preventivna kontrola
Napsal: 07 zář 2017 17:49
Zdravim, poprosil by som o kontrolu logu, vopred dakujem.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Ján at 2017-09-05 10:38:41
Microsoft Windows 7 Enterprise Service Pack 1
System drive C: has 322 GB (67%) free of 477 GB
Total RAM: 2047 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:22, on 5. 9. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Users\Ján\AppData\Local\background_fault\aswRD.exe
C:\Program Files\KROS\ALFA plus\!System\ALFAplus.exe
C:\Program Files\Uncheckit\uncheckitBsn.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare\ASC.exe
C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe
E:\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Ján.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mylucky123.com/?type=hp&ts=1 ... 1_2ACD524C
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mylucky123.com/?type=hp&ts=1 ... 1_2ACD524C
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mylucky123.com/?type=hp&ts=1 ... 1_2ACD524C
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mylucky123.com/search/?type= ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mylucky123.com/search/?type= ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mylucky123.com/?type=hp&ts=1 ... 1_2ACD524C
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [background_fault] "C:\Users\Ján\AppData\Local\background_fault\aswRD.exe" "C:\Users\Ján\AppData\Local\background_fault\bf.dll",background_fault_collector
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: ALFA plus - rýchle spustenie.lnk = C:\Program Files\KROS\ALFA plus\!System\ALFAplus.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: AMD - Unknown owner - C:\Users\Ján\AppData\Local\AMD\amd.exe
O23 - Service: cktSvc - EVANGEL TECHNOLOGY (HK) LIMITED - C:\Program Files\Uncheckit\cktSvc.exe
O23 - Service: clean - Unknown owner - C:\Users\Ján\AppData\Local\clean\Kyubey.exe
O23 - Service: Convxxxx - Unknown owner - C:\Users\Ján\AppData\Roaming\adhad\UvConverter.exe
O23 - Service: ed2k idle service (ed2kidle) - http://www.amule.org/ - C:\Program Files\amuleC\ed2k.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - KROS_20400 (FirebirdServerKROS_20400) - Firebird Project - C:\Program Files\KROS\KROS FBServer\Firebird001\bin\fbserver.exe
O23 - Service: Update Service(FirefoxU) (FirefoxU) - Unknown owner - C:\Program Files\Firefox\bin\FirefoxUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ExplorerService (iedvutils) - Unknown owner - C:\Program Files\Explorer\iedvutils.exe
O23 - Service: InterHop - Unknown owner - C:\Program Files\InterHop\InterHop.exe
O23 - Service: iThemes5 - Unknown owner - rundll32.exe (file missing)
O23 - Service: Kyubey - Unknown owner - C:\Users\Ján\AppData\Roaming\Kyubey\Kyubey.exe
O23 - Service: qkseeService - Unknown owner - C:\Program Files\qksee\qkseeSvc.exe
O23 - Service: Protect Service(SeteatP) (SeteatP) - Unknown owner - C:\ProgramData\Seteat\Seteat.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: UncheckitSvc - evangel technology (hk) limited - C:\Program Files\Uncheckit\UncheckitSvc.exe
O23 - Service: winsaber - Unknown owner - C:\Program Files\WinSaber\WinSaber.exe
O23 - Service: WinZiper service (winzipersvc) - ExWzp Pvt Ltd. - C:\Program Files\WinZipper\winzipersvc.exe
O23 - Service: yahoochrome technology limit (yahoochrometechnology) - YahooChrome - C:\ProgramData\yahoochrome\desktop25.exe
--
End of file - 8153 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12 752416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31 161448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office16\URLREDIR.DLL [2015-07-31 403672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [2015-07-31 1512152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"background_fault"=C:\Users\Ján\AppData\Local\background_fault\aswRD.exe [2017-04-06 1419576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 9]
C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2016-01-11 2019616]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ALFA plus - rýchle spustenie.lnk - C:\Program Files\KROS\ALFA plus\!System\ALFAplus.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"Debugger="324095823984.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdaterService.exe]
