Zašifrované soubory virem
Napsal: 16 úno 2016 19:00
Dobrý den, sousedka mě donesla počítač, že ji nejdou otevřít fotky. Prej byl zavirovaný.
Počítač projela Kasperski Virus Removal tool. Jaky to byl vir nevím.
V píloze zasílám RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Andrea at 2016-02-16 18:23:32
Microsoft Windows 8.1
System drive C: has 70 GB (61%) free of 114 GB
Total RAM: 3066 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:39, on 16. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
C:\Users\Andrea\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\cff82705e5f797a58ae626cfaffea6a6\pandaunransom.exe
C:\Program Files\trend micro\Andrea.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - Startup: _H_e_l_p_RECOVER_INSTRUCTIONS+wqh.html
O4 - Startup: _H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt
O4 - Startup: _uninst_03983034.lnk = C:\Users\Andrea\AppData\Local\Temp\_uninst_03983034.bat
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @oem8.inf,%AEADISRV.SvcDesc%;Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: AVerUpdateServer - AVerMedia TECHNOLOGIES, Inc. - C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
O23 - Service: @oem9.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem7.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8487 bytes
======Listing Processes======
wininit.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe"
"C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe"
C:\Windows\system32\BtwRSupportService.exe
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {046c7052-9fcf-4933-82a9ccd7e4b42eba}
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
atieclxx
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
{9210976D-1DAA-4ACA-BD53-0B1ECF986096}
{06AE22EF-B5F4-47C5-A7CB-DEA6B299347E}
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" -tray
"C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
"C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt
taskhostex.exe
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="2372.0.40126584\310842533" "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 2372 "\\.\pipe\gecko-crash-server-pipe.2372" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe" --proxy-stub-channel=Flash3316.62E2EFB0.8531 --host-broker-channel=Flash3316.62E2EFB0.2357 --host-pid=3316 --host-npapi-version=28 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_20_0_0_306.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe" --channel=4132.00F4F4E0.1632652511 --proxy-stub-channel=Flash3316.62E2EFB0.8531 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_20_0_0_306.dll" --host-npapi-version=28 --type=renderer
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Users\Andrea\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\cff82705e5f797a58ae626cfaffea6a6\pandaunransom.exe"
"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.ZuneVideo.wwa
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe34_ Global\UsGthrCtrlFltPipeMssGthrPipe34 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 568 572 580 65536 576
"C:\Users\Andrea\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\ddty4hc4.default-1429530516079
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\ddty4hc4.default-1429530516079\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-30 885152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-30 664184]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"NokiaSuite.exe"=C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2013-04-19 1090912]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [2015-07-12 563416]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-11 287800]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-01-30 7021880]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AVer HID Receiver.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.html
_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt
_uninst_03983034.lnk - C:\Users\Andrea\AppData\Local\Temp\_uninst_03983034.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-02-16 18:23:32 ----D---- C:\rsit
2016-02-16 18:23:32 ----D---- C:\Program Files\trend micro
2016-02-14 13:24:28 ----A---- C:\Windows\system32\aswBoot.exe
2016-02-14 11:37:56 ----D---- C:\ProgramData\Kaspersky Lab
2016-02-14 11:37:56 ----D---- C:\Program Files (x86)\Kaspersky Lab
2016-02-14 11:37:54 ----A---- C:\ProgramData\ntuser.dat
2016-02-14 11:20:42 ----D---- C:\Program Files (x86)\Google
2016-02-11 20:44:54 ----A---- C:\Users\Andrea\AppData\Roaming\_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt
2016-02-11 20:42:28 ----A---- C:\ProgramData\_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt
2016-02-11 19:09:07 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2016-02-11 18:58:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-02-11 18:58:45 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-02-11 18:58:45 ----A---- C:\Windows\system32\mshtml.dll
2016-02-11 18:58:45 ----A---- C:\Windows\system32\iertutil.dll
