFLICS v3; C:\Program Files (x86)\AFLICS\AfterFLICS.exe [2015-07-18 68610]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-07 237096]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 BotkindSyncService;Botkind Service; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [2015-08-21 182784]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-10-11 65536]
R2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.; C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe [2007-11-20 45700]
R2 jetbrainsetw.104.0.20151218.123142;JetBrains ETW Collector 104.0.20151218.123142; C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe [2015-12-18 1495248]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-09-15 86016]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-07-23 937616]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2016-02-07 5570120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 15768]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-06-21 1471352]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [2014-02-20 142336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-26 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-26 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 202928]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-02-02 835152]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-22 119808]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 VsEtwService120;Visual Studio ETW Event Collection Service; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-04 87728]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2015-11-19 56040]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-06-20 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 MSSQL$CENTURION;SQL Server (CENTURION); C:\Program Files\Microsoft SQL Server\MSSQL12.CENTURION\MSSQL\Binn\sqlservr.exe [2015-04-21 372416]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2013-10-04 197824]
S4 MySQL57;MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [2015-10-12 38587904]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 SQLAgent$CENTURION;SQL Server Agent (CENTURION); C:\Program Files\Microsoft SQL Server\MSSQL12.CENTURION\MSSQL\Binn\SQLAGENT.EXE [2015-04-21 613056]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2013-10-04 454336]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2014-02-21 270016]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2015-04-21 134336]
-----------------EOF-----------------
Run by Roman at 2016-04-24 12:18:59
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 47 GB (21%) free of 229 GB
Total RAM: 32699 MB (89% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:19:00, on 24. 4. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\vshub.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\Microsoft.VsHub.Server.HttpHost.exe
C:\Program Files\trend micro\Roman.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 5.255.87.150 cgpeers.com
O2 - BHO: Microsoft Web Test Recorder 12.0 Helper - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft Web Test Recorder 14.0 Helper - {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
O4 - Global Startup: Network Server.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office16\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://mapa.katasterportal.sk/kapor2/lib/mgaxctrl.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AfterFLICS v3 - Unknown owner - C:\Program Files (x86)\AFLICS\AfterFLICS.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc. (IPClampService) - Unknown owner - C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe
O23 - Service: JetBrains ETW Collector 104.0.20151218.123142 (jetbrainsetw.104.0.20151218.123142) - JetBrains s.r.o - C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray Satellite for Autodesk 3ds Max 2014 64-bit (mi-raysat_3dsmax2014_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 12082 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AFLICS\AfterFLICS.exe"
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe" service
taskeng.exe {A485578A-00D2-46A0-AF02-04ADA59057F4}
"C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe"
"C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe"
"C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files (x86)\uTorrent\uTorrent.exe"
"C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Winstep\WsxService"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 2404
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
"C:\Program Files (x86)\Winstep\Nexus.exe" autostart
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
"C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
"C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\vshub.exe" EXECUTE -n vshub --console false --locationOutputPipeName 51f1ffed69094f1cbbfd23e7e38c97d9 -c:3116 --hubStartedEventName=0507c265804f4e69a5c8c41526475a2e
"C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\Microsoft.VsHub.Server.HttpHost.exe" --hostId 4acc143b-ffb6-47e4-8177-6d944e95d333 --controllerHostLocUri http://localhost:49154/vshub/24637d5483 ... HubService --hubName vshub --isFiddlerModeOn false -c:3116
\??\C:\Windows\system32\conhost.exe "-1934945316756036580670467268980515364-1023215608-272939707511252044-487599629
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe26_ Global\UsGthrCtrlFltPipeMssGthrPipe26 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\MSBuild\14.0\bin\VBCSCompiler.exe" "-pipename:Roman.1.GE6kSCQEbMXsysJ19S0qExhvU5zqX2Bc34kg0RSsgmc"
\??\C:\Windows\system32\conhost.exe "-668903074-1814471860-6479567-229290846-19627119531019002603-537820277110967319
"C:\Windows\system32\SearchFilterHost.exe" 0 536 540 548 65536 544
"C:\Users\Roman\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Allway Sync_{4D9616FB91180E14D3F6C2C191292889}.job - C:\Program Files\Allway Sync\Bin\syncappw.exe -e -m -l -s "4D9616FB91180E14D3F6C2C191292889"
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-07 901600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{432dd630-7e03-4c97-9d62-b99f52df4fc2}]
