Dobrý den, prosím o kontrolu. PC jsem čistil Malwarebytes ale zřejmě tam ještě něco zustalo. Firefox se sám občas přesměruje na jiné stránky díky.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-09-2016
Ran by stefan (administrator) on STEFAN-PC (01-10-2016 10:09:19)
Running from C:\Users\stefan\Desktop
Loaded Profiles: stefan (Available Profiles: stefan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
() C:\Users\stefan\AppData\Roaming\System Monitor\sm.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(forum.viry.cz) C:\Users\stefan\Desktop\FRSTLauncher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2723624 2011-03-28] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9107616 2016-09-12] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1186340294-2737021413-1934661414-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [456224 2010-07-29] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-19] (AVAST Software)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1186340294-2737021413-1934661414-1000] => localhost:8080
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6CE366F1-4F82-4549-969B-4C8EDCE5016F}: [DhcpNameServer] 192.168.0.1
ManualProxies:
Internet Explorer:
==================
HKU\S-1-5-21-1186340294-2737021413-1934661414-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.cz/
HKU\S-1-5-21-1186340294-2737021413-1934661414-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&for ... -SearchBox
SearchScopes: HKU\S-1-5-21-1186340294-2737021413-1934661414-1000 -> DefaultScope {54E1C148-3127-4F69-9D0B-8DEAB62E5CC3} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1186340294-2737021413-1934661414-1000 -> {42A80ABF-C5A4-46B7-AD90-CCE086AC2E9C} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_19067
SearchScopes: HKU\S-1-5-21-1186340294-2737021413-1934661414-1000 -> {54E1C148-3127-4F69-9D0B-8DEAB62E5CC3} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-19] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-19] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-07-22] (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\brndejmp.default
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Extension: (Foxtrick) - C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\brndejmp.default\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}.xpi [2016-09-28]
FF Extension: (Adblock Plus) - C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\brndejmp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-09-28]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-27]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-27]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\648619832.js [2016-09-26] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\648619832.cfg [2016-09-26] <==== ATTENTION
Chrome:
=======
CHR HomePage: kzculttovushclqerse -> hxxps://www.seznam.cz/
CHR StartupUrls: kzculttovushclqerse -> "hxxps://www.seznam.cz/","hxxps://www.seznam.cz./"
CHR Profile: C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default [2016-09-28]
CHR Extension: (Avast Online Security) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-08-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-04]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-08-04]
CHR Extension: (Gmail) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-04]
CHR Extension: (Chrome Media Router) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-04]
CHR Profile: C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse [2016-09-28] <==== ATTENTION
CHR Extension: (Prezentace Google) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-20]
CHR Extension: (Dokumenty Google) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-20]
CHR Extension: (Disk Google) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-07-20]
CHR Extension: (YouTube) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-07-20]
CHR Extension: (Foxtrick) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\bpfbbngccefbbndginomofgpagkjckik [2016-07-31]
CHR Extension: (Adblock Plus) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Avast Online Security) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\daanglpcpkjjlkhcbladppjphglbigam [2016-08-09]
CHR Extension: (Avast SafePrice) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\fcoadmpfijfcmokecmkgolhbaeclfage [2016-08-12]
CHR Extension: (Tabulky Google) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-20]
CHR Extension: (Dokumenty Google offline) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-20]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-07-20]
CHR Extension: (Gmail) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-07-20]
CHR Extension: (Chrome Media Router) - C:\Users\stefan\AppData\Local\Google\Chrome\User Data\kzculttovushclqerse\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fcoadmpfijfcmokecmkgolhbaeclfage] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [223600 2016-08-19] (AVAST Software)
R2 GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-08-19] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-08-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [108816 2016-08-19] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [28312 2016-07-28] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [453192 2016-08-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-08-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-19] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [969184 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [513632 2016-09-22] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [163416 2016-08-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [292704 2016-08-19] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-08-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-01 10:09 - 2016-10-01 10:09 - 00016873 _____ C:\Users\stefan\Desktop\FRST.txt
2016-10-01 09:59 - 2016-10-01 09:59 - 00112640 _____ (forum.viry.cz) C:\Users\stefan\Desktop\FRSTLauncher.exe
2016-10-01 09:57 - 2016-10-01 09:57 - 02404352 _____ (Farbar) C:\Users\stefan\Desktop\FRST64.exe
2016-09-30 18:19 - 2016-10-01 10:08 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-30 18:19 - 2016-09-30 18:19 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-30 18:19 - 2016-09-30 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-30 18:19 - 2016-09-30 18:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-30 18:19 - 2016-09-30 18:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-30 18:19 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-30 18:19 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-30 18:19 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-30 17:47 - 2016-09-30 17:48 - 00000000 ____D C:\FRST
2016-09-29 20:57 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160929-205728.backup
2016-09-29 17:03 - 2016-09-29 18:22 - 00000000 ____D C:\Users\stefan\AppData\Roaming\vlc
2016-09-29 17:01 - 2016-09-29 17:01 - 00000875 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-09-29 17:01 - 2016-09-29 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-09-29 17:00 - 2016-09-29 17:00 - 00000000 ____D C:\Program Files\VideoLAN
2016-09-28 19:58 - 2016-09-28 19:58 - 00095140 _____ C:\Users\stefan\Documents\cc_20160928_195825.reg
2016-09-28 19:53 - 2016-09-28 19:53 - 00002794 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-09-28 19:53 - 2016-09-28 19:53 - 00000826 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-09-28 19:53 - 2016-09-28 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-09-28 19:53 - 2016-09-28 19:53 - 00000000 ____D C:\Program Files\CCleaner
2016-09-28 19:51 - 2016-09-28 19:51 - 08244656 _____ (Piriform Ltd) C:\Users\stefan\Downloads\ccsetup522.exe
