Dobrý den,
kamarád mně poprosil o kontrolu pc, Prosím o kontrolu.
Čištěnění adwcleaner potom rsit.
Děkuji.
# AdwCleaner v6.043 - Log vytvořen 25/02/2017 v 18:57:42
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-02-24.1 [Server]
# Operační systém : Windows 8.1 (X86)
# Uživatelské jméno : Pavel - PAVLŮV-KOMPÍK
# Spuštěno z : C:\Users\Pavel\Desktop\adwcleaner_6.043 (1).exe
# Mod: Skenování
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
Nebyly nalezeny žádné škodlivé služby.
***** [ Složky ] *****
Složka nalezena: C:\ProgramData\WWdMW
Složka nalezena: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
Složka nalezena: C:\Program Files\SlimDrivers
***** [ Soubory ] *****
Nebyly nalezeny žádné škodlivé soubory.
***** [ DLL ] *****
Nebyly nalezeny žádné škodlivé DLL.
***** [ WMI ] *****
Nebyly nalezeny žádné škodlivé klíče.
***** [ Zástupci ] *****
Žádný infikovaný zástupce nenalezen.
***** [ Naplánované úlohy ] *****
Žádná nebezpečná úloha nenalezena.
***** [ Registry ] *****
Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\winzipersvc
Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\PicexaService
Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\mailUpdate
Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WdMan
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.Protector
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Klíč nalezen: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A5457401-D56A-43F2-9524-78E54A7FC07A}
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1047545AA65D2F345942875EA4F70CA7
Klíč nalezen: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1047545AA65D2F345942875EA4F70CA7
Klíč nalezen: HKLM\SOFTWARE\Classes\Installer\Features\1047545AA65D2F345942875EA4F70CA7
Klíč nalezen: HKLM\SOFTWARE\Classes\Installer\Products\1047545AA65D2F345942875EA4F70CA7
Hodnota nalezena: HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SystemCash.exe]
Hodnota nalezena: HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION [SystemCash.exe]
Hodnota nalezena: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Klíč nalezen: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
Klíč nalezen: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
Klíč nalezen: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
***** [ Internetové prohlížeče ] *****
Nebyly nalezeny žádné škodlivé položky prohlížeče Firefox.
Nebyly nalezeny žádné škodlivé položky prohlížeče Chromium.
*************************
C:\AdwCleaner\AdwCleaner[S0].txt - [3292 Bajty] - [25/02/2017 18:57:42]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3365 Bajty] ##########
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomale zpouuštění počítače
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Pomale zpouuštění počítače
Logfile of random's system information tool 1.15 (written by random/random)
Run by Pavel at 2017-02-25 19:22:47
Microsoft Windows 8.1
System drive C: has 273 GB (90%) free of 305 GB
Total RAM: 2047 MB (26% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:22:53, on 25. 2. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\ctfmon.exe
C:\RSIT.exe
C:\Program Files\trend micro\Pavel_RSIT.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 4282 bytes
======Scheduled tasks folder======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1460806864 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\User_Feed_Synchronization-{EAC7A7A7-B93C-43E7-ACE5-A940F3662D66} - C:\Windows\system32\msfeedssync.exe sync
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\SpaceMan.exe /Repair
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB - C:\Windows\system32\MRT.exe /EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x83760002"
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\Windows\system32\MRT.exe /EHB /Q
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskFootprint\StorageSense - %windir%\system32\rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe %windir%\system32\invagent.dll,RunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Google Chrome=========
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.cz/
default_search_provider.search_url:
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-25 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-25 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12021464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-02-25 205512]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2017-02-08 27427808]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-02-08 7347928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-02-25 19:20:05 ----D---- C:\rsit
2017-02-25 19:13:50 ----A---- C:\RSIT.exe
2017-02-25 18:56:07 ----D---- C:\AdwCleaner
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files\Java
2017-02-25 17:48:42 ----D---- C:\ProgramData\SWCUTemp
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbunivx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswblogx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbidshx.sys
2017-02-25 17:42:36 ----A---- C:\Windows\system32\drivers\aswbidsdriverx.sys
2017-02-25 17:42:15 ----A---- C:\Windows\system32\aswBoot.exe
2017-02-25 16:01:35 ----A---- C:\Windows\system32\aspnet_counters.dll
2017-02-25 16:01:32 ----A---- C:\Windows\system32\msvcp120_clr0400.dll
2017-02-25 16:01:27 ----A---- C:\Windows\system32\msvcr120_clr0400.dll
2017-02-16 20:30:22 ----A---- C:\Windows\system32\shell32.dll
2017-02-16 20:30:21 ----A---- C:\Windows\system32\twinui.dll
2017-02-16 20:30:20 ----A---- C:\Windows\system32\RestoreOptIn.exe
2017-02-16 20:30:20 ----A---- C:\Windows\explorer.exe
2017-02-16 20:30:08 ----A---- C:\Windows\system32\mshtml.dll
2017-02-16 20:30:07 ----A---- C:\Windows\system32\ieframe.dll
2017-02-16 20:30:06 ----A---- C:\Windows\system32\win32k.sys
2017-02-16 20:30:06 ----A---- C:\Windows\system32\jscript9.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\wininet.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\rdpcorets.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\msi.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\Windows.Globalization.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-02-16 20:30:03 ----A---- C:\Windows\system32\crypt32.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\authui.dll
2017-02-16 20:30:02 ----A---- C:\Windows\system32\drivers\http.sys
2017-02-16 20:30:02 ----A---- C:\Windows\system32\dnsapi.dll
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\cng.sys
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\clfs.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\wintrust.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\user32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\gdi32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\storport.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\spaceport.sys
2017-02-16 20:29:59 ----A---- C:\Windows\system32\TpmTasks.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\shsetup.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\d3d10level9.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\bcrypt.dll
2017-02-16 20:29:58 ----A---- C:\Windows\system32\ActionQueue.dll
2017-02-16 20:29:53 ----A---- C:\Windows\system32\urlmon.dll
2017-02-16 20:29:52 ----A---- C:\Windows\system32\apisetschema.dll
2017-02-16 20:29:51 ----A---- C:\Windows\system32\jscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\vbscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\msfeeds.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\inetcomm.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\ieapfltr.dll
2017-02-04 09:23:14 ----D---- C:\Program Files\Common Files\Skype
======List of files/folders modified in the last 1 month======
2017-02-25 19:22:52 ----D---- C:\Program Files\trend micro
2017-02-25 19:22:44 ----D---- C:\Windows\Temp
2017-02-25 19:20:16 ----D---- C:\Windows\Prefetch
2017-02-25 19:18:33 ----D---- C:\Windows\system32\config
2017-02-25 19:17:31 ----D---- C:\Windows\inf
2017-02-25 19:17:31 ----D---- C:\Windows\debug
2017-02-25 19:17:31 ----D---- C:\Windows
2017-02-25 19:13:38 ----SHD---- C:\Windows\Installer
2017-02-25 19:13:38 ----HD---- C:\ProgramData
2017-02-25 19:13:38 ----D---- C:\Program Files\Google
2017-02-25 19:13:05 ----RD---- C:\Windows\System32