Microsoft Web Test Recorder 12.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05 71520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20 462400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-07 678656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3}]
Microsoft Web Test Recorder 14.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07 75104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20 173120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-14 13671792]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2015-03-12 13318424]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nexus"=C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-28 16957056]
"AdobeBridge"= []
"Allway Sync"=C:\Program Files\Allway Sync\Bin\syncappw.exe [2014-06-26 95952]
"OneDrive"=C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-23 554176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
C:\Users\Roman\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [2007-10-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Display Manager.lnk]
C:\PROGRA~2\Dell\DELLDI~1\ddm.exe [2015-10-06 693952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk]
C:\PROGRA~2\WIBUKEY\Server\WkSvMgr.exe [2016-02-09 6580080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-02-21 292848]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2014-04-13 2099200]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-03-23 7139256]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-04-01 596504]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Network Server.lnk - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Send to OneNote.lnk - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Rebus\Rebus Manager\RebusManager.exe"="C:\Rebus\Rebus Manager\RebusManager.exe:*:Enabled:RebusManager"
"C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe"="C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe:*:Enabled:Daum PotPlayer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
======File associations======
.ini - open - "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
======List of files/folders created in the last 1 month======
2016-04-24 09:10:56 ----D---- C:\AdwCleaner
2016-04-22 12:10:44 ----D---- C:\rsit
2016-04-17 16:32:59 ----D---- C:\Program Files (x86)\Microsoft OneDrive
2016-04-17 16:32:54 ----D---- C:\ProgramData\Microsoft OneDrive
2016-04-15 11:42:00 ----D---- C:\Program Files (x86)\JetBrains
2016-04-15 11:41:09 ----D---- C:\Users\Roman\AppData\Roaming\JetBrains
2016-04-13 13:12:34 ----A---- C:\Users\Roman\AppData\Roaming\PureRef.ini
2016-04-10 14:13:01 ----D---- C:\Program Files\PureRef
2016-03-27 12:41:30 ----D---- C:\Program Files (x86)\AppInsights
2016-03-27 12:33:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-03-27 12:27:57 ----D---- C:\Program Files\IIS Express
2016-03-27 12:27:57 ----D---- C:\Program Files (x86)\IIS Express
2016-03-27 12:27:31 ----D---- C:\Program Files (x86)\Microsoft Office365 Tools
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\ucrtbase.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
======List of files/folders modified in the last 1 month======
2016-04-24 12:19:00 ----D---- C:\Windows\Temp
2016-04-24 12:19:00 ----D---- C:\Program Files\trend micro
2016-04-24 12:18:54 ----D---- C:\Users\Roman\AppData\Roaming\KeePass
2016-04-24 12:18:51 ----D---- C:\Users\Roman\AppData\Roaming\foobar2000
2016-04-24 12:17:02 ----D---- C:\Users\Roman\AppData\Roaming\uTorrent
2016-04-24 09:17:06 ----D---- C:\Windows\System32
2016-04-24 09:17:06 ----D---- C:\Windows\inf
2016-04-24 09:17:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-24 09:12:00 ----RD---- C:\Program Files (x86)
2016-04-24 09:10:40 ----D---- C:\Program Files (x86)\uTorrent2
2016-04-22 19:58:29 ----D---- C:\Users\Roman\AppData\Roaming\vlc
2016-04-22 15:08:44 ----RSD---- C:\Windows\Fonts
2016-04-22 09:33:55 ----D---- C:\Users\Roman\AppData\Roaming\CDisplayEx
2016-04-20 15:54:27 ----D---- C:\Windows\Minidump
2016-04-20 15:54:24 ----D---- C:\Windows
2016-04-20 08:55:19 ----D---- C:\ProgramData\Oracle
2016-04-20 08:52:24 ----SHD---- C:\Windows\Installer
2016-04-20 08:52:24 ----D---- C:\Program Files (x86)\Java
2016-04-20 08:52:22 ----D---- C:\Windows\SysWOW64
2016-04-20 08:52:11 ----D---- C:\Program Files (x86)\Common Files
2016-04-20 08:51:55 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-04-19 12:56:40 ----D---- C:\Users\Roman\AppData\Roaming\Dropbox
2016-04-18 14:48:07 ----HD---- C:\ProgramData
2016-04-18 10:41:47 ----D---- C:\Program Files\7-Zip
2016-04-18 09:47:31 ----D---- C:\Windows\Tasks
2016-04-18 09:47:31 ----D---- C:\Windows\system32\Tasks
2016-04-18 09:13:51 ----D---- C:\Program Files (x86)\Steam
2016-04-18 09:13:16 ----D---- C:\Windows\pss
2016-04-17 17:18:00 ----SHD---- C:\System Volume Information
2016-04-16 21:03:43 ----D---- C:\Windows\Microsoft.NET
2016-04-16 16:44:22 ----AH---- C:\winscplog.txt
2016-04-16 15:26:18 ----RSD---- C:\Windows\assembly
2016-04-16 15:26:15 ----D---- C:\ProgramData\Microsoft Help
2016-04-16 15:25:24 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-04-16 15:25:12 ----D---- C:\Program Files (x86)\Microsoft Office
2016-04-16 15:24:49 ----D---- C:\Windows\system32\DriverStore
2016-04-16 12:36:08 ----D---- C:\Windows\system32\config
2016-04-14 09:43:56 ----D---- C:\Users\Roman\AppData\Roaming\TrueCrypt
2016-04-14 09:19:40 ----D---- C:\Program Files (x86)\Opera
2016-04-10 14:13:01 ----RD---- C:\Program Files
2016-04-10 14:13:01 ----D---- C:\ProgramData\Package Cache
2016-04-10 14:12:46 ----D---- C:\Windows\system32\catroot2
2016-04-08 18:20:06 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-04 21:54:02 ----D---- C:\Windows\winsxs
2016-04-03 12:24:51 ----D---- C:\Program Files (x86)\Calibre2
2016-03-27 13:21:06 ----D---- C:\ProgramData\Microsoft Visual Studio
2016-03-27 12:41:16 ----D---- C:\Program Files\Git
2016-03-27 12:41:13 ----D---- C:\ProgramData\Git
2016-03-27 12:36:06 ----D---- C:\Program Files (x86)\Microsoft SDKs