2016-02-11 18:58:44 ----A---- C:\Windows\system32\urlmon.dll
2016-02-11 18:58:43 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-02-11 18:58:43 ----A---- C:\Windows\system32\ieframe.dll
2016-02-11 18:58:42 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-02-11 18:56:12 ----A---- C:\Windows\system32\generaltel.dll
2016-02-11 18:56:12 ----A---- C:\Windows\system32\appraiser.dll
2016-02-11 18:56:11 ----A---- C:\Windows\system32\invagent.dll
2016-02-11 18:56:11 ----A---- C:\Windows\system32\devinv.dll
2016-02-11 18:56:11 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-02-11 18:56:11 ----A---- C:\Windows\system32\aeinv.dll
2016-02-11 18:56:11 ----A---- C:\Windows\system32\acmigration.dll
2016-02-11 18:56:10 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-02-11 18:56:09 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-02-11 18:56:09 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-02-11 18:56:09 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-02-11 18:56:09 ----A---- C:\Windows\SYSWOW64\cfgbkend.dll
2016-02-11 18:56:09 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-11 18:56:09 ----A---- C:\Windows\system32\EncDec.dll
2016-02-11 18:56:09 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-11 18:56:09 ----A---- C:\Windows\system32\cfgbkend.dll
2016-02-11 18:56:07 ----A---- C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-11 18:56:07 ----A---- C:\Windows\system32\glcndFilter.dll
2016-02-11 18:56:06 ----A---- C:\Windows\SYSWOW64\Windows.Data.Pdf.dll
2016-02-11 18:56:06 ----A---- C:\Windows\SYSWOW64\glcndFilter.dll
2016-02-11 18:56:00 ----A---- C:\Windows\system32\shell32.dll
2016-02-11 18:55:59 ----A---- C:\Windows\system32\twinui.dll
2016-02-11 18:55:58 ----A---- C:\Windows\SYSWOW64\twinui.dll
2016-02-11 18:55:57 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-02-11 18:55:56 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-02-11 18:55:56 ----A---- C:\Windows\system32\authui.dll
2016-02-11 18:54:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-11 18:54:30 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-11 18:54:29 ----A---- C:\Windows\SYSWOW64\WinTypes.dll
2016-02-11 18:54:29 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-02-11 18:54:29 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-02-11 18:54:29 ----A---- C:\Windows\SYSWOW64\combase.dll
2016-02-11 18:54:29 ----A---- C:\Windows\system32\WinTypes.dll
2016-02-11 18:54:29 ----A---- C:\Windows\system32\ntdll.dll
2016-02-11 18:54:29 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-11 18:54:29 ----A---- C:\Windows\system32\combase.dll
2016-02-11 18:54:28 ----A---- C:\Windows\SYSWOW64\wincorlib.dll
2016-02-11 18:54:25 ----A---- C:\Windows\SYSWOW64\WinSync.dll
2016-02-11 18:54:25 ----A---- C:\Windows\system32\WinSync.dll
2016-02-11 18:54:25 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-11 18:54:24 ----A---- C:\Windows\system32\win32k.sys
2016-02-11 18:54:20 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-02-11 18:54:20 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-02-11 18:54:20 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-02-11 18:54:20 ----A---- C:\Windows\system32\msv1_0.dll
2016-02-11 18:54:20 ----A---- C:\Windows\system32\lsasrv.dll
2016-02-11 18:54:20 ----A---- C:\Windows\system32\kerberos.dll
2016-02-11 18:54:20 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-02-11 18:54:20 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-02-11 18:54:20 ----A---- C:\Windows\system32\dpapisrv.dll
2016-02-11 18:54:20 ----A---- C:\Windows\system32\certcli.dll
2016-02-11 18:54:12 ----A---- C:\Windows\system32\jscript9.dll
2016-02-11 18:54:10 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-02-11 18:54:09 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-02-11 18:54:09 ----A---- C:\Windows\system32\wininet.dll
2016-02-11 18:54:08 ----A---- C:\Windows\SYSWOW64\hlink.dll
2016-02-11 18:54:08 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-11 18:54:08 ----A---- C:\Windows\system32\hlink.dll
2016-02-11 18:54:07 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-02-11 18:54:07 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-02-11 18:54:07 ----A---- C:\Windows\system32\webcheck.dll
2016-02-11 18:54:07 ----A---- C:\Windows\system32\actxprxy.dll
2016-02-11 18:54:06 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-02-11 18:54:06 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-02-11 18:54:06 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-02-11 18:54:06 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-02-11 18:54:06 ----A---- C:\Windows\system32\vbscript.dll
2016-02-11 18:54:06 ----A---- C:\Windows\system32\jscript.dll
2016-02-11 18:54:06 ----A---- C:\Windows\system32\inetcomm.dll
2016-02-11 18:54:06 ----A---- C:\Windows\system32\iedkcs32.dll
2016-02-11 18:54:06 ----A---- C:\Windows\system32\ie4uinit.exe
2016-02-11 18:54:05 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-02-11 18:54:05 ----A---- C:\Windows\system32\ieapfltr.dll
2016-02-11 18:53:05 ----A---- C:\Windows\system32\rdpudd.dll