2017-02-25 19:12:41 ----SHD---- C:\System Volume Information
2017-02-25 19:12:11 ----D---- C:\Program Files\Java
2017-02-25 19:06:12 ----D---- C:\Users\Pavel\AppData\Roaming\TeamViewer
2017-02-25 19:04:56 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2017-02-25 19:00:00 ----D---- C:\Windows\system32\sru
2017-02-25 18:58:12 ----RD---- C:\Program Files
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files
2017-02-25 18:03:52 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2017-02-25 17:47:14 ----D---- C:\Windows\system32\Tasks
2017-02-25 17:46:11 ----D---- C:\Windows\system32\Drivers
2017-02-25 17:35:01 ----D---- C:\Windows\Microsoft.NET
2017-02-25 17:33:08 ----RD---- C:\Windows\assembly
2017-02-25 16:36:03 ----D---- C:\Windows\WinSxS
2017-02-25 16:35:53 ----D---- C:\Windows\Logs
2017-02-25 16:35:41 ----D---- C:\Windows\system32\DriverStore
2017-02-25 16:31:23 ----RD---- C:\Windows\ToastData
2017-02-25 16:31:22 ----D---- C:\Windows\system32\cs-CZ
2017-02-25 16:31:20 ----D---- C:\Windows\system32\oobe
2017-02-25 16:07:48 ----D---- C:\Windows\system32\MRT
2017-02-25 16:04:10 ----AC---- C:\Windows\system32\MRT.exe
2017-02-25 16:03:54 ----D---- C:\Windows\CbsTemp
2017-02-25 10:33:05 ----D---- C:\Windows\system32\catroot2
2017-02-23 15:37:17 ----D---- C:\Windows\Tasks
2017-02-23 15:37:14 ----D---- C:\Windows\system32\Macromed
2017-02-23 15:31:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-20 16:47:01 ----D---- C:\ProgramData\Skype
2017-02-06 20:41:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-02-04 09:23:14 ----RD---- C:\Program Files\Skype
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2017-02-25 148720]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2017-02-25 267016]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2017-02-25 41176]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-02-25 61128]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-02-25 277176]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2017-02-25 257288]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-02-25 31064]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-02-25 90336]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-02-25 754664]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-02-25 463936]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-02-25 106392]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3125592]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2000-01-01 732888]
S1 MpKsl2154706d;MpKsl2154706d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl2154706d.sys [2015-01-28 29904]
S1 MpKsl253ff5c3;MpKsl253ff5c3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl253ff5c3.sys [2015-01-28 29904]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-02-25 118288]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-02-25 34136]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 37888]
S3 WDC_SAM;@oem14.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-04-29 20256]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-02-25 262736]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-01-16 317400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23 272984]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2017-02-25 5541048]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation;"ServiceDll"=%SystemRoot%\System32\BthHFSrv.dll
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
-----------------EOF-----------------
Run by Pavel at 2017-02-25 19:22:47
Microsoft Windows 8.1
System drive C: has 273 GB (90%) free of 305 GB
Total RAM: 2047 MB (26% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:22:53, on 25. 2. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\ctfmon.exe
C:\RSIT.exe
C:\Program Files\trend micro\Pavel_RSIT.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 4282 bytes
======Scheduled tasks folder======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1460806864 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\User_Feed_Synchronization-{EAC7A7A7-B93C-43E7-ACE5-A940F3662D66} - C:\Windows\system32\msfeedssync.exe sync
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\SpaceMan.exe /Repair
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB - C:\Windows\system32\MRT.exe /EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x83760002"
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\Windows\system32\MRT.exe /EHB /Q
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskFootprint\StorageSense - %windir%\system32\rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe %windir%\system32\invagent.dll,RunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Google Chrome=========
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.cz/
default_search_provider.search_url:
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-25 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-25 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12021464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-02-25 205512]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2017-02-08 27427808]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-02-08 7347928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-02-25 19:20:05 ----D---- C:\rsit
2017-02-25 19:13:50 ----A---- C:\RSIT.exe
2017-02-25 18:56:07 ----D---- C:\AdwCleaner
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files\Java
2017-02-25 17:48:42 ----D---- C:\ProgramData\SWCUTemp
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbunivx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswblogx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbidshx.sys
2017-02-25 17:42:36 ----A---- C:\Windows\system32\drivers\aswbidsdriverx.sys
2017-02-25 17:42:15 ----A---- C:\Windows\system32\aswBoot.exe
2017-02-25 16:01:35 ----A---- C:\Windows\system32\aspnet_counters.dll
2017-02-25 16:01:32 ----A---- C:\Windows\system32\msvcp120_clr0400.dll
2017-02-25 16:01:27 ----A---- C:\Windows\system32\msvcr120_clr0400.dll
2017-02-16 20:30:22 ----A---- C:\Windows\system32\shell32.dll
2017-02-16 20:30:21 ----A---- C:\Windows\system32\twinui.dll
2017-02-16 20:30:20 ----A---- C:\Windows\system32\RestoreOptIn.exe
2017-02-16 20:30:20 ----A---- C:\Windows\explorer.exe
2017-02-16 20:30:08 ----A---- C:\Windows\system32\mshtml.dll
2017-02-16 20:30:07 ----A---- C:\Windows\system32\ieframe.dll
2017-02-16 20:30:06 ----A---- C:\Windows\system32\win32k.sys
2017-02-16 20:30:06 ----A---- C:\Windows\system32\jscript9.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\wininet.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\rdpcorets.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\msi.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\Windows.Globalization.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-02-16 20:30:03 ----A---- C:\Windows\system32\crypt32.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\authui.dll
2017-02-16 20:30:02 ----A---- C:\Windows\system32\drivers\http.sys
2017-02-16 20:30:02 ----A---- C:\Windows\system32\dnsapi.dll
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\cng.sys
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\clfs.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\wintrust.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\user32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\gdi32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\storport.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\spaceport.sys
2017-02-16 20:29:59 ----A---- C:\Windows\system32\TpmTasks.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\shsetup.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\d3d10level9.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\bcrypt.dll
2017-02-16 20:29:58 ----A---- C:\Windows\system32\ActionQueue.dll
2017-02-16 20:29:53 ----A---- C:\Windows\system32\urlmon.dll
2017-02-16 20:29:52 ----A---- C:\Windows\system32\apisetschema.dll
2017-02-16 20:29:51 ----A---- C:\Windows\system32\jscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\vbscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\msfeeds.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\inetcomm.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\ieapfltr.dll
2017-02-04 09:23:14 ----D---- C:\Program Files\Common Files\Skype