2016-03-27 12:35:44 ----D---- C:\Windows\SYSWOW64\1033
2016-03-27 12:35:39 ----D---- C:\Windows\system32\1033
2016-03-27 12:34:42 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-03-27 12:30:22 ----D---- C:\Program Files (x86)\Microsoft Web Tools
2016-03-27 12:26:54 ----D---- C:\Program Files (x86)\NuGet
2016-03-27 12:18:56 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-03-27 12:07:20 ----D---- C:\Windows\system32\catroot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-07 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-10 287016]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-02-21 20464]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2016-02-07 154024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-03-23 37144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-02-07 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-03-09 1070904]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-23 463744]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2013-03-04 40344]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2014-06-21 231376]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2014-05-16 254240]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2014-05-16 128288]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-07 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-03-09 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-02-07 165344]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2016-02-07 310904]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey64.sys [2016-02-09 106760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-14 3896920]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-02-21 370672]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-02-21 791024]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-03-20 118272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-07-25 204648]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\system32\DRIVERS\PdiPorts.sys [2006-11-16 19248]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-12-18 888536]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2014-05-16 141600]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2014-05-16 156448]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-07-24 34816]
R3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [2014-01-28 268800]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 MSICDSetup;MSICDSetup; \??\G:\CDriver64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-03-13 38032]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2014-09-03 169984]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Serial emulation driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S4 RsFx0310;RsFx0310 Driver; C:\Windows\system32\DRIVERS\RsFx0310.sys [2015-04-21 249024]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AfterFLICS v3;AfterFLICS v3; C:\Program Files (x86)\AFLICS\AfterFLICS.exe [2015-07-18 68610]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-07 237096]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 BotkindSyncService;Botkind Service; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [2015-08-21 182784]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-10-11 65536]
R2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.; C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe [2007-11-20 45700]
R2 jetbrainsetw.104.0.20151218.123142;JetBrains ETW Collector 104.0.20151218.123142; C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe [2015-12-18 1495248]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-09-15 86016]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-07-23 937616]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2016-02-07 5570120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 15768]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-06-21 1471352]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [2014-02-20 142336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-26 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-26 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 202928]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-02-02 835152]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-22 119808]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 VsEtwService120;Visual Studio ETW Event Collection Service; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-04 87728]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2015-11-19 56040]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-06-20 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 MSSQL$CENTURION;SQL Server (CENTURION); C:\Program Files\Microsoft SQL Server\MSSQL12.CENTURION\MSSQL\Binn\sqlservr.exe [2015-04-21 372416]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2013-10-04 197824]
S4 MySQL57;MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [2015-10-12 38587904]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 SQLAgent$CENTURION;SQL Server Agent (CENTURION); C:\Program Files\Microsoft SQL Server\MSSQL12.CENTURION\MSSQL\Binn\SQLAGENT.EXE [2015-04-21 613056]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2013-10-04 454336]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2014-02-21 270016]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2015-04-21 134336]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
:services
Bonjour Service
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preventivka
Logfile of random's system information tool 1.10 (written by random/random)
Run by Roman at 2016-04-24 17:27:07
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 48 GB (21%) free of 229 GB
Total RAM: 32699 MB (91% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:27:08, on 24. 4. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\Roman.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 5.255.87.150 cgpeers.com
O2 - BHO: Microsoft Web Test Recorder 12.0 Helper - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft Web Test Recorder 14.0 Helper - {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