2016-02-11 18:53:05 ----A---- C:\Windows\system32\rdpcorets.dll
2016-02-11 18:52:55 ----A---- C:\Windows\system32\wuaueng.dll
2016-02-11 18:52:55 ----A---- C:\Windows\system32\wuapi.dll
2016-02-11 18:52:54 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2016-02-11 18:52:54 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2016-02-11 18:52:54 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2016-02-11 18:52:54 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2016-02-11 18:52:54 ----A---- C:\Windows\system32\wuwebv.dll
2016-02-11 18:52:54 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2016-02-11 18:52:54 ----A---- C:\Windows\system32\wudriver.dll
2016-02-11 18:52:54 ----A---- C:\Windows\system32\wucltux.dll
2016-02-11 18:52:54 ----A---- C:\Windows\system32\wuauclt.exe
2016-02-11 18:52:54 ----A---- C:\Windows\system32\wuapp.exe
2016-01-30 18:26:17 ----A---- C:\Windows\avastSS.scr
2016-01-27 11:17:53 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2016-02-16 18:23:32 ----RD---- C:\Program Files
2016-02-16 18:03:01 ----HD---- C:\ProgramData
2016-02-16 18:00:00 ----D---- C:\Windows\system32\sru
2016-02-16 17:43:56 ----D---- C:\Windows\Temp
2016-02-15 15:46:10 ----D---- C:\Windows\Prefetch
2016-02-15 12:41:23 ----D---- C:\Windows\rescache
2016-02-15 12:34:11 ----D---- C:\Windows\Microsoft.NET
2016-02-15 12:23:47 ----RD---- C:\Windows\System32
2016-02-15 12:23:47 ----D---- C:\Windows\Inf
2016-02-15 12:23:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-14 22:20:54 ----D---- C:\Windows\Tasks
2016-02-14 22:20:54 ----D---- C:\Windows\system32\CodeIntegrity
2016-02-14 22:20:49 ----HD---- C:\Windows\ELAMBKUP
2016-02-14 22:20:39 ----HD---- C:\Program Files\WindowsApps
2016-02-14 22:20:39 ----D---- C:\Windows\system32\wbem
2016-02-14 22:20:19 ----D---- C:\Windows\system32\DriverStore
2016-02-14 22:20:19 ----D---- C:\Windows\registration
2016-02-14 22:20:00 ----RD---- C:\Program Files (x86)
2016-02-14 22:15:54 ----D---- C:\Windows\system32\LogFiles
2016-02-14 21:47:24 ----D---- C:\Windows\system32\drivers
2016-02-14 13:27:08 ----D---- C:\Windows\system32\catroot2
2016-02-14 13:24:54 ----D---- C:\Windows\system32\config
2016-02-14 13:24:40 ----D---- C:\Windows\system32\Tasks
2016-02-14 13:24:30 ----SHD---- C:\System Volume Information
2016-02-14 13:24:20 ----D---- C:\Windows
2016-02-14 13:24:15 ----D---- C:\Windows\Logs
2016-02-14 13:23:54 ----D---- C:\Windows\Minidump
2016-02-12 08:41:13 ----D---- C:\Windows\WinSxS
2016-02-12 08:40:09 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-12 08:39:13 ----D---- C:\Windows\SysWOW64
2016-02-12 08:39:13 ----D---- C:\Windows\system32\appraiser
2016-02-12 08:39:13 ----D---- C:\Windows\apppatch
2016-02-12 08:39:12 ----RD---- C:\Windows\ToastData
2016-02-12 08:39:12 ----D---- C:\Windows\SYSWOW64\en-US
2016-02-12 08:39:12 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-02-12 08:39:12 ----D---- C:\Windows\system32\en-US
2016-02-12 08:39:12 ----D---- C:\Windows\system32\cs-CZ
2016-02-12 08:39:12 ----D---- C:\Program Files\Windows Journal
2016-02-12 08:39:11 ----D---- C:\Program Files\Internet Explorer
2016-02-12 08:39:11 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-11 20:44:54 ----D---- C:\Users\Andrea\AppData\Roaming\Zoner
2016-02-11 20:44:54 ----D---- C:\Users\Andrea\AppData\Roaming\PC Suite
2016-02-11 20:44:45 ----SD---- C:\Users\Andrea\AppData\Roaming\Microsoft
2016-02-11 20:44:34 ----D---- C:\Users\Andrea\AppData\Roaming\Identities
2016-02-11 20:44:34 ----D---- C:\Users\Andrea\AppData\Roaming\hpqLog
2016-02-11 20:44:34 ----D---- C:\Users\Andrea\AppData\Roaming\GHISLER
2016-02-11 20:44:34 ----D---- C:\Users\Andrea\AppData\Roaming\ATI
2016-02-11 20:44:34 ----D---- C:\Users\Andrea\AppData\Roaming\Adobe
2016-02-11 20:42:33 ----D---- C:\ProgramData\Zoner
2016-02-11 20:42:33 ----D---- C:\ProgramData\SonicFocus
2016-02-11 20:42:32 ----D---- C:\ProgramData\PC Suite
2016-02-11 20:42:32 ----D---- C:\ProgramData\NokiaInstallerCache
2016-02-11 20:42:31 ----D---- C:\ProgramData\Nokia
2016-02-11 20:42:31 ----D---- C:\ProgramData\Mozilla
2016-02-11 20:42:28 ----D---- C:\totalcmd
2016-02-11 20:42:28 ----D---- C:\swsetup
2016-02-11 20:42:28 ----D---- C:\ProgramData\AVerTV 3D
2016-02-11 20:42:28 ----D---- C:\ProgramData\ATI
2016-02-11 20:42:28 ----D---- C:\ProgramData\AMD
2016-02-11 19:16:29 ----D---- C:\Windows\CbsTemp
2016-02-11 19:14:58 ----SHD---- C:\Windows\Installer
2016-02-11 19:14:47 ----D---- C:\ProgramData\Microsoft Help
2016-02-11 19:07:42 ----D---- C:\Windows\system32\MRT
2016-02-11 19:01:41 ----A---- C:\Windows\system32\MRT.exe
2016-02-09 09:49:06 ----D---- C:\Windows\AppReadiness
2016-02-02 03:37:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-01-29 19:09:01 ----D---- C:\Windows\system32\NDF
2016-01-25 08:35:09 ----D---- C:\Program Files (x86)\Microsoft Office
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-01-30 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-01-30 273784]