======List of files/folders modified in the last 1 month======
2017-02-25 19:22:52 ----D---- C:\Program Files\trend micro
2017-02-25 19:22:44 ----D---- C:\Windows\Temp
2017-02-25 19:20:16 ----D---- C:\Windows\Prefetch
2017-02-25 19:18:33 ----D---- C:\Windows\system32\config
2017-02-25 19:17:31 ----D---- C:\Windows\inf
2017-02-25 19:17:31 ----D---- C:\Windows\debug
2017-02-25 19:17:31 ----D---- C:\Windows
2017-02-25 19:13:38 ----SHD---- C:\Windows\Installer
2017-02-25 19:13:38 ----HD---- C:\ProgramData
2017-02-25 19:13:38 ----D---- C:\Program Files\Google
2017-02-25 19:13:05 ----RD---- C:\Windows\System32
2017-02-25 19:12:41 ----SHD---- C:\System Volume Information
2017-02-25 19:12:11 ----D---- C:\Program Files\Java
2017-02-25 19:06:12 ----D---- C:\Users\Pavel\AppData\Roaming\TeamViewer
2017-02-25 19:04:56 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2017-02-25 19:00:00 ----D---- C:\Windows\system32\sru
2017-02-25 18:58:12 ----RD---- C:\Program Files
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files
2017-02-25 18:03:52 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2017-02-25 17:47:14 ----D---- C:\Windows\system32\Tasks
2017-02-25 17:46:11 ----D---- C:\Windows\system32\Drivers
2017-02-25 17:35:01 ----D---- C:\Windows\Microsoft.NET
2017-02-25 17:33:08 ----RD---- C:\Windows\assembly
2017-02-25 16:36:03 ----D---- C:\Windows\WinSxS
2017-02-25 16:35:53 ----D---- C:\Windows\Logs
2017-02-25 16:35:41 ----D---- C:\Windows\system32\DriverStore
2017-02-25 16:31:23 ----RD---- C:\Windows\ToastData
2017-02-25 16:31:22 ----D---- C:\Windows\system32\cs-CZ
2017-02-25 16:31:20 ----D---- C:\Windows\system32\oobe
2017-02-25 16:07:48 ----D---- C:\Windows\system32\MRT
2017-02-25 16:04:10 ----AC---- C:\Windows\system32\MRT.exe
2017-02-25 16:03:54 ----D---- C:\Windows\CbsTemp
2017-02-25 10:33:05 ----D---- C:\Windows\system32\catroot2
2017-02-23 15:37:17 ----D---- C:\Windows\Tasks
2017-02-23 15:37:14 ----D---- C:\Windows\system32\Macromed
2017-02-23 15:31:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-20 16:47:01 ----D---- C:\ProgramData\Skype
2017-02-06 20:41:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-02-04 09:23:14 ----RD---- C:\Program Files\Skype
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2017-02-25 148720]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2017-02-25 267016]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2017-02-25 41176]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-02-25 61128]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-02-25 277176]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2017-02-25 257288]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-02-25 31064]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-02-25 90336]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-02-25 754664]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-02-25 463936]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-02-25 106392]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3125592]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2000-01-01 732888]
S1 MpKsl2154706d;MpKsl2154706d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl2154706d.sys [2015-01-28 29904]
S1 MpKsl253ff5c3;MpKsl253ff5c3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl253ff5c3.sys [2015-01-28 29904]
S2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-02-25 118288]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-02-25 34136]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 37888]
S3 WDC_SAM;@oem14.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-04-29 20256]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-02-25 262736]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-01-16 317400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23 272984]
S3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2017-02-25 5541048]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation;"ServiceDll"=%SystemRoot%\System32\BthHFSrv.dll
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomale zpouuštění počítače
Zdravím!
ADWCleaner nemazal, neklikl jste na mazání. Zkuste ještě jednou a pak dejte log RSIT.
ADWCleaner nemazal, neklikl jste na mazání. Zkuste ještě jednou a pak dejte log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomale zpouuštění počítače
Logfile of random's system information tool 1.15 (written by random/random)
Run by Pavel at 2017-02-26 17:57:25
Microsoft Windows 8.1
System drive C: has 271 GB (89%) free of 305 GB
Total RAM: 2047 MB (69% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:57:30, on 26. 2. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
C:\RSIT.exe
C:\Program Files\trend micro\Pavel_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe
--
End of file - 4164 bytes
======Scheduled tasks folder======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1460806864 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\User_Feed_Synchronization-{EAC7A7A7-B93C-43E7-ACE5-A940F3662D66} - C:\Windows\system32\msfeedssync.exe sync
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\SpaceMan.exe /Repair
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB - C:\Windows\system32\MRT.exe /EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x83760002"
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\Windows\system32\MRT.exe /EHB /Q
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskFootprint\StorageSense - %windir%\system32\rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe %windir%\system32\invagent.dll,RunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Google Chrome=========
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.cz/
default_search_provider.search_url:
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-25 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-25 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12021464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-02-25 205512]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2017-02-08 27427808]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-02-08 7347928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-02-26 08:53:55 ----D---- C:\ProgramData\SWCUTemp
2017-02-25 19:20:05 ----D---- C:\rsit
2017-02-25 19:13:50 ----A---- C:\RSIT.exe
2017-02-25 18:56:07 ----D---- C:\AdwCleaner
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files\Java
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbunivx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswblogx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbidshx.sys
2017-02-25 17:42:36 ----A---- C:\Windows\system32\drivers\aswbidsdriverx.sys
2017-02-25 17:42:15 ----A---- C:\Windows\system32\aswBoot.exe
2017-02-25 16:01:35 ----A---- C:\Windows\system32\aspnet_counters.dll
2017-02-25 16:01:32 ----A---- C:\Windows\system32\msvcp120_clr0400.dll
2017-02-25 16:01:27 ----A---- C:\Windows\system32\msvcr120_clr0400.dll
2017-02-16 20:30:22 ----A---- C:\Windows\system32\shell32.dll
2017-02-16 20:30:21 ----A---- C:\Windows\system32\twinui.dll
2017-02-16 20:30:20 ----A---- C:\Windows\system32\RestoreOptIn.exe
2017-02-16 20:30:20 ----A---- C:\Windows\explorer.exe
2017-02-16 20:30:08 ----A---- C:\Windows\system32\mshtml.dll
2017-02-16 20:30:07 ----A---- C:\Windows\system32\ieframe.dll
2017-02-16 20:30:06 ----A---- C:\Windows\system32\win32k.sys
2017-02-16 20:30:06 ----A---- C:\Windows\system32\jscript9.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\wininet.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\rdpcorets.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\msi.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\Windows.Globalization.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-02-16 20:30:03 ----A---- C:\Windows\system32\crypt32.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\authui.dll
2017-02-16 20:30:02 ----A---- C:\Windows\system32\drivers\http.sys
2017-02-16 20:30:02 ----A---- C:\Windows\system32\dnsapi.dll
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\cng.sys
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\clfs.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\wintrust.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\user32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\gdi32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\storport.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\spaceport.sys