O4 - Global Startup: Network Server.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office16\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://mapa.katasterportal.sk/kapor2/lib/mgaxctrl.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AfterFLICS v3 - Unknown owner - C:\Program Files (x86)\AFLICS\AfterFLICS.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc. (IPClampService) - Unknown owner - C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe
O23 - Service: JetBrains ETW Collector 104.0.20151218.123142 (jetbrainsetw.104.0.20151218.123142) - JetBrains s.r.o - C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray Satellite for Autodesk 3ds Max 2014 64-bit (mi-raysat_3dsmax2014_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 11637 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
taskeng.exe {317F71D8-AF0C-4F73-867E-748AA60A34C6}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AFLICS\AfterFLICS.exe"
"C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe" service
"C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe"
"C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe"
"C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe"
taskeng.exe {2D28EF8D-5FE6-4559-9C53-5C075651455D}
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe"
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
"C:\Program Files (x86)\uTorrent\uTorrent.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Winstep\WsxService"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 2396
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
taskeng.exe {493127E9-5DA8-4A52-B3AC-8D0CB073D59F}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
"C:\Program Files (x86)\Winstep\Nexus.exe" autostart
"C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
"C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\Roman\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Allway Sync_{4D9616FB91180E14D3F6C2C191292889}.job - C:\Program Files\Allway Sync\Bin\syncappw.exe -e -m -l -s "4D9616FB91180E14D3F6C2C191292889"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-07 901600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{432dd630-7e03-4c97-9d62-b99f52df4fc2}]
Microsoft Web Test Recorder 12.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05 71520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20 462400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-07 678656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3}]
Microsoft Web Test Recorder 14.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07 75104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20 173120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-14 13671792]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2015-03-12 13318424]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nexus"=C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-28 16957056]
"AdobeBridge"= []
"Allway Sync"=C:\Program Files\Allway Sync\Bin\syncappw.exe [2014-06-26 95952]
"OneDrive"=C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-23 554176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
C:\Users\Roman\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [2007-10-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Display Manager.lnk]
C:\PROGRA~2\Dell\DELLDI~1\ddm.exe [2015-10-06 693952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk]
C:\PROGRA~2\WIBUKEY\Server\WkSvMgr.exe [2016-02-09 6580080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-02-21 292848]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2014-04-13 2099200]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-03-23 7139256]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Network Server.lnk - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Send to OneNote.lnk - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Rebus\Rebus Manager\RebusManager.exe"="C:\Rebus\Rebus Manager\RebusManager.exe:*:Enabled:RebusManager"
"C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe"="C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe:*:Enabled:Daum PotPlayer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
======File associations======
.ini - open - "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
======List of files/folders created in the last 1 month======
2016-04-24 17:24:21 ----D---- C:\_OTM
2016-04-24 09:10:56 ----D---- C:\AdwCleaner
2016-04-22 12:10:44 ----D---- C:\rsit
2016-04-17 16:32:59 ----D---- C:\Program Files (x86)\Microsoft OneDrive
2016-04-17 16:32:54 ----D---- C:\ProgramData\Microsoft OneDrive
2016-04-15 11:42:00 ----D---- C:\Program Files (x86)\JetBrains
2016-04-15 11:41:09 ----D---- C:\Users\Roman\AppData\Roaming\JetBrains
2016-04-13 13:12:34 ----A---- C:\Users\Roman\AppData\Roaming\PureRef.ini
2016-04-10 14:13:01 ----D---- C:\Program Files\PureRef
2016-03-27 12:41:30 ----D---- C:\Program Files (x86)\AppInsights
2016-03-27 12:33:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-03-27 12:27:57 ----D---- C:\Program Files\IIS Express
2016-03-27 12:27:57 ----D---- C:\Program Files (x86)\IIS Express
2016-03-27 12:27:31 ----D---- C:\Program Files (x86)\Microsoft Office365 Tools
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\ucrtbase.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
======List of files/folders modified in the last 1 month======
2016-04-24 17:27:08 ----D---- C:\Program Files\trend micro
2016-04-24 17:25:42 ----D---- C:\Users\Roman\AppData\Roaming\uTorrent
2016-04-24 17:25:35 ----D---- C:\Windows\Temp
2016-04-24 17:24:48 ----D---- C:\Windows\SysWOW64
2016-04-24 17:24:31 ----D---- C:\Users\Roman\AppData\Roaming\KeePass
2016-04-24 17:24:21 ----D---- C:\Windows\Tasks
2016-04-24 17:21:15 ----D---- C:\Windows\System32
2016-04-24 17:21:15 ----D---- C:\Windows\inf
2016-04-24 17:21:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-24 12:18:52 ----D---- C:\Users\Roman\AppData\Roaming\foobar2000
2016-04-24 09:12:00 ----RD---- C:\Program Files (x86)