R0 hpdskflt;@oem7.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-01-30 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-02-14 1065208]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-14 464256]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-01-30 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-02-14 97648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-01-30 155304]
R3 Accelerometer;@oem7.inf,%accelerometer_desc%;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 ADIHdAudAddService;@oem8.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 497152]
R3 AgereSoftModem;@mdmags64.inf,%FullProductName%;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2013-06-18 1146880]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 11922944]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 359936]
R3 bcbtums;@oem9.inf,%BCBTUMS.SvcDesc%;Bluetooth USB LD Filter; C:\Windows\system32\drivers\bcbtums.sys [2013-10-28 170712]
R3 BCM43XX;@netbc63a.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl63al.sys [2013-07-01 5170176]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2015-06-09 53248]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2015-07-10 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2015-06-09 81920]
R3 HBtnKey;@oem2.inf,%CPQBTTN.SvcDesc%;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2010-02-24 19000]
R3 HpqKbFiltr;@oem4.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2009-04-29 18432]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 SynTP;@oem1.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
R3 WinDivert1.1;WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [2015-08-02 35376]
S3 AVerAF35;@oem19.inf,%AF9035Devcie.FriendlyName%;AVerMedia A835 USB DVB-T; C:\Windows\System32\Drivers\AVerAF35.sys [2013-06-05 804992]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2015-06-09 1201664]
S3 btwampfl;@oem9.inf,%btwampfl.ServiceName%;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2013-10-28 166104]
S3 dg_ssudbus;@oem29.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Users\Andrea\AppData\Local\Temp\HWiNFOPortableTemp\HWiNFO64A.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 ssudmdm;@oem30.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 tap0901;@oem5.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
S3 WinUsb;@winusb.inf,%WINUSB_SvcDesc%;WinUsb Driver; C:\Windows\System32\drivers\WinUSB.SYS [2015-10-10 78848]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AEADIFilters;@oem8.inf,%AEADISRV.SvcDesc%;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 111616]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 238080]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-01-30 226440]
R2 AVerRemote;AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2013-06-26 368640]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2011-04-01 403456]
R2 AVerUpdateServer;AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-10-31 167936]
R2 BcmBtRSupport;@oem9.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\Windows\system32\BtwRSupportService.exe [2013-10-28 2255064]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 hpsrv;@oem7.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2009-07-08 30520]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2014-03-02 977088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11 269504]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-01-27 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Všechny JPG, mp3, mp4 soubory mají přidanou příponu .mp3.
V každé nakažené složce je soubor "_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt" s následujícím obsahem:
__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!
NOT YOUR LANGUAGE? USE https://translate.google.com
What happened to your files ?
All of your files were protected by a strong encryption with RSA-4096.
More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
How did this happen ?
!!! Specially for your PC was generated personal RSA-4096 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1. http://jj4dhbg4d86sdgrsdfzcadc.ziraimsh ... 2828EA8111
2. http://uu5dbnmsedf4s3jdnfbh34fsdf.parse ... 2828EA8111
3. http://perc54hg47fhnkjnfvcdgvdc.clinkju ... 2828EA8111
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization
3. Type in the address bar: fwgrhsao3aoml7ej.onion/F2A2332828EA8111
4. Follow the instructions on the site.
!!! IMPORTANT INFORMATION:
!!! Your personal pages:
http://jj4dhbg4d86sdgrsdfzcadc.ziraimsh ... 2828EA8111
http://uu5dbnmsedf4s3jdnfbh34fsdf.parse ... 2828EA8111
http://perc54hg47fhnkjnfvcdgvdc.clinkju ... 2828EA8111
!!! Your personal page Tor-Browser: fwgrhsao3aoml7ej.onion/F2A2332828EA8111
!!! Your personal identification ID: F2A2332828EA8111
________________________________________________________________________
Počítač jsem kontroloval Avastem a Kasperski Virus Removal tool. Snad by měl být čistý.
Je nějaká možnost jak zašifrované soubory rozšifrovat?
Předem děkuji za ochotu.
Počítač projela Kasperski Virus Removal tool. Jaky to byl vir nevím.