2017-02-16 20:29:59 ----A---- C:\Windows\system32\TpmTasks.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\shsetup.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\d3d10level9.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\bcrypt.dll
2017-02-16 20:29:58 ----A---- C:\Windows\system32\ActionQueue.dll
2017-02-16 20:29:53 ----A---- C:\Windows\system32\urlmon.dll
2017-02-16 20:29:52 ----A---- C:\Windows\system32\apisetschema.dll
2017-02-16 20:29:51 ----A---- C:\Windows\system32\jscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\vbscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\msfeeds.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\inetcomm.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\ieapfltr.dll
2017-02-04 09:23:14 ----D---- C:\Program Files\Common Files\Skype
======List of files/folders modified in the last 1 month======
2017-02-26 17:57:26 ----D---- C:\Program Files\trend micro
2017-02-26 17:53:57 ----D---- C:\Windows\Temp
2017-02-26 17:51:00 ----D---- C:\Windows\Prefetch
2017-02-26 17:00:00 ----D---- C:\Windows\system32\sru
2017-02-26 15:36:34 ----D---- C:\ProgramData\AVAST Software
2017-02-26 11:11:49 ----D---- C:\Windows\inf
2017-02-26 08:53:55 ----HD---- C:\ProgramData
2017-02-25 22:24:07 ----D---- C:\Windows
2017-02-25 22:23:45 ----D---- C:\Program Files\Google
2017-02-25 19:45:13 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2017-02-25 19:23:26 ----D---- C:\Windows\system32\Tasks
2017-02-25 19:21:56 ----SHD---- C:\System Volume Information
2017-02-25 19:18:33 ----D---- C:\Windows\system32\config
2017-02-25 19:17:31 ----D---- C:\Windows\debug
2017-02-25 19:13:38 ----SHD---- C:\Windows\Installer
2017-02-25 19:13:05 ----RD---- C:\Windows\System32
2017-02-25 19:12:11 ----D---- C:\Program Files\Java
2017-02-25 19:06:12 ----D---- C:\Users\Pavel\AppData\Roaming\TeamViewer
2017-02-25 18:58:12 ----RD---- C:\Program Files
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files
2017-02-25 18:03:52 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2017-02-25 17:46:11 ----D---- C:\Windows\system32\Drivers
2017-02-25 17:35:01 ----D---- C:\Windows\Microsoft.NET
2017-02-25 17:33:08 ----RD---- C:\Windows\assembly
2017-02-25 16:36:03 ----D---- C:\Windows\WinSxS
2017-02-25 16:35:53 ----D---- C:\Windows\Logs
2017-02-25 16:35:41 ----D---- C:\Windows\system32\DriverStore
2017-02-25 16:31:23 ----RD---- C:\Windows\ToastData
2017-02-25 16:31:22 ----D---- C:\Windows\system32\cs-CZ
2017-02-25 16:31:20 ----D---- C:\Windows\system32\oobe
2017-02-25 16:07:48 ----D---- C:\Windows\system32\MRT
2017-02-25 16:04:10 ----AC---- C:\Windows\system32\MRT.exe
2017-02-25 16:03:54 ----D---- C:\Windows\CbsTemp
2017-02-25 10:33:05 ----D---- C:\Windows\system32\catroot2
2017-02-23 15:37:17 ----D---- C:\Windows\Tasks
2017-02-23 15:37:14 ----D---- C:\Windows\system32\Macromed
2017-02-23 15:31:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-20 16:47:01 ----D---- C:\ProgramData\Skype
2017-02-06 20:41:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-02-04 09:23:14 ----RD---- C:\Program Files\Skype
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2017-02-25 148720]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2017-02-25 267016]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2017-02-25 41176]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-02-25 61128]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-02-25 277176]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2017-02-25 257288]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-02-25 31064]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-02-25 90336]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-02-25 754664]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-02-25 463936]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-02-25 106392]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-02-25 118288]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3125592]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2000-01-01 732888]
S1 MpKsl2154706d;MpKsl2154706d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl2154706d.sys [2015-01-28 29904]
S1 MpKsl253ff5c3;MpKsl253ff5c3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl253ff5c3.sys [2015-01-28 29904]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-02-25 34136]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 37888]
S3 WDC_SAM;@oem14.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-04-29 20256]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-02-25 262736]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 TeamViewer;TeamViewer 12; c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe [2016-12-15 8193264]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2017-02-25 5541048]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-01-16 317400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23 272984]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation;"ServiceDll"=%SystemRoot%\System32\BthHFSrv.dll
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
-----------------EOF-----------------
Run by Pavel at 2017-02-26 17:57:25
Microsoft Windows 8.1
System drive C: has 271 GB (89%) free of 305 GB
Total RAM: 2047 MB (69% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:57:30, on 26. 2. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
C:\RSIT.exe
C:\Program Files\trend micro\Pavel_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe
--
End of file - 4164 bytes
======Scheduled tasks folder======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1460806864 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\User_Feed_Synchronization-{EAC7A7A7-B93C-43E7-ACE5-A940F3662D66} - C:\Windows\system32\msfeedssync.exe sync
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\SpaceMan.exe /Repair
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB - C:\Windows\system32\MRT.exe /EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x83760002"
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\Windows\system32\MRT.exe /EHB /Q
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskFootprint\StorageSense - %windir%\system32\rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe %windir%\system32\invagent.dll,RunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Google Chrome=========
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.cz/
default_search_provider.search_url:
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-25 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-25 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12021464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-02-25 205512]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2016-12-12 587288]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2017-02-08 27427808]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-02-08 7347928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-02-26 08:53:55 ----D---- C:\ProgramData\SWCUTemp
2017-02-25 19:20:05 ----D---- C:\rsit
2017-02-25 19:13:50 ----A---- C:\RSIT.exe
2017-02-25 18:56:07 ----D---- C:\AdwCleaner
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files\Java
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbunivx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswblogx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbidshx.sys
2017-02-25 17:42:36 ----A---- C:\Windows\system32\drivers\aswbidsdriverx.sys
2017-02-25 17:42:15 ----A---- C:\Windows\system32\aswBoot.exe
2017-02-25 16:01:35 ----A---- C:\Windows\system32\aspnet_counters.dll
2017-02-25 16:01:32 ----A---- C:\Windows\system32\msvcp120_clr0400.dll
2017-02-25 16:01:27 ----A---- C:\Windows\system32\msvcr120_clr0400.dll
2017-02-16 20:30:22 ----A---- C:\Windows\system32\shell32.dll
2017-02-16 20:30:21 ----A---- C:\Windows\system32\twinui.dll
2017-02-16 20:30:20 ----A---- C:\Windows\system32\RestoreOptIn.exe
2017-02-16 20:30:20 ----A---- C:\Windows\explorer.exe
2017-02-16 20:30:08 ----A---- C:\Windows\system32\mshtml.dll
2017-02-16 20:30:07 ----A---- C:\Windows\system32\ieframe.dll
2017-02-16 20:30:06 ----A---- C:\Windows\system32\win32k.sys