2016-04-24 09:10:40 ----D---- C:\Program Files (x86)\uTorrent2
2016-04-22 19:58:29 ----D---- C:\Users\Roman\AppData\Roaming\vlc
2016-04-22 15:08:44 ----RSD---- C:\Windows\Fonts
2016-04-22 09:33:55 ----D---- C:\Users\Roman\AppData\Roaming\CDisplayEx
2016-04-20 15:54:27 ----D---- C:\Windows\Minidump
2016-04-20 15:54:24 ----D---- C:\Windows
2016-04-20 08:55:19 ----D---- C:\ProgramData\Oracle
2016-04-20 08:52:24 ----SHD---- C:\Windows\Installer
2016-04-20 08:52:24 ----D---- C:\Program Files (x86)\Java
2016-04-20 08:52:11 ----D---- C:\Program Files (x86)\Common Files
2016-04-20 08:51:55 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-04-19 12:56:40 ----D---- C:\Users\Roman\AppData\Roaming\Dropbox
2016-04-18 14:48:07 ----HD---- C:\ProgramData
2016-04-18 10:41:47 ----D---- C:\Program Files\7-Zip
2016-04-18 09:47:31 ----D---- C:\Windows\system32\Tasks
2016-04-18 09:13:51 ----D---- C:\Program Files (x86)\Steam
2016-04-18 09:13:16 ----D---- C:\Windows\pss
2016-04-17 17:18:00 ----SHD---- C:\System Volume Information
2016-04-16 21:03:43 ----D---- C:\Windows\Microsoft.NET
2016-04-16 16:44:22 ----AH---- C:\winscplog.txt
2016-04-16 15:26:18 ----RSD---- C:\Windows\assembly
2016-04-16 15:26:15 ----D---- C:\ProgramData\Microsoft Help
2016-04-16 15:25:24 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-04-16 15:25:12 ----D---- C:\Program Files (x86)\Microsoft Office
2016-04-16 15:24:49 ----D---- C:\Windows\system32\DriverStore
2016-04-16 12:36:08 ----D---- C:\Windows\system32\config
2016-04-14 09:43:56 ----D---- C:\Users\Roman\AppData\Roaming\TrueCrypt
2016-04-14 09:19:40 ----D---- C:\Program Files (x86)\Opera
2016-04-10 14:13:01 ----RD---- C:\Program Files
2016-04-10 14:13:01 ----D---- C:\ProgramData\Package Cache
2016-04-10 14:12:46 ----D---- C:\Windows\system32\catroot2
2016-04-08 18:20:06 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-04 21:54:02 ----D---- C:\Windows\winsxs
2016-04-03 12:24:51 ----D---- C:\Program Files (x86)\Calibre2
2016-03-27 13:21:06 ----D---- C:\ProgramData\Microsoft Visual Studio
2016-03-27 12:41:16 ----D---- C:\Program Files\Git
2016-03-27 12:41:13 ----D---- C:\ProgramData\Git
2016-03-27 12:36:06 ----D---- C:\Program Files (x86)\Microsoft SDKs
2016-03-27 12:35:44 ----D---- C:\Windows\SYSWOW64\1033
2016-03-27 12:35:39 ----D---- C:\Windows\system32\1033
2016-03-27 12:34:42 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-03-27 12:30:22 ----D---- C:\Program Files (x86)\Microsoft Web Tools
2016-03-27 12:26:54 ----D---- C:\Program Files (x86)\NuGet
2016-03-27 12:18:56 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-03-27 12:07:20 ----D---- C:\Windows\system32\catroot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-07 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-10 287016]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-02-21 20464]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2016-02-07 154024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-03-23 37144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-02-07 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-03-09 1070904]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-23 463744]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2013-03-04 40344]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2014-06-21 231376]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2014-05-16 254240]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2014-05-16 128288]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-07 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-03-09 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-02-07 165344]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2016-02-07 310904]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey64.sys [2016-02-09 106760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-14 3896920]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-02-21 370672]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-02-21 791024]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-03-20 118272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-07-25 204648]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\system32\DRIVERS\PdiPorts.sys [2006-11-16 19248]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-12-18 888536]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2014-05-16 141600]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2014-05-16 156448]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-07-24 34816]
R3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [2014-01-28 268800]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 MSICDSetup;MSICDSetup; \??\G:\CDriver64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-03-13 38032]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2014-09-03 169984]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Serial emulation driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S4 RsFx0310;RsFx0310 Driver; C:\Windows\system32\DRIVERS\RsFx0310.sys [2015-04-21 249024]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AfterFLICS v3;AfterFLICS v3; C:\Program Files (x86)\AFLICS\AfterFLICS.exe [2015-07-18 68610]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-07 237096]
R2 BotkindSyncService;Botkind Service; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [2015-08-21 182784]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-10-11 65536]
R2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.; C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe [2007-11-20 45700]