2016-09-28 19:47 - 2016-09-30 18:44 - 00001844 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-09-28 19:47 - 2016-09-28 19:47 - 00000940 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-09-28 19:47 - 2016-09-28 19:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-09-28 19:47 - 2016-09-28 19:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-28 19:46 - 2016-09-28 19:47 - 45679128 _____ C:\Users\stefan\Downloads\FirefoxSetup49.0.1cz64.exe
2016-09-27 22:00 - 2016-08-19 19:38 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-09-27 21:52 - 2016-09-27 21:56 - 00000000 ____D C:\Program Files (x86)\Firefox
2016-09-27 20:41 - 2016-09-27 21:57 - 00000000 ____D C:\Users\stefan\Downloads\Seznam - najdu tam, co neznám_soubory
2016-09-27 20:41 - 2016-09-27 20:41 - 00142534 _____ C:\Users\stefan\Downloads\Seznam - najdu tam, co neznám.htm
2016-09-27 20:34 - 2016-09-27 21:51 - 00000000 _____ C:\Users\Public\Documents\temp.dat
2016-09-26 23:11 - 2016-09-27 23:07 - 00000000 ____D C:\ProgramData\FileFinder
2016-09-26 23:10 - 2016-09-27 21:56 - 00000000 ____D C:\ProgramData\Webitar Production Inc
2016-09-23 22:22 - 2016-09-27 23:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-23 20:33 - 2016-09-23 20:33 - 00000000 ____D C:\Users\stefan\AppData\Roaming\PCPRJ
2016-09-23 20:32 - 2016-09-28 19:40 - 00000000 ____D C:\Users\stefan\AppData\Roaming\Jawego
2016-09-23 20:32 - 2016-09-27 21:56 - 00000000 ____D C:\Users\stefan\AppData\Local\Jawego
2016-09-22 09:31 - 1980-01-01 00:00 - 00946968 _____ C:\Users\stefan\Desktop\xxLN570R-ZA00001.TLL
2016-09-22 00:07 - 2003-01-20 17:46 - 00044098 _____ C:\Users\stefan\AppData\usrlgo.bmp
2016-09-22 00:01 - 2016-10-01 10:08 - 00003008 _____ C:\Windows\System32\Tasks\RunAtStartup
2016-09-22 00:01 - 2016-10-01 10:08 - 00000000 ____D C:\Users\stefan\AppData\Roaming\System Monitor
2016-09-21 23:59 - 2016-09-27 21:57 - 00000000 ____D C:\Users\stefan\AppData\Local\Downloaded Installations
2016-09-20 12:00 - 2016-09-22 15:06 - 00004978 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for stefan-PC-stefan stefan-PC
2016-09-13 21:43 - 2016-09-13 21:44 - 00000000 ____D C:\Users\stefan\AppData\Roaming\Mozilla
2016-09-13 21:43 - 2016-09-13 21:44 - 00000000 ____D C:\Users\stefan\AppData\Local\Mozilla
2016-09-13 21:42 - 2016-09-13 21:42 - 03075456 _____ (PS Media s.r.o.) C:\Users\stefan\Downloads\Mozilla Firefox - 041030_instaluj.exe
2016-09-13 21:42 - 2016-09-13 21:42 - 02324216 _____ (PS Media s.r.o.) C:\Windows\SysWOW64\ssins.exe
2016-09-13 21:42 - 2016-09-13 21:42 - 00000079 _____ C:\Windows\SysWOW64\ssinstall-uninstall.bat
2016-09-13 21:26 - 2016-09-30 18:57 - 00000806 _____ C:\Windows\wininit.ini
2016-09-13 13:59 - 2016-09-13 13:59 - 00000000 ____D C:\Windows\pss
2016-09-13 13:24 - 2016-09-13 21:34 - 00000000 ____D C:\Users\stefan\AppData\Roaming\Seznam Browser
2016-09-05 17:24 - 2016-09-05 17:24 - 00194205 _____ C:\Users\stefan\Desktop\bc-450_navod.pdf
2016-09-05 15:47 - 2016-09-05 15:47 - 00000000 ____D C:\Users\stefan\AppData\Local\Crashpad
2016-09-05 15:46 - 2016-09-05 15:47 - 54310928 _____ C:\Users\stefan\Downloads\Seznam.cz.exe
2016-09-02 09:19 - 2016-09-02 09:19 - 00000000 _____ C:\Windows\SysWOW64\tmp0.html
2016-09-01 15:22 - 2016-09-22 14:25 - 00000480 _____ C:\Users\stefan\AppData\Roaming\mainhst.zgh
2016-09-01 15:21 - 2016-09-01 15:22 - 00000000 ____D C:\Users\stefan\AppData\Roaming\ZipGenius
2016-09-01 15:21 - 2016-09-01 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZipGenius 6
2016-09-01 15:21 - 2016-09-01 15:21 - 00000000 ____D C:\Program Files (x86)\ZipGenius 6
2016-09-01 15:20 - 2016-09-01 15:20 - 05247248 _____ (M.Dev Software ) C:\Users\stefan\Downloads\zg603std.exe
2016-09-01 15:18 - 2016-09-01 15:19 - 57139113 _____ C:\Users\stefan\Downloads\winzip_17.5.Build10562.exe
2016-09-01 15:09 - 2016-09-01 15:09 - 01107003 _____ (Igor Pavlov) C:\Users\stefan\Downloads\7z1600.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-10-01 10:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-01 09:42 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-01 09:42 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-01 09:41 - 2016-07-13 20:52 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-09-30 18:57 - 2016-07-31 20:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-30 18:57 - 2016-07-31 20:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-30 18:43 - 2016-08-04 14:40 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-09-30 17:17 - 2016-07-30 15:50 - 00007614 _____ C:\Users\stefan\AppData\Local\Resmon.ResmonCfg
2016-09-29 22:39 - 2016-07-13 09:08 - 00000000 ____D C:\Users\stefan\AppData\Local\VirtualStore
2016-09-29 16:59 - 2016-07-13 18:23 - 00622660 _____ C:\Windows\system32\perfh005.dat
2016-09-29 16:59 - 2016-07-13 18:23 - 00118810 _____ C:\Windows\system32\perfc005.dat
2016-09-29 16:59 - 2009-07-14 07:13 - 01445734 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-29 16:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-09-28 21:41 - 2016-07-13 20:52 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-28 21:41 - 2016-07-13 20:52 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-28 21:41 - 2016-07-13 20:52 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-28 21:41 - 2011-08-15 11:15 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-28 21:41 - 2011-08-15 11:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-28 19:57 - 2016-07-13 09:55 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-28 19:54 - 2007-07-12 03:49 - 00000000 ____D C:\Windows\Panther
2016-09-28 19:41 - 2016-08-04 11:34 - 00000000 ____D C:\Program Files (x86)\Seznam.cz
2016-09-28 19:41 - 2016-08-04 11:33 - 00000000 ____D C:\Users\stefan\AppData\Roaming\Seznam.cz
2016-09-28 18:16 - 2016-07-13 09:40 - 00000000 ___SD C:\Users\stefan\AppData\LocalLow\Temp
2016-09-28 12:11 - 2016-07-25 17:02 - 00000000 ____D C:\Users\stefan\Desktop\Xtech navi záloha k 25.7.2016
2016-09-28 12:07 - 2016-08-27 22:34 - 00000000 ____D C:\Program Files (x86)\WinSaber
2016-09-27 23:07 - 2011-08-15 11:40 - 00000000 ___HD C:\OEM
2016-09-27 22:00 - 2016-07-13 09:22 - 00003922 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-09-27 21:57 - 2016-07-14 22:55 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-09-27 21:57 - 2016-07-13 09:46 - 00000000 ____D C:\Users\stefan\AppData\Roaming\Skype
2016-09-27 21:57 - 2016-07-13 09:44 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2016-09-27 21:57 - 2016-07-13 09:07 - 00000000 ____D C:\Users\stefan
2016-09-27 21:57 - 2011-08-15 11:00 - 00000000 ____D C:\ProgramData\Skype
2016-09-27 21:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2016-09-27 21:56 - 2016-07-27 20:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-09-27 21:56 - 2016-07-13 08:32 - 00000000 ____D C:\Program Files (x86)\Launch Manager
2016-09-27 21:56 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2016-09-27 21:54 - 2016-07-30 15:57 - 00001926 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-09-27 21:52 - 2016-08-23 12:20 - 00000140 _____ C:\Users\Public\Documents\report.dat
2016-09-26 23:11 - 2016-07-28 20:03 - 00001243 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-09-26 23:11 - 2016-07-28 20:03 - 00001243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-09-26 23:11 - 2016-07-13 09:08 - 00001503 _____ C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-22 14:16 - 2016-07-13 09:22 - 00513632 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-09-20 09:16 - 2016-07-28 20:03 - 00003892 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1469728995
2016-09-13 13:34 - 2016-07-13 09:21 - 00969184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-09-05 16:51 - 2016-08-04 09:06 - 00000000 ____D C:\Users\stefan\AppData\Local\ElevatedDiagnostics