2017-02-16 20:30:06 ----A---- C:\Windows\system32\jscript9.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\wininet.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\rdpcorets.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\msi.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\Windows.Globalization.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-02-16 20:30:03 ----A---- C:\Windows\system32\crypt32.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\authui.dll
2017-02-16 20:30:02 ----A---- C:\Windows\system32\drivers\http.sys
2017-02-16 20:30:02 ----A---- C:\Windows\system32\dnsapi.dll
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\cng.sys
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\clfs.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\wintrust.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\user32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\gdi32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\storport.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\spaceport.sys
2017-02-16 20:29:59 ----A---- C:\Windows\system32\TpmTasks.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\shsetup.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\d3d10level9.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\bcrypt.dll
2017-02-16 20:29:58 ----A---- C:\Windows\system32\ActionQueue.dll
2017-02-16 20:29:53 ----A---- C:\Windows\system32\urlmon.dll
2017-02-16 20:29:52 ----A---- C:\Windows\system32\apisetschema.dll
2017-02-16 20:29:51 ----A---- C:\Windows\system32\jscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\vbscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\msfeeds.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\inetcomm.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\ieapfltr.dll
2017-02-04 09:23:14 ----D---- C:\Program Files\Common Files\Skype
======List of files/folders modified in the last 1 month======
2017-02-26 17:57:26 ----D---- C:\Program Files\trend micro
2017-02-26 17:53:57 ----D---- C:\Windows\Temp
2017-02-26 17:51:00 ----D---- C:\Windows\Prefetch
2017-02-26 17:00:00 ----D---- C:\Windows\system32\sru
2017-02-26 15:36:34 ----D---- C:\ProgramData\AVAST Software
2017-02-26 11:11:49 ----D---- C:\Windows\inf
2017-02-26 08:53:55 ----HD---- C:\ProgramData
2017-02-25 22:24:07 ----D---- C:\Windows
2017-02-25 22:23:45 ----D---- C:\Program Files\Google
2017-02-25 19:45:13 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2017-02-25 19:23:26 ----D---- C:\Windows\system32\Tasks
2017-02-25 19:21:56 ----SHD---- C:\System Volume Information
2017-02-25 19:18:33 ----D---- C:\Windows\system32\config
2017-02-25 19:17:31 ----D---- C:\Windows\debug
2017-02-25 19:13:38 ----SHD---- C:\Windows\Installer
2017-02-25 19:13:05 ----RD---- C:\Windows\System32
2017-02-25 19:12:11 ----D---- C:\Program Files\Java
2017-02-25 19:06:12 ----D---- C:\Users\Pavel\AppData\Roaming\TeamViewer
2017-02-25 18:58:12 ----RD---- C:\Program Files
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files
2017-02-25 18:03:52 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2017-02-25 17:46:11 ----D---- C:\Windows\system32\Drivers
2017-02-25 17:35:01 ----D---- C:\Windows\Microsoft.NET
2017-02-25 17:33:08 ----RD---- C:\Windows\assembly
2017-02-25 16:36:03 ----D---- C:\Windows\WinSxS
2017-02-25 16:35:53 ----D---- C:\Windows\Logs
2017-02-25 16:35:41 ----D---- C:\Windows\system32\DriverStore
2017-02-25 16:31:23 ----RD---- C:\Windows\ToastData
2017-02-25 16:31:22 ----D---- C:\Windows\system32\cs-CZ
2017-02-25 16:31:20 ----D---- C:\Windows\system32\oobe
2017-02-25 16:07:48 ----D---- C:\Windows\system32\MRT
2017-02-25 16:04:10 ----AC---- C:\Windows\system32\MRT.exe
2017-02-25 16:03:54 ----D---- C:\Windows\CbsTemp
2017-02-25 10:33:05 ----D---- C:\Windows\system32\catroot2
2017-02-23 15:37:17 ----D---- C:\Windows\Tasks
2017-02-23 15:37:14 ----D---- C:\Windows\system32\Macromed
2017-02-23 15:31:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-20 16:47:01 ----D---- C:\ProgramData\Skype
2017-02-06 20:41:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-02-04 09:23:14 ----RD---- C:\Program Files\Skype
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2017-02-25 148720]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2017-02-25 267016]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2017-02-25 41176]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-02-25 61128]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-02-25 277176]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2017-02-25 257288]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-02-25 31064]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-02-25 90336]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-02-25 754664]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-02-25 463936]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-02-25 106392]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-02-25 118288]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3125592]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2000-01-01 732888]
S1 MpKsl2154706d;MpKsl2154706d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl2154706d.sys [2015-01-28 29904]
S1 MpKsl253ff5c3;MpKsl253ff5c3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl253ff5c3.sys [2015-01-28 29904]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-02-25 34136]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 37888]
S3 WDC_SAM;@oem14.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-04-29 20256]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-02-25 262736]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R2 TeamViewer;TeamViewer 12; c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe [2016-12-15 8193264]
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2017-02-25 5541048]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-01-16 317400]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23 272984]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation;"ServiceDll"=%SystemRoot%\System32\BthHFSrv.dll
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomale zpouuštění počítače
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomale zpouuštění počítače
Logfile of random's system information tool 1.15 (written by random/random)
Run by Pavel at 2017-02-26 19:02:20
Microsoft Windows 8.1
System drive C: has 271 GB (89%) free of 305 GB
Total RAM: 2047 MB (66% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:26, on 26. 2. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
C:\RSIT.exe
C:\Program Files\trend micro\Pavel_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe
--
End of file - 4003 bytes
======Scheduled tasks folder======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1460806864 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\User_Feed_Synchronization-{EAC7A7A7-B93C-43E7-ACE5-A940F3662D66} - C:\Windows\system32\msfeedssync.exe sync
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\SpaceMan.exe /Repair
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB - C:\Windows\system32\MRT.exe /EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x83760002"
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\Windows\system32\MRT.exe /EHB /Q
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskFootprint\StorageSense - %windir%\system32\rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe %windir%\system32\invagent.dll,RunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Google Chrome=========
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.cz/
default_search_provider.search_url:
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-25 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-25 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12021464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-02-25 205512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2017-02-08 27427808]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-02-08 7347928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-02-26 19:02:21 ----D---- C:\ProgramData\SWCUTemp
2017-02-26 18:42:38 ----D---- C:\_OTM
2017-02-25 19:20:05 ----D---- C:\rsit
2017-02-25 19:13:50 ----A---- C:\RSIT.exe
2017-02-25 18:56:07 ----D---- C:\AdwCleaner
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files\Java