R2 jetbrainsetw.104.0.20151218.123142;JetBrains ETW Collector 104.0.20151218.123142; C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe [2015-12-18 1495248]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-09-15 86016]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-07-23 937616]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2016-02-07 5570120]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 15768]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-06-21 1471352]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [2014-02-20 142336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-26 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-26 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 202928]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-02-02 835152]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-22 119808]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 VsEtwService120;Visual Studio ETW Event Collection Service; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-04 87728]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2015-11-19 56040]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-06-20 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 MSSQL$CENTURION;SQL Server (CENTURION); C:\Program Files\Microsoft SQL Server\MSSQL12.CENTURION\MSSQL\Binn\sqlservr.exe [2015-04-21 372416]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2013-10-04 197824]
S4 MySQL57;MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [2015-10-12 38587904]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 SQLAgent$CENTURION;SQL Server Agent (CENTURION); C:\Program Files\Microsoft SQL Server\MSSQL12.CENTURION\MSSQL\Binn\SQLAGENT.EXE [2015-04-21 613056]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2013-10-04 454336]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2014-02-21 270016]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2015-04-21 134336]
-----------------EOF-----------------
Run by Roman at 2016-04-24 17:27:07
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 48 GB (21%) free of 229 GB
Total RAM: 32699 MB (91% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:27:08, on 24. 4. 2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winstep\Nexus.exe
C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\Roman.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 5.255.87.150 cgpeers.com
O2 - BHO: Microsoft Web Test Recorder 12.0 Helper - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft Web Test Recorder 14.0 Helper - {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Nexus] C:\Program Files (x86)\Winstep\Nexus.exe autostart
O4 - HKCU\..\Run: [Allway Sync] "C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
O4 - Global Startup: Network Server.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office16\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://mapa.katasterportal.sk/kapor2/lib/mgaxctrl.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AfterFLICS v3 - Unknown owner - C:\Program Files (x86)\AFLICS\AfterFLICS.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Botkind Service (BotkindSyncService) - Unknown owner - C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc. (IPClampService) - Unknown owner - C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe
O23 - Service: JetBrains ETW Collector 104.0.20151218.123142 (jetbrainsetw.104.0.20151218.123142) - JetBrains s.r.o - C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: mental ray Satellite for Autodesk 3ds Max 2014 64-bit (mi-raysat_3dsmax2014_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Winstep Xtreme Service - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 11637 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
taskeng.exe {317F71D8-AF0C-4F73-867E-748AA60A34C6}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AFLICS\AfterFLICS.exe"
"C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe" service
"C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe"
"C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe"
"C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe"
taskeng.exe {2D28EF8D-5FE6-4559-9C53-5C075651455D}
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
"C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe"
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
"C:\Program Files (x86)\uTorrent\uTorrent.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Winstep\WsxService"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\Windows\system32\wbem\wmiprvse.exe
WLIDSvcM.exe 2396
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
taskeng.exe {493127E9-5DA8-4A52-B3AC-8D0CB073D59F}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized
"C:\Program Files (x86)\Winstep\Nexus.exe" autostart
"C:\Program Files\Allway Sync\Bin\syncappw.exe" -m
"C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe"
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Users\Roman\Desktop\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\Allway Sync_{4D9616FB91180E14D3F6C2C191292889}.job - C:\Program Files\Allway Sync\Bin\syncappw.exe -e -m -l -s "4D9616FB91180E14D3F6C2C191292889"
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-07 901600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~1\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{432dd630-7e03-4c97-9d62-b99f52df4fc2}]
Microsoft Web Test Recorder 12.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2013-10-05 71520]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-20 462400]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-07 678656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3}]
Microsoft Web Test Recorder 14.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07 75104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20 173120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-03-14 13671792]
"Launch LCore"=C:\Program Files\Logitech Gaming Software\LCore.exe [2015-03-12 13318424]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nexus"=C:\Program Files (x86)\Winstep\Nexus.exe [2012-03-28 16957056]
"AdobeBridge"= []
"Allway Sync"=C:\Program Files\Allway Sync\Bin\syncappw.exe [2014-06-26 95952]
"OneDrive"=C:\Users\Roman\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2016-04-23 554176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update]
C:\Users\Roman\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT LGE]
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [2007-10-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvBackend]