2016-09-05 10:18 - 2016-08-22 10:23 - 00000000 ____D C:\ProgramData\CwinpC
2016-09-02 20:15 - 2016-08-22 17:59 - 00000000 _____ C:\Windows\SysWOW64\tmp1.html
2016-09-01 15:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2016-09-01 15:22 - 2016-09-22 14:25 - 0000480 _____ () C:\Users\stefan\AppData\Roaming\mainhst.zgh
2016-07-30 15:50 - 2016-09-30 17:17 - 0007614 _____ () C:\Users\stefan\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
C:\Users\stefan\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Avast Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\stefan\Desktop" je 5277 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray
"C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\stefan\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\stefan\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager
C:\Program Files (x86)\Launch Manager\LManager.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce
"C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall
"C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk
C:\PROGRA~2\Acer\ACERVC~1\AcerVCM.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
viry
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: viry
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
postomlatic
- Návštěvník
- Příspěvky: 6
- Registrován: 01 říj 2016 09:23
Re: viry
# AdwCleaner v6.020 - Log soubor vytvořen 01/10/2016 na 11:29:09
# Aktualizováno dne 14/09/2016 z ToolsLib
# Databáze : 2016-09-30.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : stefan - STEFAN-PC
# Beží od : C:\Users\stefan\Desktop\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://toolslib.net/forum
***** [ Služby ] *****
***** [ Adresáře ] *****
[-] Adresář smazán:C:\ProgramData\1winp1
[-] Adresář smazán:C:\ProgramData\CwinpC
[-] Adresář smazán:C:\Users\stefan\AppData\Local\jawego
[-] Adresář smazán:C:\Users\stefan\AppData\Local\hehesevuluiedfebt
[-] Adresář smazán:C:\Users\stefan\AppData\Roaming\WinZiper
[-] Adresář smazán:C:\Users\stefan\AppData\Roaming\PCPRJ
[-] Adresář smazán:C:\Users\stefan\AppData\Roaming\jawego
[-] Adresář smazán:C:\Users\stefan\AppData\Roaming\System Monitor
[-] Adresář smazán:C:\ProgramData\ChelfNotify
[#] Adresář nelze smazat:C:\ProgramData\Application Data\ChelfNotify
[-] Adresář smazán:C:\Program Files (x86)\WinSaber
[-] Adresář smazán:C:\Program Files (x86)\SoEasySvc
[#] Adresář nelze smazat:C:\Program Files (x86)\winsaber
[-] Adresář smazán:C:\extensions
[-] Adresář smazán:C:\Program Files (x86)\Firefox
***** [ Soubory ] *****
[-] Soubor smazán:C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán:C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\brndejmp.default\invalidprefs.js
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupce ] *****
[-] Zástupce dezinfikován:C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[-] Zástupce dezinfikován:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[-] Zástupce dezinfikován:C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce dezinfikován:C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce dezinfikován:C:\Users\stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce dezinfikován:C:\Users\stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\90d2900ffa9d378b\user0 - Chrome.lnk
***** [ Plánovač úloh ] *****
***** [ Registry ] *****
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.001
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.z
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[-] Klíč smazán:HKU\S-1-5-21-1186340294-2737021413-1934661414-1000\Software\Jawego
[-] Klíč smazán:HKU\S-1-5-21-1186340294-2737021413-1934661414-1000\Software\PC
[-] Klíč smazán:HKU\S-1-5-21-1186340294-2737021413-1934661414-1000\Software\System Monitor
[#] Klíč smazán po restartování:HKCU\Software\Jawego
[#] Klíč smazán po restartování:HKCU\Software\PC
[#] Klíč smazán po restartování:HKCU\Software\System Monitor
[-] Klíč smazán:HKLM\SOFTWARE\hdcode
[-] Klíč smazán:HKLM\SOFTWARE\Jawego
[-] Klíč smazán:HKLM\SOFTWARE\PC
[-] Klíč smazán:HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Klíč smazán:HKLM\SOFTWARE\WinZiper
[-] Klíč smazán:HKLM\SOFTWARE\WinSaberSvc
[-] Klíč smazán:HKLM\SOFTWARE\System Monitor
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[#] Klíč smazán po restartování:[x64] HKCU\Software\Jawego
[#] Klíč smazán po restartování:[x64] HKCU\Software\PC
[#] Klíč smazán po restartování:[x64] HKCU\Software\System Monitor
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [6450 Bajtů] - [01/10/2016 11:29:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [7000 Bajtů] - [01/10/2016 11:26:35]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6598 Bajtů] ##########
# Aktualizováno dne 14/09/2016 z ToolsLib
# Databáze : 2016-09-30.1 [Server]
# Operační systém : Windows 7 Home Premium Service Pack 1 (X64)
# Uživatelské jméno : stefan - STEFAN-PC
# Beží od : C:\Users\stefan\Desktop\AdwCleaner.exe
# Mod: Čištění
# Podpora : https://toolslib.net/forum
***** [ Služby ] *****
***** [ Adresáře ] *****
[-] Adresář smazán:C:\ProgramData\1winp1
[-] Adresář smazán:C:\ProgramData\CwinpC
[-] Adresář smazán:C:\Users\stefan\AppData\Local\jawego
[-] Adresář smazán:C:\Users\stefan\AppData\Local\hehesevuluiedfebt
[-] Adresář smazán:C:\Users\stefan\AppData\Roaming\WinZiper
[-] Adresář smazán:C:\Users\stefan\AppData\Roaming\PCPRJ
[-] Adresář smazán:C:\Users\stefan\AppData\Roaming\jawego
[-] Adresář smazán:C:\Users\stefan\AppData\Roaming\System Monitor
[-] Adresář smazán:C:\ProgramData\ChelfNotify
[#] Adresář nelze smazat:C:\ProgramData\Application Data\ChelfNotify
[-] Adresář smazán:C:\Program Files (x86)\WinSaber
[-] Adresář smazán:C:\Program Files (x86)\SoEasySvc
[#] Adresář nelze smazat:C:\Program Files (x86)\winsaber
[-] Adresář smazán:C:\extensions
[-] Adresář smazán:C:\Program Files (x86)\Firefox
***** [ Soubory ] *****
[-] Soubor smazán:C:\Windows\SysNative\log\iSafeKrnlCall.log
[-] Soubor smazán:C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\brndejmp.default\invalidprefs.js
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupce ] *****
[-] Zástupce dezinfikován:C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
[-] Zástupce dezinfikován:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[-] Zástupce dezinfikován:C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Zástupce dezinfikován:C:\Users\stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
[-] Zástupce dezinfikován:C:\Users\stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Zástupce dezinfikován:C:\Users\stefan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\90d2900ffa9d378b\user0 - Chrome.lnk
***** [ Plánovač úloh ] *****
***** [ Registry ] *****
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.001
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.7z
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.arj
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.bz2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.bzip2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.cab
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.cpio
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.deb
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.dmg
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.fat
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.gz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.gzip
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.hfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.iso
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lha
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lzh
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.lzma