V píloze zasílám RSIT log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Andrea at 2016-02-16 18:23:32
Microsoft Windows 8.1
System drive C: has 70 GB (61%) free of 114 GB
Total RAM: 3066 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:23:39, on 16. 2. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
C:\Users\Andrea\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\cff82705e5f797a58ae626cfaffea6a6\pandaunransom.exe
C:\Program Files\trend micro\Andrea.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE"
O4 - Startup: _H_e_l_p_RECOVER_INSTRUCTIONS+wqh.html
O4 - Startup: _H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt
O4 - Startup: _uninst_03983034.lnk = C:\Users\Andrea\AppData\Local\Temp\_uninst_03983034.bat
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @oem8.inf,%AEADISRV.SvcDesc%;Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: AVerUpdateServer - AVerMedia TECHNOLOGIES, Inc. - C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe
O23 - Service: @oem9.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem7.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8487 bytes
======Listing Processes======
wininit.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe"
"C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe"
C:\Windows\system32\BtwRSupportService.exe
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {046c7052-9fcf-4933-82a9ccd7e4b42eba}
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
atieclxx
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
{9210976D-1DAA-4ACA-BD53-0B1ECF986096}
{06AE22EF-B5F4-47C5-A7CB-DEA6B299347E}
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" -tray
"C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start
"C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe"
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt
taskhostex.exe
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel="2372.0.40126584\310842533" "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 2372 "\\.\pipe\gecko-crash-server-pipe.2372" plugin
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe" --proxy-stub-channel=Flash3316.62E2EFB0.8531 --host-broker-channel=Flash3316.62E2EFB0.2357 --host-pid=3316 --host-npapi-version=28 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_20_0_0_306.dll"
"C:\Windows\SYSTEM32\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe" --channel=4132.00F4F4E0.1632652511 --proxy-stub-channel=Flash3316.62E2EFB0.8531 --plugin-path="C:\Windows\SYSTEM32\Macromed\Flash\NPSWF32_20_0_0_306.dll" --host-npapi-version=28 --type=renderer
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Users\Andrea\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\cff82705e5f797a58ae626cfaffea6a6\pandaunransom.exe"
"C:\Windows\system32\wwahost.exe" -ServerName:Microsoft.ZuneVideo.wwa
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe34_ Global\UsGthrCtrlFltPipeMssGthrPipe34 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 568 572 580 65536 576
"C:\Users\Andrea\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\ddty4hc4.default-1429530516079
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 20.0.0.306 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll
C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\ddty4hc4.default-1429530516079\extensions\
{ea614400-e918-4741-9a97-7a972ff7c30b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-30 885152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-30 664184]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"NokiaSuite.exe"=C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [2013-04-19 1090912]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 17\Program32\ZPSTRAY.EXE [2015-07-12 563416]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-11-11 287800]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-01-30 7021880]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AVer HID Receiver.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
AVerQuick.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.html
_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt
_uninst_03983034.lnk - C:\Users\Andrea\AppData\Local\Temp\_uninst_03983034.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-02-16 18:23:32 ----D---- C:\rsit
2016-02-16 18:23:32 ----D---- C:\Program Files\trend micro
2016-02-14 13:24:28 ----A---- C:\Windows\system32\aswBoot.exe
2016-02-14 11:37:56 ----D---- C:\ProgramData\Kaspersky Lab
2016-02-14 11:37:56 ----D---- C:\Program Files (x86)\Kaspersky Lab
2016-02-14 11:37:54 ----A---- C:\ProgramData\ntuser.dat
2016-02-14 11:20:42 ----D---- C:\Program Files (x86)\Google
2016-02-11 20:44:54 ----A---- C:\Users\Andrea\AppData\Roaming\_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt
2016-02-11 20:42:28 ----A---- C:\ProgramData\_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt
2016-02-11 19:09:07 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2016-02-11 18:58:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2016-02-11 18:58:45 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2016-02-11 18:58:45 ----A---- C:\Windows\system32\mshtml.dll