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShadowPlay]
C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Display Manager.lnk]
C:\PROGRA~2\Dell\DELLDI~1\ddm.exe [2015-10-06 693952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Network Server.lnk]
C:\PROGRA~2\WIBUKEY\Server\WkSvMgr.exe [2016-02-09 6580080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\Roman\AppData\Roaming\Dropbox\bin\Dropbox.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Roman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2014-02-21 292848]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2014-04-13 2099200]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-03-23 7139256]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Network Server.lnk - C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Users\Roman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Send to OneNote.lnk - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Rebus\Rebus Manager\RebusManager.exe"="C:\Rebus\Rebus Manager\RebusManager.exe:*:Enabled:RebusManager"
"C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe"="C:\Program Files\Daum\PotPlayer\PotPlayerMini64.exe:*:Enabled:Daum PotPlayer"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
======File associations======
.ini - open - "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files (x86)\Notepad++\notepad++.exe" "%1"
======List of files/folders created in the last 1 month======
2016-04-24 17:24:21 ----D---- C:\_OTM
2016-04-24 09:10:56 ----D---- C:\AdwCleaner
2016-04-22 12:10:44 ----D---- C:\rsit
2016-04-17 16:32:59 ----D---- C:\Program Files (x86)\Microsoft OneDrive
2016-04-17 16:32:54 ----D---- C:\ProgramData\Microsoft OneDrive
2016-04-15 11:42:00 ----D---- C:\Program Files (x86)\JetBrains
2016-04-15 11:41:09 ----D---- C:\Users\Roman\AppData\Roaming\JetBrains
2016-04-13 13:12:34 ----A---- C:\Users\Roman\AppData\Roaming\PureRef.ini
2016-04-10 14:13:01 ----D---- C:\Program Files\PureRef
2016-03-27 12:41:30 ----D---- C:\Program Files (x86)\AppInsights
2016-03-27 12:33:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2016-03-27 12:27:57 ----D---- C:\Program Files\IIS Express
2016-03-27 12:27:57 ----D---- C:\Program Files (x86)\IIS Express
2016-03-27 12:27:31 ----D---- C:\Program Files (x86)\Microsoft Office365 Tools
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\ucrtbase.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\ucrtbase.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-27 12:07:19 ----A---- C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
======List of files/folders modified in the last 1 month======
2016-04-24 17:27:08 ----D---- C:\Program Files\trend micro
2016-04-24 17:25:42 ----D---- C:\Users\Roman\AppData\Roaming\uTorrent
2016-04-24 17:25:35 ----D---- C:\Windows\Temp
2016-04-24 17:24:48 ----D---- C:\Windows\SysWOW64
2016-04-24 17:24:31 ----D---- C:\Users\Roman\AppData\Roaming\KeePass
2016-04-24 17:24:21 ----D---- C:\Windows\Tasks
2016-04-24 17:21:15 ----D---- C:\Windows\System32
2016-04-24 17:21:15 ----D---- C:\Windows\inf
2016-04-24 17:21:15 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-04-24 12:18:52 ----D---- C:\Users\Roman\AppData\Roaming\foobar2000
2016-04-24 09:12:00 ----RD---- C:\Program Files (x86)
2016-04-24 09:10:40 ----D---- C:\Program Files (x86)\uTorrent2
2016-04-22 19:58:29 ----D---- C:\Users\Roman\AppData\Roaming\vlc
2016-04-22 15:08:44 ----RSD---- C:\Windows\Fonts
2016-04-22 09:33:55 ----D---- C:\Users\Roman\AppData\Roaming\CDisplayEx
2016-04-20 15:54:27 ----D---- C:\Windows\Minidump
2016-04-20 15:54:24 ----D---- C:\Windows
2016-04-20 08:55:19 ----D---- C:\ProgramData\Oracle
2016-04-20 08:52:24 ----SHD---- C:\Windows\Installer
2016-04-20 08:52:24 ----D---- C:\Program Files (x86)\Java
2016-04-20 08:52:11 ----D---- C:\Program Files (x86)\Common Files
2016-04-20 08:51:55 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2016-04-19 12:56:40 ----D---- C:\Users\Roman\AppData\Roaming\Dropbox
2016-04-18 14:48:07 ----HD---- C:\ProgramData
2016-04-18 10:41:47 ----D---- C:\Program Files\7-Zip
2016-04-18 09:47:31 ----D---- C:\Windows\system32\Tasks
2016-04-18 09:13:51 ----D---- C:\Program Files (x86)\Steam
2016-04-18 09:13:16 ----D---- C:\Windows\pss
2016-04-17 17:18:00 ----SHD---- C:\System Volume Information
2016-04-16 21:03:43 ----D---- C:\Windows\Microsoft.NET
2016-04-16 16:44:22 ----AH---- C:\winscplog.txt
2016-04-16 15:26:18 ----RSD---- C:\Windows\assembly
2016-04-16 15:26:15 ----D---- C:\ProgramData\Microsoft Help
2016-04-16 15:25:24 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2016-04-16 15:25:12 ----D---- C:\Program Files (x86)\Microsoft Office
2016-04-16 15:24:49 ----D---- C:\Windows\system32\DriverStore
2016-04-16 12:36:08 ----D---- C:\Windows\system32\config
2016-04-14 09:43:56 ----D---- C:\Users\Roman\AppData\Roaming\TrueCrypt
2016-04-14 09:19:40 ----D---- C:\Program Files (x86)\Opera
2016-04-10 14:13:01 ----RD---- C:\Program Files
2016-04-10 14:13:01 ----D---- C:\ProgramData\Package Cache
2016-04-10 14:12:46 ----D---- C:\Windows\system32\catroot2
2016-04-08 18:20:06 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-04-04 21:54:02 ----D---- C:\Windows\winsxs
2016-04-03 12:24:51 ----D---- C:\Program Files (x86)\Calibre2
2016-03-27 13:21:06 ----D---- C:\ProgramData\Microsoft Visual Studio
2016-03-27 12:41:16 ----D---- C:\Program Files\Git
2016-03-27 12:41:13 ----D---- C:\ProgramData\Git
2016-03-27 12:36:06 ----D---- C:\Program Files (x86)\Microsoft SDKs
2016-03-27 12:35:44 ----D---- C:\Windows\SYSWOW64\1033
2016-03-27 12:35:39 ----D---- C:\Windows\system32\1033
2016-03-27 12:34:42 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-03-27 12:30:22 ----D---- C:\Program Files (x86)\Microsoft Web Tools
2016-03-27 12:26:54 ----D---- C:\Program Files (x86)\NuGet
2016-03-27 12:18:56 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2016-03-27 12:07:20 ----D---- C:\Windows\system32\catroot
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-07 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-10 287016]