"Debugger="8736459873644.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe]
"Debugger="C:\Windows\TEMP\wea96D5.tmp\Gubed.exe -Yrrehs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-09-05 10:04:56 ----D---- C:\rsit
2017-09-05 10:04:56 ----D---- C:\Program Files\trend micro
======List of files/folders modified in the last 1 month======
2017-09-05 10:39:13 ----D---- C:\Windows\Temp
2017-09-05 10:39:13 ----D---- C:\Windows\system32\drivers\etc
2017-09-05 10:38:26 ----D---- C:\Windows\system32\catroot2
2017-09-05 10:38:25 ----D---- C:\Windows\inf
2017-09-05 10:38:25 ----D---- C:\Windows
2017-09-05 10:28:11 ----D---- C:\Windows\system32\config
2017-09-05 10:26:48 ----SHD---- C:\Boot
2017-09-05 10:24:59 ----SHD---- C:\Windows\Installer
2017-09-05 10:24:59 ----SHD---- C:\Config.Msi
2017-09-05 10:15:08 ----SD---- C:\ProgramData\Microsoft
2017-09-05 10:14:43 ----D---- C:\Windows\system32\drivers
2017-09-05 10:07:31 ----D---- C:\Windows\System32
2017-09-05 10:07:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-09-05 10:04:56 ----RD---- C:\Program Files
2017-09-04 14:33:23 ----D---- C:\OLYMP
2017-09-04 14:15:23 ----D---- C:\Omega
2017-09-04 11:35:32 ----D---- C:\ProgramData\firebird
2017-09-04 11:33:40 ----D---- C:\Program Files\WinZipper
2017-09-04 11:33:37 ----D---- C:\Program Files\qksee
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-02-21 56944]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-02-21 205800]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-02-21 146024]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-02-21 161992]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-02-21 44608]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-02-21 111040]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\drivers\atikmdag.sys [2009-07-14 4194816]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-07-14 545792]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD;AMD; C:\Users\Ján\AppData\Local\AMD\amd.exe [2017-04-06 120320]
R2 Archer;Archer; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 bilibili;bilibili; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 BIT;BIT; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 cktSvc;cktSvc; C:\Program Files\Uncheckit\cktSvc.exe [2016-11-11 282112]
R2 clean;clean; C:\Users\Ján\AppData\Local\clean\Kyubey.exe [2017-04-06 114688]
R2 Convxxxx;Convxxxx; C:\Users\Ján\AppData\Roaming\adhad\UvConverter.exe [2017-02-06 376832]
R2 ed2kidle;ed2k idle service; C:\Program Files\amuleC\ed2k.exe [2016-10-08 237568]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-02-21 1983936]
R2 FirebirdServerKROS_20400;Firebird Server - KROS_20400; C:\Program Files\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [2011-10-11 3764224]
R2 GubedZL;GubedZL; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 GubZL;GubZL; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 iedvutils;ExplorerService; C:\Program Files\Explorer\iedvutils.exe [2017-01-22 64184]
R2 InterHop;InterHop; C:\Program Files\InterHop\InterHop.exe [2016-10-31 486912]
R2 Kitty;Kitty; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 Kyubey;Kyubey; C:\Users\Ján\AppData\Roaming\Kyubey\Kyubey.exe [2017-04-01 236032]
R2 MCSvc;Microsoft Cache Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 qkseeService;qkseeService; C:\Program Files\qksee\qkseeSvc.exe [2016-09-06 744216]
R2 SeteatP;Protect Service(SeteatP); C:\ProgramData\Seteat\Seteat.exe [2016-08-29 455416]
R2 SNAREA;SNAREA; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SNARER;SNARER; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 TeamViewer;TeamViewer 12; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2016-12-15 10351856]
R2 UncheckitSvc;UncheckitSvc; C:\Program Files\Uncheckit\UncheckitSvc.exe [2016-07-05 241664]
R2 winsaber;winsaber; C:\Program Files\WinSaber\WinSaber.exe [2016-10-08 877272]
R2 WinSAPSvc;WinSAPSvc; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 WINSNARE;WINSNARE; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 winzipersvc;WinZiper service; C:\Program Files\WinZipper\winzipersvc.exe [2016-08-29 1254960]