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbunivx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswblogx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbidshx.sys
2017-02-25 17:42:36 ----A---- C:\Windows\system32\drivers\aswbidsdriverx.sys
2017-02-25 17:42:15 ----A---- C:\Windows\system32\aswBoot.exe
2017-02-25 16:01:35 ----A---- C:\Windows\system32\aspnet_counters.dll
2017-02-25 16:01:32 ----A---- C:\Windows\system32\msvcp120_clr0400.dll
2017-02-25 16:01:27 ----A---- C:\Windows\system32\msvcr120_clr0400.dll
2017-02-16 20:30:22 ----A---- C:\Windows\system32\shell32.dll
2017-02-16 20:30:21 ----A---- C:\Windows\system32\twinui.dll
2017-02-16 20:30:20 ----A---- C:\Windows\system32\RestoreOptIn.exe
2017-02-16 20:30:20 ----A---- C:\Windows\explorer.exe
2017-02-16 20:30:08 ----A---- C:\Windows\system32\mshtml.dll
2017-02-16 20:30:07 ----A---- C:\Windows\system32\ieframe.dll
2017-02-16 20:30:06 ----A---- C:\Windows\system32\win32k.sys
2017-02-16 20:30:06 ----A---- C:\Windows\system32\jscript9.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\wininet.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\rdpcorets.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\msi.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\Windows.Globalization.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-02-16 20:30:03 ----A---- C:\Windows\system32\crypt32.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\authui.dll
2017-02-16 20:30:02 ----A---- C:\Windows\system32\drivers\http.sys
2017-02-16 20:30:02 ----A---- C:\Windows\system32\dnsapi.dll
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\cng.sys
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\clfs.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\wintrust.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\user32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\gdi32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\storport.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\spaceport.sys
2017-02-16 20:29:59 ----A---- C:\Windows\system32\TpmTasks.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\shsetup.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\d3d10level9.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\bcrypt.dll
2017-02-16 20:29:58 ----A---- C:\Windows\system32\ActionQueue.dll
2017-02-16 20:29:53 ----A---- C:\Windows\system32\urlmon.dll
2017-02-16 20:29:52 ----A---- C:\Windows\system32\apisetschema.dll
2017-02-16 20:29:51 ----A---- C:\Windows\system32\jscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\vbscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\msfeeds.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\inetcomm.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\ieapfltr.dll
2017-02-04 09:23:14 ----D---- C:\Program Files\Common Files\Skype
======List of files/folders modified in the last 1 month======
2017-02-26 19:02:25 ----D---- C:\Program Files\trend micro
2017-02-26 19:02:21 ----HD---- C:\ProgramData
2017-02-26 19:01:23 ----D---- C:\Windows\Temp
2017-02-26 19:00:49 ----D---- C:\Windows\Prefetch
2017-02-26 18:02:00 ----D---- C:\Windows\system32\sru
2017-02-26 15:36:34 ----D---- C:\ProgramData\AVAST Software
2017-02-26 11:11:49 ----D---- C:\Windows\inf
2017-02-25 22:24:07 ----D---- C:\Windows
2017-02-25 22:23:45 ----D---- C:\Program Files\Google
2017-02-25 19:45:13 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2017-02-25 19:23:26 ----D---- C:\Windows\system32\Tasks
2017-02-25 19:21:56 ----SHD---- C:\System Volume Information
2017-02-25 19:18:33 ----D---- C:\Windows\system32\config
2017-02-25 19:17:31 ----D---- C:\Windows\debug
2017-02-25 19:13:38 ----SHD---- C:\Windows\Installer
2017-02-25 19:13:05 ----RD---- C:\Windows\System32
2017-02-25 19:12:11 ----D---- C:\Program Files\Java
2017-02-25 19:06:12 ----D---- C:\Users\Pavel\AppData\Roaming\TeamViewer
2017-02-25 18:58:12 ----RD---- C:\Program Files
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files
2017-02-25 18:03:52 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2017-02-25 17:46:11 ----D---- C:\Windows\system32\Drivers
2017-02-25 17:35:01 ----D---- C:\Windows\Microsoft.NET
2017-02-25 17:33:08 ----RD---- C:\Windows\assembly
2017-02-25 16:36:03 ----D---- C:\Windows\WinSxS
2017-02-25 16:35:53 ----D---- C:\Windows\Logs
2017-02-25 16:35:41 ----D---- C:\Windows\system32\DriverStore
2017-02-25 16:31:23 ----RD---- C:\Windows\ToastData
2017-02-25 16:31:22 ----D---- C:\Windows\system32\cs-CZ
2017-02-25 16:31:20 ----D---- C:\Windows\system32\oobe
2017-02-25 16:07:48 ----D---- C:\Windows\system32\MRT
2017-02-25 16:04:10 ----AC---- C:\Windows\system32\MRT.exe
2017-02-25 16:03:54 ----D---- C:\Windows\CbsTemp
2017-02-25 10:33:05 ----D---- C:\Windows\system32\catroot2
2017-02-23 15:37:17 ----D---- C:\Windows\Tasks
2017-02-23 15:37:14 ----D---- C:\Windows\system32\Macromed
2017-02-23 15:31:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-20 16:47:01 ----D---- C:\ProgramData\Skype
2017-02-06 20:41:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-02-04 09:23:14 ----RD---- C:\Program Files\Skype
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2017-02-25 148720]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2017-02-25 267016]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2017-02-25 41176]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-02-25 61128]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-02-25 277176]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2017-02-25 257288]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-02-25 31064]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-02-25 90336]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-02-25 754664]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-02-25 463936]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-02-25 106392]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-02-25 118288]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3125592]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2000-01-01 732888]
S1 MpKsl2154706d;MpKsl2154706d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl2154706d.sys [2015-01-28 29904]
S1 MpKsl253ff5c3;MpKsl253ff5c3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl253ff5c3.sys [2015-01-28 29904]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-02-25 34136]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 37888]
S3 WDC_SAM;@oem14.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-04-29 20256]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-02-25 262736]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2017-02-25 5541048]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-01-16 317400]
S2 TeamViewer;TeamViewer 12; c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe [2016-12-15 8193264]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23 272984]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation;"ServiceDll"=%SystemRoot%\System32\BthHFSrv.dll
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
-----------------EOF-----------------
Run by Pavel at 2017-02-26 19:02:20
Microsoft Windows 8.1
System drive C: has 271 GB (89%) free of 305 GB
Total RAM: 2047 MB (66% free)
X86
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:26, on 26. 2. 2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
C:\RSIT.exe
C:\Program Files\trend micro\Pavel_RSIT.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe
--
End of file - 4003 bytes
======Scheduled tasks folder======
C:\Windows\system32\tasks\Adobe Acrobat Update Task - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\tasks\Adobe Flash Player Updater - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\system32\tasks\Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
C:\Windows\system32\tasks\CCleanerSkipUAC - "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\system32\tasks\SafeZone scheduled Autoupdate 1460806864 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
C:\Windows\system32\tasks\User_Feed_Synchronization-{EAC7A7A7-B93C-43E7-ACE5-A940F3662D66} - C:\Windows\system32\msfeedssync.exe sync
C:\Windows\system32\tasks\Microsoft\Windows\WS\License Validation - rundll32.exe WSClient.dll,WSpTLR licensing
C:\Windows\system32\tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask - rundll32.exe WSClient.dll,RefreshBannedAppsList