R0 iaStorA;iaStorA; C:\Windows\system32\DRIVERS\iaStorA.sys [2014-04-11 645480]
R0 iaStorF;iaStorF; C:\Windows\system32\DRIVERS\iaStorF.sys [2014-04-11 28008]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2014-02-21 20464]
R0 ngvss;ngvss; C:\Windows\system32\drivers\ngvss.sys [2016-02-07 154024]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-03-23 37144]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-02-07 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-03-09 1070904]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-23 463744]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2013-03-04 40344]
R1 truecrypt;truecrypt; C:\Windows\System32\drivers\truecrypt.sys [2014-06-21 231376]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2014-05-16 254240]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2014-05-16 128288]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-07 37656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-03-09 107792]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-02-07 165344]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2013-03-01 36600]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2016-02-07 310904]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\Windows\SYSTEM32\DRIVERS\WibuKey64.sys [2016-02-09 106760]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-03-14 3896920]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2014-02-21 370672]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2014-02-21 791024]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2014-03-20 118272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2015-07-25 204648]
R3 PdiPorts;Portrait Displays low level device driver; C:\Windows\system32\DRIVERS\PdiPorts.sys [2006-11-16 19248]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2013-12-18 888536]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2014-05-16 141600]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2014-05-16 156448]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-07-24 34816]
R3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [2014-01-28 268800]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys []
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 MSICDSetup;MSICDSetup; \??\G:\CDriver64.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2015-03-13 38032]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2014-09-03 169984]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usbser;USB Serial emulation driver; C:\Windows\system32\drivers\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S4 RsFx0310;RsFx0310 Driver; C:\Windows\system32\DRIVERS\RsFx0310.sys [2015-04-21 249024]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AfterFLICS v3;AfterFLICS v3; C:\Program Files (x86)\AFLICS\AfterFLICS.exe [2015-07-18 68610]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-07 237096]
R2 BotkindSyncService;Botkind Service; C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe [2015-08-21 182784]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [2007-10-11 65536]
R2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.; C:\Program Files (x86)\cebas\ip-clamp\ipclamp.exe [2007-11-20 45700]
R2 jetbrainsetw.104.0.20151218.123142;JetBrains ETW Collector 104.0.20151218.123142; C:\Program Files (x86)\JetBrains\ETW Host\JetBrains.ETW.Collector.Host.exe [2015-12-18 1495248]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 mi-raysat_3dsmax2014_64;mental ray Satellite for Autodesk 3ds Max 2014 64-bit; C:\Program Files\Autodesk\3ds Max 2014\NVIDIA\Satellite\raysat_3dsmax2014_64server.exe [2011-09-15 86016]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-07-23 937616]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2016-02-07 5570120]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08 269504]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 c2wts;@%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 15768]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-06-21 1471352]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [2014-02-20 142336]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-06-26 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-10-26 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 202928]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files (x86)\WinPcap\rpcapd.exe [2013-03-01 118520]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2016-02-02 835152]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [2013-08-22 119808]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 VsEtwService120;Visual Studio ETW Event Collection Service; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-04 87728]
S3 VSStandardCollectorService140;Visual Studio Standard Collector Service; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [2015-11-19 56040]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-06-20 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 MSSQL$CENTURION;SQL Server (CENTURION); C:\Program Files\Microsoft SQL Server\MSSQL12.CENTURION\MSSQL\Binn\sqlservr.exe [2015-04-21 372416]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2013-10-04 197824]
S4 MySQL57;MySQL57; C:\Program Files\MySQL\MySQL Server 5.7\bin\mysqld.exe [2015-10-12 38587904]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 SQLAgent$CENTURION;SQL Server Agent (CENTURION); C:\Program Files\Microsoft SQL Server\MSSQL12.CENTURION\MSSQL\Binn\SQLAGENT.EXE [2015-04-21 613056]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL12.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2013-10-04 454336]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2014-02-21 270016]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2015-04-21 134336]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka
Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Log je již OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Preventivka
Skvelé, veľká vďaka 
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Preventivka
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?