2016-02-11 18:58:45 ----A---- C:\Windows\system32\iertutil.dll
2016-02-11 18:58:44 ----A---- C:\Windows\system32\urlmon.dll
2016-02-11 18:58:43 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2016-02-11 18:58:43 ----A---- C:\Windows\system32\ieframe.dll
2016-02-11 18:58:42 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2016-02-11 18:56:12 ----A---- C:\Windows\system32\generaltel.dll
2016-02-11 18:56:12 ----A---- C:\Windows\system32\appraiser.dll
2016-02-11 18:56:11 ----A---- C:\Windows\system32\invagent.dll
2016-02-11 18:56:11 ----A---- C:\Windows\system32\devinv.dll
2016-02-11 18:56:11 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-02-11 18:56:11 ----A---- C:\Windows\system32\aeinv.dll
2016-02-11 18:56:11 ----A---- C:\Windows\system32\acmigration.dll
2016-02-11 18:56:10 ----A---- C:\Windows\SYSWOW64\CPFilters.dll
2016-02-11 18:56:09 ----A---- C:\Windows\SYSWOW64\mtxoci.dll
2016-02-11 18:56:09 ----A---- C:\Windows\SYSWOW64\msorcl32.dll
2016-02-11 18:56:09 ----A---- C:\Windows\SYSWOW64\EncDec.dll
2016-02-11 18:56:09 ----A---- C:\Windows\SYSWOW64\cfgbkend.dll
2016-02-11 18:56:09 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-11 18:56:09 ----A---- C:\Windows\system32\EncDec.dll
2016-02-11 18:56:09 ----A---- C:\Windows\system32\CPFilters.dll
2016-02-11 18:56:09 ----A---- C:\Windows\system32\cfgbkend.dll
2016-02-11 18:56:07 ----A---- C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-11 18:56:07 ----A---- C:\Windows\system32\glcndFilter.dll
2016-02-11 18:56:06 ----A---- C:\Windows\SYSWOW64\Windows.Data.Pdf.dll
2016-02-11 18:56:06 ----A---- C:\Windows\SYSWOW64\glcndFilter.dll
2016-02-11 18:56:00 ----A---- C:\Windows\system32\shell32.dll
2016-02-11 18:55:59 ----A---- C:\Windows\system32\twinui.dll
2016-02-11 18:55:58 ----A---- C:\Windows\SYSWOW64\twinui.dll
2016-02-11 18:55:57 ----A---- C:\Windows\SYSWOW64\shell32.dll
2016-02-11 18:55:56 ----A---- C:\Windows\SYSWOW64\authui.dll
2016-02-11 18:55:56 ----A---- C:\Windows\system32\authui.dll
2016-02-11 18:54:30 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-11 18:54:30 ----A---- C:\Windows\system32\KernelBase.dll
2016-02-11 18:54:29 ----A---- C:\Windows\SYSWOW64\WinTypes.dll
2016-02-11 18:54:29 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2016-02-11 18:54:29 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2016-02-11 18:54:29 ----A---- C:\Windows\SYSWOW64\combase.dll
2016-02-11 18:54:29 ----A---- C:\Windows\system32\WinTypes.dll
2016-02-11 18:54:29 ----A---- C:\Windows\system32\ntdll.dll
2016-02-11 18:54:29 ----A---- C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-11 18:54:29 ----A---- C:\Windows\system32\combase.dll
2016-02-11 18:54:28 ----A---- C:\Windows\SYSWOW64\wincorlib.dll
2016-02-11 18:54:25 ----A---- C:\Windows\SYSWOW64\WinSync.dll
2016-02-11 18:54:25 ----A---- C:\Windows\system32\WinSync.dll
2016-02-11 18:54:25 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-11 18:54:24 ----A---- C:\Windows\system32\win32k.sys
2016-02-11 18:54:20 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2016-02-11 18:54:20 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2016-02-11 18:54:20 ----A---- C:\Windows\SYSWOW64\certcli.dll
2016-02-11 18:54:20 ----A---- C:\Windows\system32\msv1_0.dll
2016-02-11 18:54:20 ----A---- C:\Windows\system32\lsasrv.dll
2016-02-11 18:54:20 ----A---- C:\Windows\system32\kerberos.dll
2016-02-11 18:54:20 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-02-11 18:54:20 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-02-11 18:54:20 ----A---- C:\Windows\system32\dpapisrv.dll
2016-02-11 18:54:20 ----A---- C:\Windows\system32\certcli.dll
2016-02-11 18:54:12 ----A---- C:\Windows\system32\jscript9.dll
2016-02-11 18:54:10 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2016-02-11 18:54:09 ----A---- C:\Windows\SYSWOW64\wininet.dll
2016-02-11 18:54:09 ----A---- C:\Windows\system32\wininet.dll
2016-02-11 18:54:08 ----A---- C:\Windows\SYSWOW64\hlink.dll
2016-02-11 18:54:08 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-11 18:54:08 ----A---- C:\Windows\system32\hlink.dll
2016-02-11 18:54:07 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2016-02-11 18:54:07 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2016-02-11 18:54:07 ----A---- C:\Windows\system32\webcheck.dll
2016-02-11 18:54:07 ----A---- C:\Windows\system32\actxprxy.dll
2016-02-11 18:54:06 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2016-02-11 18:54:06 ----A---- C:\Windows\SYSWOW64\jscript.dll
2016-02-11 18:54:06 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2016-02-11 18:54:06 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2016-02-11 18:54:06 ----A---- C:\Windows\system32\vbscript.dll
2016-02-11 18:54:06 ----A---- C:\Windows\system32\jscript.dll
2016-02-11 18:54:06 ----A---- C:\Windows\system32\inetcomm.dll
2016-02-11 18:54:06 ----A---- C:\Windows\system32\iedkcs32.dll
2016-02-11 18:54:06 ----A---- C:\Windows\system32\ie4uinit.exe
2016-02-11 18:54:05 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2016-02-11 18:54:05 ----A---- C:\Windows\system32\ieapfltr.dll
2016-02-11 18:53:05 ----A---- C:\Windows\system32\rdpudd.dll