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.ntfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.rar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.rpm
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.squashfs
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.swm
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.taz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tbz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tbz2
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tgz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.tpz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.txz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.vhd
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.wim
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.xar
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.xz
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.z
[-] Klíč smazán:HKLM\SOFTWARE\Classes\WinZippers.zip
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
[-] Klíč smazán:HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[#] Klíč smazán po restartování:[x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\qkseeService
[-] Klíč smazán:HKU\S-1-5-21-1186340294-2737021413-1934661414-1000\Software\Jawego
[-] Klíč smazán:HKU\S-1-5-21-1186340294-2737021413-1934661414-1000\Software\PC
[-] Klíč smazán:HKU\S-1-5-21-1186340294-2737021413-1934661414-1000\Software\System Monitor
[#] Klíč smazán po restartování:HKCU\Software\Jawego
[#] Klíč smazán po restartování:HKCU\Software\PC
[#] Klíč smazán po restartování:HKCU\Software\System Monitor
[-] Klíč smazán:HKLM\SOFTWARE\hdcode
[-] Klíč smazán:HKLM\SOFTWARE\Jawego
[-] Klíč smazán:HKLM\SOFTWARE\PC
[-] Klíč smazán:HKLM\SOFTWARE\{E6276374-DE18-4AA5-A365-9016A2F98A2D}
[-] Klíč smazán:HKLM\SOFTWARE\WinZiper
[-] Klíč smazán:HKLM\SOFTWARE\WinSaberSvc
[-] Klíč smazán:HKLM\SOFTWARE\System Monitor
[-] Klíč smazán:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[#] Klíč smazán po restartování:[x64] HKCU\Software\Jawego
[#] Klíč smazán po restartování:[x64] HKCU\Software\PC
[#] Klíč smazán po restartování:[x64] HKCU\Software\System Monitor
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Klíč smazán:HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíč smazán
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [6450 Bajtů] - [01/10/2016 11:29:09]
C:\AdwCleaner\AdwCleaner[S0].txt - [7000 Bajtů] - [01/10/2016 11:26:35]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6598 Bajtů] ##########
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: viry
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
postomlatic
- Návštěvník
- Příspěvky: 6
- Registrován: 01 říj 2016 09:23
Re: viry
Logfile of random's system information tool 1.10 (written by random/random)
Run by stefan at 2016-10-01 12:47:45
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 414 GB (89%) free of 464 GB
Total RAM: 3764 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:05, on 1.10.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\stefan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10511 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 37814400
\??\C:\Windows\system32\conhost.exe "-938900548-35108052976580338647237768-14117446861778871857-690904893-1576038364
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Users\stefan\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\brndejmp.default
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-19 948792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-19 713440]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL [2012-10-01 1720976]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-20 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-20 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-20 416024]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-28 2723624]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-09 11860072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\stefan\AppData\Roaming\Seznam.cz\szninstall.exe -c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\stefan\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files (x86)\Launch Manager\LManager.exe [2011-04-19 1097808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management]
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~2\Acer\ACERVC~1\AcerVCM.exe [2011-05-12 723560]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-09-12 9107616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-10 389632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-10-01 12:47:45 ----D---- C:\rsit
2016-10-01 12:47:45 ----D---- C:\Program Files\trend micro
2016-10-01 11:24:53 ----D---- C:\AdwCleaner
2016-09-30 18:19:30 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-09-30 18:19:08 ----D---- C:\ProgramData\Malwarebytes
2016-09-30 18:19:08 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-09-30 17:47:45 ----D---- C:\FRST
2016-09-29 17:03:16 ----D---- C:\Users\stefan\AppData\Roaming\vlc
2016-09-29 17:00:42 ----D---- C:\Program Files\VideoLAN
2016-09-28 19:53:12 ----D---- C:\Program Files\CCleaner
2016-09-28 19:47:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-28 19:47:34 ----D---- C:\Program Files\Mozilla Firefox
2016-09-27 22:00:34 ----A---- C:\Windows\system32\aswBoot.exe
2016-09-26 23:11:24 ----D---- C:\ProgramData\FileFinder
2016-09-26 23:10:45 ----D---- C:\ProgramData\Webitar Production Inc
2016-09-23 22:22:30 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-09-13 21:43:37 ----D---- C:\Users\stefan\AppData\Roaming\Mozilla
2016-09-13 21:42:45 ----A---- C:\Windows\SYSWOW64\ssinstall-uninstall.bat
2016-09-13 21:42:43 ----A---- C:\Windows\SYSWOW64\ssins.exe
2016-09-13 21:26:29 ----A---- C:\Windows\wininit.ini
2016-09-13 13:59:27 ----D---- C:\Windows\pss
2016-09-13 13:24:18 ----D---- C:\Users\stefan\AppData\Roaming\Seznam Browser
======List of files/folders modified in the last 1 month======
2016-10-01 12:47:45 ----RD---- C:\Program Files
2016-10-01 11:37:29 ----D---- C:\Windows\Temp
2016-10-01 11:32:49 ----A---- C:\Windows\SYSWOW64\log.txt
2016-10-01 11:29:04 ----D---- C:\Windows\system32\Tasks
2016-10-01 11:29:03 ----RD---- C:\Program Files (x86)
2016-10-01 11:29:03 ----D---- C:\Windows\system32\log
2016-10-01 11:29:02 ----HD---- C:\ProgramData
2016-10-01 10:10:39 ----D---- C:\Windows
2016-09-30 18:57:53 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-30 18:57:11 ----SD---- C:\ProgramData\Microsoft
2016-09-30 18:57:11 ----D---- C:\Windows\System32
2016-09-30 18:57:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2016-09-30 18:48:13 ----D---- C:\Windows\system32\wdi
2016-09-30 18:45:39 ----D---- C:\Windows\system32\drivers
2016-09-30 18:45:39 ----D---- C:\Windows\Logs
2016-09-30 18:43:45 ----D---- C:\ProgramData\boost_interprocess
2016-09-30 18:23:04 ----D---- C:\Windows\SysWOW64
2016-09-30 15:17:07 ----D---- C:\Windows\system32\catroot2
2016-09-29 20:57:28 ----D---- C:\Windows\system32\drivers\etc
2016-09-29 16:59:24 ----D---- C:\Windows\inf
2016-09-29 16:59:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-09-28 21:41:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-09-28 21:41:15 ----D---- C:\Windows\system32\Macromed
2016-09-28 21:41:12 ----D---- C:\Windows\SYSWOW64\Macromed
2016-09-28 21:36:42 ----SHD---- C:\Windows\Installer
2016-09-28 21:36:36 ----SHD---- C:\System Volume Information
2016-09-28 19:57:52 ----D---- C:\Windows\Tasks
2016-09-28 19:57:52 ----D---- C:\Program Files (x86)\Google
2016-09-28 19:54:17 ----D---- C:\Windows\Panther
2016-09-28 19:54:14 ----D---- C:\Windows\SoftwareDistribution
2016-09-28 19:54:14 ----D---- C:\Windows\debug