R2 yahoochrometechnology;yahoochrome technology limit; C:\ProgramData\yahoochrome\desktop25.exe [2016-05-02 236768]
R3 iThemes5;iThemes5; rundll32 C:\Program Files\Common Files\Services\iThemes.dll,fnde_svr []
S2 Apple_Cfg;Apple Config Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 CSHMDR;CSHMDR; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 CWASRE;CWASRE; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 FirefoxU;Update Service(FirefoxU); C:\Program Files\Firefox\bin\FirefoxUpdate.exe [2017-05-26 99480]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-21 154440]
S2 NPASRE;NPASRE; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 snare;snare; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 swpvr;Microsoft Software Shadow Provider; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 terana;terana; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-21 154440]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 202928]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-07-30 4846168]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-02-20 1343400]
S4 AdvancedSystemCareService9;Advanced SystemCare Service 9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [2016-01-05 446240]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-12 45744]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2016-01-14 2945312]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Winsere;Winsere; C:\Program Files\Winsere\Winsere\Winsere.exe [2016-03-23 316984]
-----------------EOF-----------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Ján at 2017-09-05 10:38:41
Microsoft Windows 7 Enterprise Service Pack 1
System drive C: has 322 GB (67%) free of 477 GB
Total RAM: 2047 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:39:22, on 5. 9. 2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Users\Ján\AppData\Local\background_fault\aswRD.exe
C:\Program Files\KROS\ALFA plus\!System\ALFAplus.exe
C:\Program Files\Uncheckit\uncheckitBsn.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare\ASC.exe
C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe
E:\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Ján.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mylucky123.com/?type=hp&ts=1 ... 1_2ACD524C
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mylucky123.com/?type=hp&ts=1 ... 1_2ACD524C
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.mylucky123.com/?type=hp&ts=1 ... 1_2ACD524C
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mylucky123.com/search/?type= ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mylucky123.com/search/?type= ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mylucky123.com/?type=hp&ts=1 ... 1_2ACD524C
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office16\URLREDIR.DLL
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [background_fault] "C:\Users\Ján\AppData\Local\background_fault\aswRD.exe" "C:\Users\Ján\AppData\Local\background_fault\bf.dll",background_fault_collector
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: ALFA plus - rýchle spustenie.lnk = C:\Program Files\KROS\ALFA plus\!System\ALFAplus.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll
O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office16\OCHelper.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
O23 - Service: AMD - Unknown owner - C:\Users\Ján\AppData\Local\AMD\amd.exe
O23 - Service: cktSvc - EVANGEL TECHNOLOGY (HK) LIMITED - C:\Program Files\Uncheckit\cktSvc.exe
O23 - Service: clean - Unknown owner - C:\Users\Ján\AppData\Local\clean\Kyubey.exe
O23 - Service: Convxxxx - Unknown owner - C:\Users\Ján\AppData\Roaming\adhad\UvConverter.exe
O23 - Service: ed2k idle service (ed2kidle) - http://www.amule.org/ - C:\Program Files\amuleC\ed2k.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Firebird Server - KROS_20400 (FirebirdServerKROS_20400) - Firebird Project - C:\Program Files\KROS\KROS FBServer\Firebird001\bin\fbserver.exe
O23 - Service: Update Service(FirefoxU) (FirefoxU) - Unknown owner - C:\Program Files\Firefox\bin\FirefoxUpdate.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ExplorerService (iedvutils) - Unknown owner - C:\Program Files\Explorer\iedvutils.exe