2016-02-11 18:53:05 ----A---- C:\Windows\system32\rdpcorets.dll
2016-02-11 18:52:55 ----A---- C:\Windows\system32\wuaueng.dll
2016-02-11 18:52:55 ----A---- C:\Windows\system32\wuapi.dll
2016-02-11 18:52:54 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2016-02-11 18:52:54 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2016-02-11 18:52:54 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2016-02-11 18:52:54 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2016-02-11 18:52:54 ----A---- C:\Windows\system32\wuwebv.dll
2016-02-11 18:52:54 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2016-02-11 18:52:54 ----A---- C:\Windows\system32\wudriver.dll
2016-02-11 18:52:54 ----A---- C:\Windows\system32\wucltux.dll
2016-02-11 18:52:54 ----A---- C:\Windows\system32\wuauclt.exe
2016-02-11 18:52:54 ----A---- C:\Windows\system32\wuapp.exe
2016-01-30 18:26:17 ----A---- C:\Windows\avastSS.scr
2016-01-27 11:17:53 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2016-02-16 18:23:32 ----RD---- C:\Program Files
2016-02-16 18:03:01 ----HD---- C:\ProgramData
2016-02-16 18:00:00 ----D---- C:\Windows\system32\sru
2016-02-16 17:43:56 ----D---- C:\Windows\Temp
2016-02-15 15:46:10 ----D---- C:\Windows\Prefetch
2016-02-15 12:41:23 ----D---- C:\Windows\rescache
2016-02-15 12:34:11 ----D---- C:\Windows\Microsoft.NET
2016-02-15 12:23:47 ----RD---- C:\Windows\System32
2016-02-15 12:23:47 ----D---- C:\Windows\Inf
2016-02-15 12:23:47 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-14 22:20:54 ----D---- C:\Windows\Tasks
2016-02-14 22:20:54 ----D---- C:\Windows\system32\CodeIntegrity
2016-02-14 22:20:49 ----HD---- C:\Windows\ELAMBKUP
2016-02-14 22:20:39 ----HD---- C:\Program Files\WindowsApps
2016-02-14 22:20:39 ----D---- C:\Windows\system32\wbem
2016-02-14 22:20:19 ----D---- C:\Windows\system32\DriverStore
2016-02-14 22:20:19 ----D---- C:\Windows\registration
2016-02-14 22:20:00 ----RD---- C:\Program Files (x86)
2016-02-14 22:15:54 ----D---- C:\Windows\system32\LogFiles
2016-02-14 21:47:24 ----D---- C:\Windows\system32\drivers
2016-02-14 13:27:08 ----D---- C:\Windows\system32\catroot2
2016-02-14 13:24:54 ----D---- C:\Windows\system32\config
2016-02-14 13:24:40 ----D---- C:\Windows\system32\Tasks
2016-02-14 13:24:30 ----SHD---- C:\System Volume Information
2016-02-14 13:24:20 ----D---- C:\Windows
2016-02-14 13:24:15 ----D---- C:\Windows\Logs
2016-02-14 13:23:54 ----D---- C:\Windows\Minidump
2016-02-12 08:41:13 ----D---- C:\Windows\WinSxS
2016-02-12 08:40:09 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-12 08:39:13 ----D---- C:\Windows\SysWOW64
2016-02-12 08:39:13 ----D---- C:\Windows\system32\appraiser
2016-02-12 08:39:13 ----D---- C:\Windows\apppatch
2016-02-12 08:39:12 ----RD---- C:\Windows\ToastData
2016-02-12 08:39:12 ----D---- C:\Windows\SYSWOW64\en-US
2016-02-12 08:39:12 ----D---- C:\Windows\SYSWOW64\cs-CZ
2016-02-12 08:39:12 ----D---- C:\Windows\system32\en-US
2016-02-12 08:39:12 ----D---- C:\Windows\system32\cs-CZ
2016-02-12 08:39:12 ----D---- C:\Program Files\Windows Journal
2016-02-12 08:39:11 ----D---- C:\Program Files\Internet Explorer
2016-02-12 08:39:11 ----D---- C:\Program Files (x86)\Internet Explorer
2016-02-11 20:44:54 ----D---- C:\Users\Andrea\AppData\Roaming\Zoner
2016-02-11 20:44:54 ----D---- C:\Users\Andrea\AppData\Roaming\PC Suite
2016-02-11 20:44:45 ----SD---- C:\Users\Andrea\AppData\Roaming\Microsoft
2016-02-11 20:44:34 ----D---- C:\Users\Andrea\AppData\Roaming\Identities
2016-02-11 20:44:34 ----D---- C:\Users\Andrea\AppData\Roaming\hpqLog
2016-02-11 20:44:34 ----D---- C:\Users\Andrea\AppData\Roaming\GHISLER
2016-02-11 20:44:34 ----D---- C:\Users\Andrea\AppData\Roaming\ATI
2016-02-11 20:44:34 ----D---- C:\Users\Andrea\AppData\Roaming\Adobe
2016-02-11 20:42:33 ----D---- C:\ProgramData\Zoner
2016-02-11 20:42:33 ----D---- C:\ProgramData\SonicFocus
2016-02-11 20:42:32 ----D---- C:\ProgramData\PC Suite
2016-02-11 20:42:32 ----D---- C:\ProgramData\NokiaInstallerCache
2016-02-11 20:42:31 ----D---- C:\ProgramData\Nokia
2016-02-11 20:42:31 ----D---- C:\ProgramData\Mozilla
2016-02-11 20:42:28 ----D---- C:\totalcmd
2016-02-11 20:42:28 ----D---- C:\swsetup
2016-02-11 20:42:28 ----D---- C:\ProgramData\AVerTV 3D
2016-02-11 20:42:28 ----D---- C:\ProgramData\ATI
2016-02-11 20:42:28 ----D---- C:\ProgramData\AMD
2016-02-11 19:16:29 ----D---- C:\Windows\CbsTemp
2016-02-11 19:14:58 ----SHD---- C:\Windows\Installer
2016-02-11 19:14:47 ----D---- C:\ProgramData\Microsoft Help
2016-02-11 19:07:42 ----D---- C:\Windows\system32\MRT
2016-02-11 19:01:41 ----A---- C:\Windows\system32\MRT.exe
2016-02-09 09:49:06 ----D---- C:\Windows\AppReadiness
2016-02-02 03:37:41 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2016-01-29 19:09:01 ----D---- C:\Windows\system32\NDF
2016-01-25 08:35:09 ----D---- C:\Program Files (x86)\Microsoft Office
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-01-30 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-01-30 273784]