2016-09-28 19:41:54 ----D---- C:\Users\stefan\AppData\Roaming\Seznam.cz
2016-09-28 19:41:49 ----D---- C:\Program Files (x86)\Seznam.cz
2016-09-28 08:02:19 ----D---- C:\Windows\system32\LogFiles
2016-09-27 23:07:11 ----HD---- C:\OEM
2016-09-27 22:37:05 ----D---- C:\Windows\system32\config
2016-09-27 21:57:50 ----D---- C:\Windows\system32\wfp
2016-09-27 21:57:45 ----D---- C:\Windows\system32\wbem
2016-09-27 21:57:08 ----D---- C:\Windows\system32\DriverStore
2016-09-27 21:57:07 ----D---- C:\Windows\system32\CodeIntegrity
2016-09-27 21:57:07 ----D---- C:\Windows\AppCompat
2016-09-27 21:57:07 ----D---- C:\Users\stefan\AppData\Roaming\Skype
2016-09-27 21:57:05 ----D---- C:\ProgramData\Skype
2016-09-27 21:56:56 ----RD---- C:\Program Files (x86)\Skype
2016-09-27 21:56:54 ----D---- C:\Program Files (x86)\Launch Manager
2016-09-27 21:56:54 ----D---- C:\Program Files (x86)\Common Files
2016-09-27 21:56:48 ----D---- C:\Windows\registration
2016-09-27 21:46:23 ----D---- C:\Windows\Prefetch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-08-19 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-08-19 292704]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-08-19 37144]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-08-19 453192]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-08-19 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-09-13 969184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-09-22 513632]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-08-19 108816]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-08-19 163416]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2016-07-28 28312]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-03-01 4720704]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-10 12230912]
R3 Impcd;Impcd; C:\Windows\system32\drivers\Impcd.sys [2010-02-26 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-14 2899176]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-10-01 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 64896]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-28 1417776]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-08-19 37656]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2016-08-04 22704]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-24 81088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-08-19 197128]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-08-19 223600]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-04-19 353872]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2010-05-20 110736]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-09-16 325656]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-07-25 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-28 270016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2016-07-13 655624]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-07-13 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-09-22 197576]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
-----------------EOF-----------------
Run by stefan at 2016-10-01 12:47:45
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 414 GB (89%) free of 464 GB
Total RAM: 3764 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:48:05, on 1.10.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\stefan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10511 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 37814400
\??\C:\Windows\system32\conhost.exe "-938900548-35108052976580338647237768-14117446861778871857-690904893-1576038364
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Users\stefan\Desktop\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\brndejmp.default
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-19 948792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-19 713440]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL [2012-10-01 1720976]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-20 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-20 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-20 416024]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-28 2723624]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-09 11860072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\stefan\AppData\Roaming\Seznam.cz\szninstall.exe -c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\stefan\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files (x86)\Launch Manager\LManager.exe [2011-04-19 1097808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management]
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~2\Acer\ACERVC~1\AcerVCM.exe [2011-05-12 723560]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-09-12 9107616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-10 389632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-10-01 12:47:45 ----D---- C:\rsit
2016-10-01 12:47:45 ----D---- C:\Program Files\trend micro
2016-10-01 11:24:53 ----D---- C:\AdwCleaner
2016-09-30 18:19:30 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-09-30 18:19:08 ----D---- C:\ProgramData\Malwarebytes
2016-09-30 18:19:08 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-09-30 17:47:45 ----D---- C:\FRST
2016-09-29 17:03:16 ----D---- C:\Users\stefan\AppData\Roaming\vlc
2016-09-29 17:00:42 ----D---- C:\Program Files\VideoLAN
2016-09-28 19:53:12 ----D---- C:\Program Files\CCleaner
2016-09-28 19:47:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-28 19:47:34 ----D---- C:\Program Files\Mozilla Firefox
2016-09-27 22:00:34 ----A---- C:\Windows\system32\aswBoot.exe
2016-09-26 23:11:24 ----D---- C:\ProgramData\FileFinder
2016-09-26 23:10:45 ----D---- C:\ProgramData\Webitar Production Inc
2016-09-23 22:22:30 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-09-13 21:43:37 ----D---- C:\Users\stefan\AppData\Roaming\Mozilla
2016-09-13 21:42:45 ----A---- C:\Windows\SYSWOW64\ssinstall-uninstall.bat
2016-09-13 21:42:43 ----A---- C:\Windows\SYSWOW64\ssins.exe
2016-09-13 21:26:29 ----A---- C:\Windows\wininit.ini
2016-09-13 13:59:27 ----D---- C:\Windows\pss
2016-09-13 13:24:18 ----D---- C:\Users\stefan\AppData\Roaming\Seznam Browser
======List of files/folders modified in the last 1 month======
2016-10-01 12:47:45 ----RD---- C:\Program Files
2016-10-01 11:37:29 ----D---- C:\Windows\Temp
2016-10-01 11:32:49 ----A---- C:\Windows\SYSWOW64\log.txt
2016-10-01 11:29:04 ----D---- C:\Windows\system32\Tasks
2016-10-01 11:29:03 ----RD---- C:\Program Files (x86)
2016-10-01 11:29:03 ----D---- C:\Windows\system32\log
2016-10-01 11:29:02 ----HD---- C:\ProgramData
2016-10-01 10:10:39 ----D---- C:\Windows
2016-09-30 18:57:53 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-30 18:57:11 ----SD---- C:\ProgramData\Microsoft
2016-09-30 18:57:11 ----D---- C:\Windows\System32
2016-09-30 18:57:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2016-09-30 18:48:13 ----D---- C:\Windows\system32\wdi
2016-09-30 18:45:39 ----D---- C:\Windows\system32\drivers
2016-09-30 18:45:39 ----D---- C:\Windows\Logs
2016-09-30 18:43:45 ----D---- C:\ProgramData\boost_interprocess
2016-09-30 18:23:04 ----D---- C:\Windows\SysWOW64
2016-09-30 15:17:07 ----D---- C:\Windows\system32\catroot2
2016-09-29 20:57:28 ----D---- C:\Windows\system32\drivers\etc
2016-09-29 16:59:24 ----D---- C:\Windows\inf
2016-09-29 16:59:24 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-09-28 21:41:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-09-28 21:41:15 ----D---- C:\Windows\system32\Macromed
2016-09-28 21:41:12 ----D---- C:\Windows\SYSWOW64\Macromed
2016-09-28 21:36:42 ----SHD---- C:\Windows\Installer
2016-09-28 21:36:36 ----SHD---- C:\System Volume Information
2016-09-28 19:57:52 ----D---- C:\Windows\Tasks
2016-09-28 19:57:52 ----D---- C:\Program Files (x86)\Google