O23 - Service: InterHop - Unknown owner - C:\Program Files\InterHop\InterHop.exe
O23 - Service: iThemes5 - Unknown owner - rundll32.exe (file missing)
O23 - Service: Kyubey - Unknown owner - C:\Users\Ján\AppData\Roaming\Kyubey\Kyubey.exe
O23 - Service: qkseeService - Unknown owner - C:\Program Files\qksee\qkseeSvc.exe
O23 - Service: Protect Service(SeteatP) (SeteatP) - Unknown owner - C:\ProgramData\Seteat\Seteat.exe
O23 - Service: TeamViewer 12 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service: UncheckitSvc - evangel technology (hk) limited - C:\Program Files\Uncheckit\UncheckitSvc.exe
O23 - Service: winsaber - Unknown owner - C:\Program Files\WinSaber\WinSaber.exe
O23 - Service: WinZiper service (winzipersvc) - ExWzp Pvt Ltd. - C:\Program Files\WinZipper\winzipersvc.exe
O23 - Service: yahoochrome technology limit (yahoochrometechnology) - YahooChrome - C:\ProgramData\yahoochrome\desktop25.exe
--
End of file - 8153 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
ExplorerWnd Helper - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12 752416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Skype for Business Browser Helper - C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31 161448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office16\URLREDIR.DLL [2015-07-31 403672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft OneDrive for Business Browser Helper - C:\PROGRA~1\MICROS~1\Office16\GROOVEEX.DLL [2015-07-31 1512152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"background_fault"=C:\Users\Ján\AppData\Local\background_fault\aswRD.exe [2017-04-06 1419576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 9]
C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe [2016-01-11 2019616]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ALFA plus - rýchle spustenie.lnk - C:\Program Files\KROS\ALFA plus\!System\ALFAplus.exe
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSimpleNetIDList"=1
"NoDriveTypeAutoRun"=221
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe]
"Debugger="324095823984.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdaterService.exe]
"Debugger="8736459873644.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MRT.exe]
"Debugger="C:\Windows\TEMP\wea96D5.tmp\Gubed.exe -Yrrehs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2017-09-05 10:04:56 ----D---- C:\rsit
2017-09-05 10:04:56 ----D---- C:\Program Files\trend micro
======List of files/folders modified in the last 1 month======
2017-09-05 10:39:13 ----D---- C:\Windows\Temp
2017-09-05 10:39:13 ----D---- C:\Windows\system32\drivers\etc
2017-09-05 10:38:26 ----D---- C:\Windows\system32\catroot2
2017-09-05 10:38:25 ----D---- C:\Windows\inf
2017-09-05 10:38:25 ----D---- C:\Windows
2017-09-05 10:28:11 ----D---- C:\Windows\system32\config
2017-09-05 10:26:48 ----SHD---- C:\Boot
2017-09-05 10:24:59 ----SHD---- C:\Windows\Installer
2017-09-05 10:24:59 ----SHD---- C:\Config.Msi
2017-09-05 10:15:08 ----SD---- C:\ProgramData\Microsoft
2017-09-05 10:14:43 ----D---- C:\Windows\system32\drivers
2017-09-05 10:07:31 ----D---- C:\Windows\System32
2017-09-05 10:07:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2017-09-05 10:04:56 ----RD---- C:\Program Files
2017-09-04 14:33:23 ----D---- C:\OLYMP
2017-09-04 14:15:23 ----D---- C:\Omega
2017-09-04 11:35:32 ----D---- C:\ProgramData\firebird
2017-09-04 11:33:40 ----D---- C:\Program Files\WinZipper
2017-09-04 11:33:37 ----D---- C:\Program Files\qksee
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2016-02-21 56944]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2016-02-21 205800]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2016-02-21 146024]
R1 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2016-02-21 161992]
R1 EpfwLWF;ESET Personal Firewall; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2016-02-21 44608]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 ekbdflt;ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [2016-02-21 111040]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 atikmdag;atikmdag; C:\Windows\system32\drivers\atikmdag.sys [2009-07-14 4194816]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-07-14 545792]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD;AMD; C:\Users\Ján\AppData\Local\AMD\amd.exe [2017-04-06 120320]