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join - %SystemRoot%\System32\dsregcmd.exe
C:\Windows\system32\tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - %SystemRoot%\System32\AutoWorkplace.exe join
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network - C:\Windows\system32\sc.exe start wuauserv
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sih - %systemroot%\System32\sihclient.exe
C:\Windows\system32\tasks\Microsoft\Windows\WindowsUpdate\sihboot - %systemroot%\System32\sihclient.exe /boot
C:\Windows\system32\tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary - "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
C:\Windows\system32\tasks\Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange - %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange
C:\Windows\system32\tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting - %windir%\system32\wermgr.exe -queuereporting
C:\Windows\system32\tasks\Microsoft\Windows\UPnP\UPnPHostConfig - sc.exe config upnphost start= auto
C:\Windows\system32\tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone - %windir%\system32\tzsync.exe
C:\Windows\system32\tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime - %windir%\system32\sc.exe start w32time task_started
C:\Windows\system32\tasks\Microsoft\Windows\SystemRestore\SR - %windir%\system32\srtasks.exe ExecuteScheduledSPPCreation
C:\Windows\system32\tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask - %windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceAgentTask - %windir%\system32\SpaceAgent.exe
C:\Windows\system32\tasks\Microsoft\Windows\SpacePort\SpaceManagerTask - %windir%\system32\SpaceMan.exe /Repair
C:\Windows\system32\tasks\Microsoft\Windows\Shell\FamilySafetyMonitor - %windir%\System32\wpcmon.exe
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB - C:\Windows\system32\MRT.exe /EHB /HeartbeatFailure "SubmitHeartbeatReportData" /HeartbeatError "0x83760002"
C:\Windows\system32\tasks\Microsoft\Windows\RemovalTools\MRT_HB - C:\Windows\system32\MRT.exe /EHB /Q
C:\Windows\system32\tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask - %windir%\system32\RAServer.exe /offerraupdate
C:\Windows\system32\tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers - %SystemRoot%\System32\drvinst.exe 6
C:\Windows\system32\tasks\Microsoft\Windows\NetTrace\GatherNetworkInfo - %windir%\system32\gatherNetworkInfo.vbs
C:\Windows\system32\tasks\Microsoft\Windows\MUI\LPRemove - %windir%\system32\lpremove.exe
C:\Windows\system32\tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - %SystemRoot%\System32\MbaeParserTask.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\Notifications - %windir%\System32\LocationNotifications.exe
C:\Windows\system32\tasks\Microsoft\Windows\Location\WindowsActionDialog - %windir%\System32\WindowsActionDialog.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskFootprint\StorageSense - %windir%\system32\rundll32.exe %windir%\system32\StorageUsage.dll,GetStorageUsageInfo
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector - %windir%\system32\rundll32.exe dfdts.dll,DfdGetDefaultPolicyAndSMART
C:\Windows\system32\tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver - %windir%\system32\DFDWiz.exe
C:\Windows\system32\tasks\Microsoft\Windows\DiskCleanup\SilentCleanup - %windir%\system32\cleanmgr.exe /autoclean /d %systemdrive%
C:\Windows\system32\tasks\Microsoft\Windows\Defrag\ScheduledDefrag - %windir%\system32\defrag.exe -c -h -o -$
C:\Windows\system32\tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator - %SystemRoot%\System32\wsqmcons.exe
C:\Windows\system32\tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask - BthUdTask.exe $(Arg0)
C:\Windows\system32\tasks\Microsoft\Windows\Autochk\Proxy - %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
C:\Windows\system32\tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup - %windir%\system32\rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState - %windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
C:\Windows\system32\tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup - %windir%\system32\dstokenclean.exe
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater - %windir%\system32\rundll32.exe %windir%\system32\invagent.dll,RunUpdate
C:\Windows\system32\tasks\Microsoft\Windows\Application Experience\StartupAppTask - %windir%\system32\rundll32.exe Startupscan.dll,SusRunTask
C:\Windows\system32\tasks\Microsoft\Windows\AppID\PolicyConverter - %windir%\system32\appidpolicyconverter.exe
C:\Windows\system32\tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck - %windir%\system32\appidcertstorecheck.exe
C:\Windows\system32\tasks\AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
=========Google Chrome=========
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Extension aapocclcgogkmnckokdopfmhonfmgoek 1 Prezentace Google 0.9
Extension ahfgeienlihckogmohjhadlkjgocpleb 1 Obchod Chrome 0.2
Extension aohghmighlieiainnegkcijnfilokake 1 Dokumenty Google 0.9
Extension apdfllckaahabafndbhieahigkjlhalf 1 Disk Google 14.1
Extension bepbmhgboaologfdajaanbcjmnhjmhfn 0
Extension blpcfgokakmgnkcojhhkbfbldkacnbeo 1 YouTube 4.2.8
Extension eemcgdkfndhakfknompkggombfjjjeno 1 Bookmark Manager 0.1
Extension ennkphjdgehloodpbhlhldgbnhmacadg 1 Settings 0.2
Extension felcaaldnbdncclmgdcncolpebgiejap 1 Tabulky Google 1.1
Extension gfdkimpbcpahaombhbimeihdjnejgicl 1 Feedback 1.0
Extension ghbmnnjooekpmoecnnnilnnbdlolhkhi 1 Dokumenty Google offline 1.4
Extension gomekmidlodglbbmalcneegieacbdmki 0 Avast Online Security 12.0.163
Extension kmendfapggjehodndflmmgagdbamhnfd 1 CryptoTokenExtension 0.9.46
Extension mfehgcgbbipciphmccgaenjidiccnmng 1 Cloud Print 0.1
Extension mgndgikekgjfcpckkfioiadnlibdjbkf 1 Chrome 0.1
Extension mhjfbmdgcfjbbpaeojofohoefgiehjai 1 Chrome PDF Viewer 1
Extension neajdppkdcdipfabeoofebfddakdcjhd 1 Google Network Speech 1.0
Extension nkeimhogjdpnpccoofpliimaahmaaome 1 Google Hangouts 1.3.2
Extension nmmhkkegccagdldgiimedpiccmgmieda 1 Platby Internetového obchodu Chrome 1.0.0.1
Extension pjkljhegncpnkpknbcohdijeoejaedia 1 Gmail 8.1
Extension pkedcjkdefgpdelpbcmbmeomcjbeemfm 1 Chrome Media Router 5616.1121.0.3
Homepage: https://www.google.cz/
default_search_provider.search_url:
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences
Homepage:
default_search_provider.search_url:
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gomekmidlodglbbmalcneegieacbdmki]
"Path"=
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-02-25 473152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-25 186944]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12021464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvLaunch.exe [2017-02-25 205512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2017-02-08 27427808]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2017-02-08 7347928]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
"StubPath"="C:\Program Files\Google\Chrome\Application\56.0.2924.87\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-02-26 19:02:21 ----D---- C:\ProgramData\SWCUTemp
2017-02-26 18:42:38 ----D---- C:\_OTM
2017-02-25 19:20:05 ----D---- C:\rsit
2017-02-25 19:13:50 ----A---- C:\RSIT.exe
2017-02-25 18:56:07 ----D---- C:\AdwCleaner
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files\Java
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbunivx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswblogx.sys
2017-02-25 17:42:37 ----A---- C:\Windows\system32\drivers\aswbidshx.sys
2017-02-25 17:42:36 ----A---- C:\Windows\system32\drivers\aswbidsdriverx.sys
2017-02-25 17:42:15 ----A---- C:\Windows\system32\aswBoot.exe
2017-02-25 16:01:35 ----A---- C:\Windows\system32\aspnet_counters.dll
2017-02-25 16:01:32 ----A---- C:\Windows\system32\msvcp120_clr0400.dll
2017-02-25 16:01:27 ----A---- C:\Windows\system32\msvcr120_clr0400.dll
2017-02-16 20:30:22 ----A---- C:\Windows\system32\shell32.dll
2017-02-16 20:30:21 ----A---- C:\Windows\system32\twinui.dll
2017-02-16 20:30:20 ----A---- C:\Windows\system32\RestoreOptIn.exe
2017-02-16 20:30:20 ----A---- C:\Windows\explorer.exe
2017-02-16 20:30:08 ----A---- C:\Windows\system32\mshtml.dll
2017-02-16 20:30:07 ----A---- C:\Windows\system32\ieframe.dll