2016-09-28 19:54:17 ----D---- C:\Windows\Panther
2016-09-28 19:54:14 ----D---- C:\Windows\SoftwareDistribution
2016-09-28 19:54:14 ----D---- C:\Windows\debug
2016-09-28 19:41:54 ----D---- C:\Users\stefan\AppData\Roaming\Seznam.cz
2016-09-28 19:41:49 ----D---- C:\Program Files (x86)\Seznam.cz
2016-09-28 08:02:19 ----D---- C:\Windows\system32\LogFiles
2016-09-27 23:07:11 ----HD---- C:\OEM
2016-09-27 22:37:05 ----D---- C:\Windows\system32\config
2016-09-27 21:57:50 ----D---- C:\Windows\system32\wfp
2016-09-27 21:57:45 ----D---- C:\Windows\system32\wbem
2016-09-27 21:57:08 ----D---- C:\Windows\system32\DriverStore
2016-09-27 21:57:07 ----D---- C:\Windows\system32\CodeIntegrity
2016-09-27 21:57:07 ----D---- C:\Windows\AppCompat
2016-09-27 21:57:07 ----D---- C:\Users\stefan\AppData\Roaming\Skype
2016-09-27 21:57:05 ----D---- C:\ProgramData\Skype
2016-09-27 21:56:56 ----RD---- C:\Program Files (x86)\Skype
2016-09-27 21:56:54 ----D---- C:\Program Files (x86)\Launch Manager
2016-09-27 21:56:54 ----D---- C:\Program Files (x86)\Common Files
2016-09-27 21:56:48 ----D---- C:\Windows\registration
2016-09-27 21:46:23 ----D---- C:\Windows\Prefetch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-08-19 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-08-19 292704]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-08-19 37144]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-08-19 453192]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-08-19 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-09-13 969184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-09-22 513632]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-08-19 108816]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-08-19 163416]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2016-07-28 28312]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-03-01 4720704]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-10 12230912]
R3 Impcd;Impcd; C:\Windows\system32\drivers\Impcd.sys [2010-02-26 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-14 2899176]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-10-01 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 64896]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-28 1417776]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-08-19 37656]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2016-08-04 22704]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-24 81088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-08-19 197128]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-08-19 223600]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-04-19 353872]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2010-05-20 110736]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-09-16 325656]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-07-25 324224]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-28 270016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2016-07-13 655624]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-07-13 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-09-22 197576]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: viry
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
postomlatic
- Návštěvník
- Příspěvky: 6
- Registrován: 01 říj 2016 09:23
Re: viry
Logfile of random's system information tool 1.10 (written by random/random)
Run by stefan at 2016-10-02 09:06:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 412 GB (89%) free of 464 GB
Total RAM: 3764 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:58, on 2.10.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\stefan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10510 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 4381600
\??\C:\Windows\system32\conhost.exe "-1895687462-622592359-3507868001059022342-1676623589945027389676471-21211079
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
taskeng.exe {317D8981-F56D-481F-A666-0379189C89FD}
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\stefan\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\brndejmp.default
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-19 948792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-19 713440]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL [2012-10-01 1720976]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-20 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-20 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-20 416024]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-28 2723624]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-09 11860072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\stefan\AppData\Roaming\Seznam.cz\szninstall.exe -c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\stefan\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files (x86)\Launch Manager\LManager.exe [2011-04-19 1097808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management]
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~2\Acer\ACERVC~1\AcerVCM.exe [2011-05-12 723560]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-09-12 9107616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-10 389632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-10-02 09:03:05 ----D---- C:\_OTM
2016-10-01 12:47:45 ----D---- C:\rsit
2016-10-01 12:47:45 ----D---- C:\Program Files\trend micro
2016-10-01 11:24:53 ----D---- C:\AdwCleaner
2016-09-30 18:19:30 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-09-30 18:19:08 ----D---- C:\ProgramData\Malwarebytes
2016-09-30 18:19:08 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-09-30 17:47:45 ----D---- C:\FRST
2016-09-29 17:03:16 ----D---- C:\Users\stefan\AppData\Roaming\vlc
2016-09-29 17:00:42 ----D---- C:\Program Files\VideoLAN
2016-09-28 19:53:12 ----D---- C:\Program Files\CCleaner
2016-09-28 19:47:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-28 19:47:34 ----D---- C:\Program Files\Mozilla Firefox
2016-09-27 22:00:34 ----A---- C:\Windows\system32\aswBoot.exe
2016-09-26 23:11:24 ----D---- C:\ProgramData\FileFinder
2016-09-26 23:10:45 ----D---- C:\ProgramData\Webitar Production Inc
2016-09-23 22:22:30 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-09-13 21:43:37 ----D---- C:\Users\stefan\AppData\Roaming\Mozilla
2016-09-13 21:42:45 ----A---- C:\Windows\SYSWOW64\ssinstall-uninstall.bat
2016-09-13 21:42:43 ----A---- C:\Windows\SYSWOW64\ssins.exe
2016-09-13 21:26:29 ----A---- C:\Windows\wininit.ini
2016-09-13 13:59:27 ----D---- C:\Windows\pss
2016-09-13 13:24:18 ----D---- C:\Users\stefan\AppData\Roaming\Seznam Browser
======List of files/folders modified in the last 1 month======
2016-10-02 09:06:58 ----D---- C:\Windows\Prefetch
2016-10-02 09:06:48 ----D---- C:\Windows\Temp
2016-10-02 09:04:26 ----A---- C:\Windows\SYSWOW64\log.txt
2016-10-01 17:03:19 ----D---- C:\Windows\System32
2016-10-01 17:03:19 ----D---- C:\Windows\inf
2016-10-01 17:03:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-10-01 16:55:18 ----D---- C:\marek
2016-10-01 16:51:40 ----D---- C:\Windows\system32\drivers
2016-10-01 16:31:38 ----D---- C:\Windows\system32\config
2016-10-01 12:47:45 ----RD---- C:\Program Files
2016-10-01 11:29:04 ----D---- C:\Windows\system32\Tasks
2016-10-01 11:29:03 ----RD---- C:\Program Files (x86)
2016-10-01 11:29:03 ----D---- C:\Windows\system32\log
2016-10-01 11:29:02 ----HD---- C:\ProgramData
2016-10-01 10:10:39 ----D---- C:\Windows
2016-09-30 18:57:53 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-30 18:57:11 ----SD---- C:\ProgramData\Microsoft
2016-09-30 18:57:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2016-09-30 18:48:13 ----D---- C:\Windows\system32\wdi