R2 Archer;Archer; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 bilibili;bilibili; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 BIT;BIT; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 cktSvc;cktSvc; C:\Program Files\Uncheckit\cktSvc.exe [2016-11-11 282112]
R2 clean;clean; C:\Users\Ján\AppData\Local\clean\Kyubey.exe [2017-04-06 114688]
R2 Convxxxx;Convxxxx; C:\Users\Ján\AppData\Roaming\adhad\UvConverter.exe [2017-02-06 376832]
R2 ed2kidle;ed2k idle service; C:\Program Files\amuleC\ed2k.exe [2016-10-08 237568]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2016-02-21 1983936]
R2 FirebirdServerKROS_20400;Firebird Server - KROS_20400; C:\Program Files\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [2011-10-11 3764224]
R2 GubedZL;GubedZL; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 GubZL;GubZL; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 iedvutils;ExplorerService; C:\Program Files\Explorer\iedvutils.exe [2017-01-22 64184]
R2 InterHop;InterHop; C:\Program Files\InterHop\InterHop.exe [2016-10-31 486912]
R2 Kitty;Kitty; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 Kyubey;Kyubey; C:\Users\Ján\AppData\Roaming\Kyubey\Kyubey.exe [2017-04-01 236032]
R2 MCSvc;Microsoft Cache Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 qkseeService;qkseeService; C:\Program Files\qksee\qkseeSvc.exe [2016-09-06 744216]
R2 SeteatP;Protect Service(SeteatP); C:\ProgramData\Seteat\Seteat.exe [2016-08-29 455416]
R2 SNAREA;SNAREA; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SNARER;SNARER; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 TeamViewer;TeamViewer 12; C:\Program Files\TeamViewer\TeamViewer_Service.exe [2016-12-15 10351856]
R2 UncheckitSvc;UncheckitSvc; C:\Program Files\Uncheckit\UncheckitSvc.exe [2016-07-05 241664]
R2 winsaber;winsaber; C:\Program Files\WinSaber\WinSaber.exe [2016-10-08 877272]
R2 WinSAPSvc;WinSAPSvc; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 WINSNARE;WINSNARE; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 winzipersvc;WinZiper service; C:\Program Files\WinZipper\winzipersvc.exe [2016-08-29 1254960]
R2 yahoochrometechnology;yahoochrome technology limit; C:\ProgramData\yahoochrome\desktop25.exe [2016-05-02 236768]
R3 iThemes5;iThemes5; rundll32 C:\Program Files\Common Files\Services\iThemes.dll,fnde_svr []
S2 Apple_Cfg;Apple Config Service; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 CSHMDR;CSHMDR; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 CWASRE;CWASRE; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 FirefoxU;Update Service(FirefoxU); C:\Program Files\Firefox\bin\FirefoxUpdate.exe [2017-05-26 99480]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-21 154440]
S2 NPASRE;NPASRE; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 snare;snare; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 swpvr;Microsoft Software Shadow Provider; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 terana;terana; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2016-02-21 154440]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-07-31 202928]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2015-07-30 4846168]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2016-02-20 1343400]
S4 AdvancedSystemCareService9;Advanced SystemCare Service 9; C:\Program Files\IObit\Advanced SystemCare\ASCService.exe [2016-01-05 446240]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-12 45744]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2016-01-14 2945312]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Winsere;Winsere; C:\Program Files\Winsere\Winsere\Winsere.exe [2016-03-23 316984]
-----------------EOF-----------------
odinstaluj pokial nie je neskoro, ak uz nie je 
Avast, AVG, Avira, MSE? najlepsie nejaky menej narocny na system vzhladom na system 
a kedze je doba, aka je - dobre urobis obcasnym scanom s ADWCleanerom, tak 1x mesacne