2017-02-16 20:30:06 ----A---- C:\Windows\system32\win32k.sys
2017-02-16 20:30:06 ----A---- C:\Windows\system32\jscript9.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\wininet.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\rdpcorets.dll
2017-02-16 20:30:05 ----A---- C:\Windows\system32\msi.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\Windows.Globalization.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\drivers\tcpip.sys
2017-02-16 20:30:03 ----A---- C:\Windows\system32\crypt32.dll
2017-02-16 20:30:03 ----A---- C:\Windows\system32\authui.dll
2017-02-16 20:30:02 ----A---- C:\Windows\system32\drivers\http.sys
2017-02-16 20:30:02 ----A---- C:\Windows\system32\dnsapi.dll
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\cng.sys
2017-02-16 20:30:01 ----A---- C:\Windows\system32\drivers\clfs.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\wintrust.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\user32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\gdi32.dll
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\storport.sys
2017-02-16 20:30:00 ----A---- C:\Windows\system32\drivers\spaceport.sys
2017-02-16 20:29:59 ----A---- C:\Windows\system32\TpmTasks.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\shsetup.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\d3d10level9.dll
2017-02-16 20:29:59 ----A---- C:\Windows\system32\bcrypt.dll
2017-02-16 20:29:58 ----A---- C:\Windows\system32\ActionQueue.dll
2017-02-16 20:29:53 ----A---- C:\Windows\system32\urlmon.dll
2017-02-16 20:29:52 ----A---- C:\Windows\system32\apisetschema.dll
2017-02-16 20:29:51 ----A---- C:\Windows\system32\jscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\vbscript.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\msfeeds.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\inetcomm.dll
2017-02-16 20:29:50 ----A---- C:\Windows\system32\ieapfltr.dll
2017-02-04 09:23:14 ----D---- C:\Program Files\Common Files\Skype
======List of files/folders modified in the last 1 month======
2017-02-26 19:02:25 ----D---- C:\Program Files\trend micro
2017-02-26 19:02:21 ----HD---- C:\ProgramData
2017-02-26 19:01:23 ----D---- C:\Windows\Temp
2017-02-26 19:00:49 ----D---- C:\Windows\Prefetch
2017-02-26 18:02:00 ----D---- C:\Windows\system32\sru
2017-02-26 15:36:34 ----D---- C:\ProgramData\AVAST Software
2017-02-26 11:11:49 ----D---- C:\Windows\inf
2017-02-25 22:24:07 ----D---- C:\Windows
2017-02-25 22:23:45 ----D---- C:\Program Files\Google
2017-02-25 19:45:13 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2017-02-25 19:23:26 ----D---- C:\Windows\system32\Tasks
2017-02-25 19:21:56 ----SHD---- C:\System Volume Information
2017-02-25 19:18:33 ----D---- C:\Windows\system32\config
2017-02-25 19:17:31 ----D---- C:\Windows\debug
2017-02-25 19:13:38 ----SHD---- C:\Windows\Installer
2017-02-25 19:13:05 ----RD---- C:\Windows\System32
2017-02-25 19:12:11 ----D---- C:\Program Files\Java
2017-02-25 19:06:12 ----D---- C:\Users\Pavel\AppData\Roaming\TeamViewer
2017-02-25 18:58:12 ----RD---- C:\Program Files
2017-02-25 18:04:41 ----D---- C:\Program Files\Common Files
2017-02-25 18:03:52 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2017-02-25 17:46:11 ----D---- C:\Windows\system32\Drivers
2017-02-25 17:35:01 ----D---- C:\Windows\Microsoft.NET
2017-02-25 17:33:08 ----RD---- C:\Windows\assembly
2017-02-25 16:36:03 ----D---- C:\Windows\WinSxS
2017-02-25 16:35:53 ----D---- C:\Windows\Logs
2017-02-25 16:35:41 ----D---- C:\Windows\system32\DriverStore
2017-02-25 16:31:23 ----RD---- C:\Windows\ToastData
2017-02-25 16:31:22 ----D---- C:\Windows\system32\cs-CZ
2017-02-25 16:31:20 ----D---- C:\Windows\system32\oobe
2017-02-25 16:07:48 ----D---- C:\Windows\system32\MRT
2017-02-25 16:04:10 ----AC---- C:\Windows\system32\MRT.exe
2017-02-25 16:03:54 ----D---- C:\Windows\CbsTemp
2017-02-25 10:33:05 ----D---- C:\Windows\system32\catroot2
2017-02-23 15:37:17 ----D---- C:\Windows\Tasks
2017-02-23 15:37:14 ----D---- C:\Windows\system32\Macromed
2017-02-23 15:31:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-02-20 16:47:01 ----D---- C:\ProgramData\Skype
2017-02-06 20:41:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2017-02-04 09:23:14 ----RD---- C:\Program Files\Skype
File C:\Windows\system32\winlogon.exe is digitally signed
File C:\Windows\system32\wininit.exe is digitally signed
File C:\Windows\explorer.exe is digitally signed
File C:\Windows\system32\svchost.exe is digitally signed
File C:\Windows\system32\services.exe is digitally signed
File C:\Windows\system32\User32.dll is digitally signed
File C:\Windows\system32\userinit.exe is digitally signed
File C:\Windows\system32\rpcss.dll is digitally signed
File C:\Windows\system32\Drivers\volsnap.sys is digitally signed
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswbidsh;aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [2017-02-25 148720]
R0 aswblog;aswblog; C:\Windows\system32\drivers\aswblogx.sys [2017-02-25 267016]
R0 aswbuniv;aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [2017-02-25 41176]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2017-02-25 61128]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2017-02-25 277176]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 aswbidsdriver;aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [2017-02-25 257288]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2017-02-25 31064]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2017-02-25 90336]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2017-02-25 754664]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2017-02-25 463936]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2017-02-25 106392]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2017-02-25 118288]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3125592]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2000-01-01 732888]
S1 MpKsl2154706d;MpKsl2154706d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl2154706d.sys [2015-01-28 29904]
S1 MpKsl253ff5c3;MpKsl253ff5c3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl253ff5c3.sys [2015-01-28 29904]
S3 aswHwid;aswHwid; C:\Windows\system32\drivers\aswHwid.sys [2017-02-25 34136]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 37888]
S3 WDC_SAM;@oem14.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-04-29 20256]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2016-12-19 82640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2017-02-25 262736]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; %SystemRoot%\System32\svchost.exe -k utcsvc;"ServiceDll"=%SystemRoot%\system32\diagtrack.dll
R3 aswbIDSAgent;aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [2017-02-25 5541048]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2017-01-16 317400]
S2 TeamViewer;TeamViewer 12; c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe [2016-12-15 8193264]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-02-23 272984]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation;"ServiceDll"=%SystemRoot%\System32\BthHFSrv.dll
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-04-16 154440]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomale zpouuštění počítače
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomale zpouuštění počítače
Ano je to mnohem lepší.
Ještě jednu otázku bych mněl. V IE 11 nefunguje na čt24 přehrávání videa youtube ano. V chrom to funguje. Nevíte příčinu??
Ještě jednu otázku bych mněl. V IE 11 nefunguje na čt24 přehrávání videa youtube ano. V chrom to funguje. Nevíte příčinu??
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomale zpouuštění počítače
To je zajímavé. Zkuste přeinstalovat flashplayer.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomale zpouuštění počítače
Ten je u win 8.1 integrovaný
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomale zpouuštění počítače
Jj, ale pokud ho lze upgradovat (a to by mělo jít), musí jít také přeinstalovat. Jinak poto už zbývá snad jen přeinstalace IE.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomale zpouuštění počítače
Dobře, moc děkuji za pomoc.
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomale zpouuštění počítače
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?