2016-09-30 18:45:39 ----D---- C:\Windows\Logs
2016-09-30 18:43:45 ----D---- C:\ProgramData\boost_interprocess
2016-09-30 18:23:04 ----D---- C:\Windows\SysWOW64
2016-09-30 15:17:07 ----D---- C:\Windows\system32\catroot2
2016-09-29 20:57:28 ----D---- C:\Windows\system32\drivers\etc
2016-09-28 21:41:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-09-28 21:41:15 ----D---- C:\Windows\system32\Macromed
2016-09-28 21:41:12 ----D---- C:\Windows\SYSWOW64\Macromed
2016-09-28 21:36:42 ----SHD---- C:\Windows\Installer
2016-09-28 21:36:36 ----SHD---- C:\System Volume Information
2016-09-28 19:57:52 ----D---- C:\Windows\Tasks
2016-09-28 19:57:52 ----D---- C:\Program Files (x86)\Google
2016-09-28 19:54:17 ----D---- C:\Windows\Panther
2016-09-28 19:54:14 ----D---- C:\Windows\SoftwareDistribution
2016-09-28 19:54:14 ----D---- C:\Windows\debug
2016-09-28 19:41:54 ----D---- C:\Users\stefan\AppData\Roaming\Seznam.cz
2016-09-28 19:41:49 ----D---- C:\Program Files (x86)\Seznam.cz
2016-09-28 08:02:19 ----D---- C:\Windows\system32\LogFiles
2016-09-27 23:07:11 ----HD---- C:\OEM
2016-09-27 21:57:50 ----D---- C:\Windows\system32\wfp
2016-09-27 21:57:45 ----D---- C:\Windows\system32\wbem
2016-09-27 21:57:08 ----D---- C:\Windows\system32\DriverStore
2016-09-27 21:57:07 ----D---- C:\Windows\system32\CodeIntegrity
2016-09-27 21:57:07 ----D---- C:\Windows\AppCompat
2016-09-27 21:57:07 ----D---- C:\Users\stefan\AppData\Roaming\Skype
2016-09-27 21:57:05 ----D---- C:\ProgramData\Skype
2016-09-27 21:56:56 ----RD---- C:\Program Files (x86)\Skype
2016-09-27 21:56:54 ----D---- C:\Program Files (x86)\Launch Manager
2016-09-27 21:56:54 ----D---- C:\Program Files (x86)\Common Files
2016-09-27 21:56:48 ----D---- C:\Windows\registration
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-08-19 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-08-19 292704]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-08-19 37144]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-08-19 453192]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-08-19 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-09-13 969184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-09-22 513632]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-08-19 108816]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-08-19 163416]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2016-07-28 28312]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-03-01 4720704]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-10 12230912]
R3 Impcd;Impcd; C:\Windows\system32\drivers\Impcd.sys [2010-02-26 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-14 2899176]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-10-02 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 64896]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-28 1417776]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-08-19 37656]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2016-08-04 22704]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-24 81088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-08-19 197128]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-08-19 223600]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-04-19 353872]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-07-25 324224]
S2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2010-05-20 110736]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-09-16 325656]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-28 270016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2016-07-13 655624]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-07-13 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-09-22 197576]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
-----------------EOF-----------------
Run by stefan at 2016-10-02 09:06:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 412 GB (89%) free of 464 GB
Total RAM: 3764 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:06:58, on 2.10.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\trend micro\stefan.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10510 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 4381600
\??\C:\Windows\system32\conhost.exe "-1895687462-622592359-3507868001059022342-1676623589945027389676471-21211079
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
taskeng.exe {317D8981-F56D-481F-A666-0379189C89FD}
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}" --enable-wmi-window
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe"
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe" /starttray
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\stefan\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\stefan\AppData\Roaming\Mozilla\Firefox\Profiles\brndejmp.default
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"sp@avast.com"=C:\Program Files\AVAST Software\Avast\SafePrice\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@garmin.com/GpsControl]
"Description"=Garmin GPS Control for Firefox
"Path"=C:\Program Files\Garmin GPS Plugin\npGarmin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.2.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01 205416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-08-19 948792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2012-10-01 877720]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2012-10-01 2322576]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01 139368]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-08-19 713440]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL [2012-10-01 704664]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL [2012-10-01 1720976]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-20 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-20 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-20 416024]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-28 2723624]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-09 11860072]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate]
C:\Users\stefan\AppData\Roaming\Seznam.cz\szninstall.exe -c []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
C:\Users\stefan\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe -q []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files (x86)\Launch Manager\LManager.exe [2011-04-19 1097808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management]
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-05-10 1831528]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce]
C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall]
C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [2015-07-28 1011200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
C:\PROGRA~2\Acer\ACERVC~1\AcerVCM.exe [2011-05-12 723560]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-09-12 9107616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-10 389632]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-10-02 09:03:05 ----D---- C:\_OTM
2016-10-01 12:47:45 ----D---- C:\rsit
2016-10-01 12:47:45 ----D---- C:\Program Files\trend micro
2016-10-01 11:24:53 ----D---- C:\AdwCleaner
2016-09-30 18:19:30 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2016-09-30 18:19:08 ----D---- C:\ProgramData\Malwarebytes
2016-09-30 18:19:08 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mwac.sys
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2016-09-30 18:19:08 ----A---- C:\Windows\system32\drivers\mbam.sys
2016-09-30 17:47:45 ----D---- C:\FRST
2016-09-29 17:03:16 ----D---- C:\Users\stefan\AppData\Roaming\vlc
2016-09-29 17:00:42 ----D---- C:\Program Files\VideoLAN
2016-09-28 19:53:12 ----D---- C:\Program Files\CCleaner