R0 hpdskflt;@oem7.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-01-30 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-02-14 1065208]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-14 464256]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2013-08-22 71680]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-01-30 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-02-14 97648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-01-30 155304]
R3 Accelerometer;@oem7.inf,%accelerometer_desc%;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 ADIHdAudAddService;@oem8.inf,%UAAFunctionDriverForHdAudio.SvcDesc%;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 497152]
R3 AgereSoftModem;@mdmags64.inf,%FullProductName%;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2013-06-18 1146880]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 11922944]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 359936]
R3 bcbtums;@oem9.inf,%BCBTUMS.SvcDesc%;Bluetooth USB LD Filter; C:\Windows\system32\drivers\bcbtums.sys [2013-10-28 170712]
R3 BCM43XX;@netbc63a.inf,%BCM43XX_Service_DispName%;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl63al.sys [2013-07-01 5170176]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2015-06-09 53248]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2015-07-10 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2015-06-09 81920]
R3 HBtnKey;@oem2.inf,%CPQBTTN.SvcDesc%;HP Hotkey Device; C:\Windows\system32\DRIVERS\cpqbttn.sys [2010-02-24 19000]
R3 HpqKbFiltr;@oem4.inf,%HpqKbFiltr.SvcDesc%;HpqKbFilter Driver; C:\Windows\System32\drivers\HpqKbFiltr.sys [2009-04-29 18432]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 SynTP;@oem1.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2013-08-22 36864]
R3 WinDivert1.1;WinDivert1.1; \??\C:\Program Files\KMSpico\WinDivert.sys [2015-08-02 35376]
S3 AVerAF35;@oem19.inf,%AF9035Devcie.FriendlyName%;AVerMedia A835 USB DVB-T; C:\Windows\System32\Drivers\AVerAF35.sys [2013-06-05 804992]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2015-06-09 1201664]
S3 btwampfl;@oem9.inf,%btwampfl.ServiceName%;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2013-10-28 166104]
S3 dg_ssudbus;@oem29.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\Users\Andrea\AppData\Local\Temp\HWiNFOPortableTemp\HWiNFO64A.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 ssudmdm;@oem30.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 tap0901;@oem5.inf,%DeviceDescription%;TAP-Windows Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2013-08-22 40664]
S3 WinUsb;@winusb.inf,%WINUSB_SvcDesc%;WinUsb Driver; C:\Windows\System32\drivers\WinUSB.SYS [2015-10-10 78848]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AEADIFilters;@oem8.inf,%AEADISRV.SvcDesc%;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 111616]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 238080]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-01-30 226440]
R2 AVerRemote;AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2013-06-26 368640]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2011-04-01 403456]
R2 AVerUpdateServer;AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2011-10-31 167936]
R2 BcmBtRSupport;@oem9.inf,%BcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\Windows\system32\BtwRSupportService.exe [2013-10-28 2255064]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 hpsrv;@oem7.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2009-07-08 30520]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S2 Service KMSELDI;Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [2014-03-02 977088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-11 269504]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2016-01-27 146888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Všechny JPG, mp3, mp4 soubory mají přidanou příponu .mp3.
V každé nakažené složce je soubor "_H_e_l_p_RECOVER_INSTRUCTIONS+wqh.txt" s následujícím obsahem:
__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!
NOT YOUR LANGUAGE? USE https://translate.google.com
What happened to your files ?
All of your files were protected by a strong encryption with RSA-4096.
More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
How did this happen ?
!!! Specially for your PC was generated personal RSA-4096 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1. http://jj4dhbg4d86sdgrsdfzcadc.ziraimsh ... 2828EA8111
2. http://uu5dbnmsedf4s3jdnfbh34fsdf.parse ... 2828EA8111
3. http://perc54hg47fhnkjnfvcdgvdc.clinkju ... 2828EA8111
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization
3. Type in the address bar: fwgrhsao3aoml7ej.onion/F2A2332828EA8111
4. Follow the instructions on the site.
!!! IMPORTANT INFORMATION:
!!! Your personal pages:
http://jj4dhbg4d86sdgrsdfzcadc.ziraimsh ... 2828EA8111
http://uu5dbnmsedf4s3jdnfbh34fsdf.parse ... 2828EA8111
http://perc54hg47fhnkjnfvcdgvdc.clinkju ... 2828EA8111
!!! Your personal page Tor-Browser: fwgrhsao3aoml7ej.onion/F2A2332828EA8111
!!! Your personal identification ID: F2A2332828EA8111
________________________________________________________________________
Počítač jsem kontroloval Avastem a Kasperski Virus Removal tool. Snad by měl být čistý.
Je nějaká možnost jak zašifrované soubory rozšifrovat?
Předem děkuji za ochotu.