2016-09-28 19:47:51 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-28 19:47:34 ----D---- C:\Program Files\Mozilla Firefox
2016-09-27 22:00:34 ----A---- C:\Windows\system32\aswBoot.exe
2016-09-26 23:11:24 ----D---- C:\ProgramData\FileFinder
2016-09-26 23:10:45 ----D---- C:\ProgramData\Webitar Production Inc
2016-09-23 22:22:30 ----D---- C:\Program Files (x86)\Mozilla Firefox
2016-09-13 21:43:37 ----D---- C:\Users\stefan\AppData\Roaming\Mozilla
2016-09-13 21:42:45 ----A---- C:\Windows\SYSWOW64\ssinstall-uninstall.bat
2016-09-13 21:42:43 ----A---- C:\Windows\SYSWOW64\ssins.exe
2016-09-13 21:26:29 ----A---- C:\Windows\wininit.ini
2016-09-13 13:59:27 ----D---- C:\Windows\pss
2016-09-13 13:24:18 ----D---- C:\Users\stefan\AppData\Roaming\Seznam Browser
======List of files/folders modified in the last 1 month======
2016-10-02 09:06:58 ----D---- C:\Windows\Prefetch
2016-10-02 09:06:48 ----D---- C:\Windows\Temp
2016-10-02 09:04:26 ----A---- C:\Windows\SYSWOW64\log.txt
2016-10-01 17:03:19 ----D---- C:\Windows\System32
2016-10-01 17:03:19 ----D---- C:\Windows\inf
2016-10-01 17:03:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-10-01 16:55:18 ----D---- C:\marek
2016-10-01 16:51:40 ----D---- C:\Windows\system32\drivers
2016-10-01 16:31:38 ----D---- C:\Windows\system32\config
2016-10-01 12:47:45 ----RD---- C:\Program Files
2016-10-01 11:29:04 ----D---- C:\Windows\system32\Tasks
2016-10-01 11:29:03 ----RD---- C:\Program Files (x86)
2016-10-01 11:29:03 ----D---- C:\Windows\system32\log
2016-10-01 11:29:02 ----HD---- C:\ProgramData
2016-10-01 10:10:39 ----D---- C:\Windows
2016-09-30 18:57:53 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-30 18:57:11 ----SD---- C:\ProgramData\Microsoft
2016-09-30 18:57:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2016-09-30 18:48:13 ----D---- C:\Windows\system32\wdi
2016-09-30 18:45:39 ----D---- C:\Windows\Logs
2016-09-30 18:43:45 ----D---- C:\ProgramData\boost_interprocess
2016-09-30 18:23:04 ----D---- C:\Windows\SysWOW64
2016-09-30 15:17:07 ----D---- C:\Windows\system32\catroot2
2016-09-29 20:57:28 ----D---- C:\Windows\system32\drivers\etc
2016-09-28 21:41:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-09-28 21:41:15 ----D---- C:\Windows\system32\Macromed
2016-09-28 21:41:12 ----D---- C:\Windows\SYSWOW64\Macromed
2016-09-28 21:36:42 ----SHD---- C:\Windows\Installer
2016-09-28 21:36:36 ----SHD---- C:\System Volume Information
2016-09-28 19:57:52 ----D---- C:\Windows\Tasks
2016-09-28 19:57:52 ----D---- C:\Program Files (x86)\Google
2016-09-28 19:54:17 ----D---- C:\Windows\Panther
2016-09-28 19:54:14 ----D---- C:\Windows\SoftwareDistribution
2016-09-28 19:54:14 ----D---- C:\Windows\debug
2016-09-28 19:41:54 ----D---- C:\Users\stefan\AppData\Roaming\Seznam.cz
2016-09-28 19:41:49 ----D---- C:\Program Files (x86)\Seznam.cz
2016-09-28 08:02:19 ----D---- C:\Windows\system32\LogFiles
2016-09-27 23:07:11 ----HD---- C:\OEM
2016-09-27 21:57:50 ----D---- C:\Windows\system32\wfp
2016-09-27 21:57:45 ----D---- C:\Windows\system32\wbem
2016-09-27 21:57:08 ----D---- C:\Windows\system32\DriverStore
2016-09-27 21:57:07 ----D---- C:\Windows\system32\CodeIntegrity
2016-09-27 21:57:07 ----D---- C:\Windows\AppCompat
2016-09-27 21:57:07 ----D---- C:\Users\stefan\AppData\Roaming\Skype
2016-09-27 21:57:05 ----D---- C:\ProgramData\Skype
2016-09-27 21:56:56 ----RD---- C:\Program Files (x86)\Skype
2016-09-27 21:56:54 ----D---- C:\Program Files (x86)\Launch Manager
2016-09-27 21:56:54 ----D---- C:\Program Files (x86)\Common Files
2016-09-27 21:56:48 ----D---- C:\Windows\registration
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-08-19 74544]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-08-19 292704]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-11-05 438808]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-08-19 37144]
R1 aswNetSec;aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [2016-08-19 453192]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-08-19 103064]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-09-13 969184]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-09-22 513632]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-08-19 108816]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-08-19 163416]
R3 aswNetNd6;Avast Firewall NDIS6 Helper; C:\Windows\system32\DRIVERS\aswNetNd6.sys [2016-07-28 28312]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-03-01 4720704]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-10 12230912]
R3 Impcd;Impcd; C:\Windows\system32\drivers\Impcd.sys [2010-02-26 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-14 2899176]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2016-03-10 27008]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2016-10-02 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2016-03-10 64896]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-03-10 18432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-28 1417776]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-03-10 17408]
S3 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-08-19 37656]
S3 EsgScanner;EsgScanner; C:\Windows\system32\DRIVERS\EsgScanner.sys [2016-08-04 22704]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-09-24 81088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-08-19 197128]
R2 avast! Firewall;Avast Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2016-08-19 223600]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-04-19 353872]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-03-10 1136608]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-03-10 1514464]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2010-03-11 193824]
R2 RS_Service;Raw Socket Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-30 260640]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-07-25 324224]
S2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2010-05-20 110736]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-09-16 325656]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-09-16 2538520]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-28 270016]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2016-07-13 655624]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2016-07-13 114688]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-09-22 197576]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: viry
Smazáno. Log by již měl být OK.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
postomlatic
- Návštěvník
- Příspěvky: 6
- Registrován: 01 říj 2016 09:23
Re: viry
Díky za pomoc,
PC teď funguje jak má. Ještě bych se zeptal na položky v RSIT logu např.
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
Jako laikovi mi přišlo podezřelé že uvádí "Unknown owner" a (file missing) - soubor ale v daném místě existuje?
PC teď funguje jak má. Ještě bych se zeptal na položky v RSIT logu např.
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
Jako laikovi mi přišlo podezřelé že uvádí "Unknown owner" a (file missing) - soubor ale v daném místě existuje?
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: viry
Toto je bug v RSITu, neboť RSIT není programován pro 64b oper. systémy. Lze ho ale používat při dodržení určitých zásad (kromě oper. systému win10, kde muže způsobit poškození. V současné době primárně použíme místo RSIT FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . Akceptuji použití RSIT v případě, že nejde o OS win10. Nemáte zač. 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
postomlatic
- Návštěvník
- Příspěvky: 6
- Registrován: 01 říj 2016 09:23
Re: viry
Díky za vysvětlení a ochotu, vlákno můžete uzamknout.
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: viry
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?