Cryptominer řádí
Napsal: 18 srp 2018 15:04
Dobrý den ,
moc prosím o kontrolu logu, Avira si s tím chudák nějak nemůže poradit a stále mi spouští scan disku - zřejmě to chytila Mozilla do sebe.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Zealot at 2018-08-18 15:51:56
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 51 GB (21%) free of 238 GB
Total RAM: 6142 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:52:08, on 18.8.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18666)
Boot mode: Normal
Running processes:
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files\trend micro\Zealot.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [World of Tanks] "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
O4 - HKCU\..\Run: [wmi_provider] C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6871 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe"
"C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe --type=crashpad-handler "--user-data-dir=C:\Users\Zealot\AppData\Local\wmi_provider\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Zealot\AppData\Local\wmi_provider\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Zealot\AppData\Local\wmi_provider\User Data\Crashpad" "--metrics-dir=C:\Users\Zealot\AppData\Local\wmi_provider\User Data" --annotation=plat=Win32 --annotation=prod=wmi_provider --annotation=ver= --initial-client-data=0x15c,0x160,0x164,0x158,0x168,0x722a0098,0x722a00a8,0x722a00b4
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe --type=crashpad-handler "--user-data-dir=C:\Users\Zealot\AppData\Local\wmi_provider\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Zealot\AppData\Local\wmi_provider\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=wmi_provider --annotation=ver= --initial-client-data=0xac,0xb0,0xb4,0xa8,0xb8,0xf6ca30,0xf6ca40,0xf6ca4c
"C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe" --type=gpu-process --field-trial-handle=336,18030782947520557554,17697351945891456817,131072 --no-sandbox --user-data-dir="C:\Users\Zealot\AppData\Local\wmi_provider\User Data" --nwapp-path="C:\Users\Zealot\AppData\Local\Temp\nw1364_1374" --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --user-data-dir="C:\Users\Zealot\AppData\Local\wmi_provider\User Data" --nwapp-path="C:\Users\Zealot\AppData\Local\Temp\nw1364_1374" --service-request-channel-token=5FF48EFA7EE5218190E4061A7A1EAE3D --mojo-platform-channel-handle=1176 /prefetch:2
"C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=336,18030782947520557554,17697351945891456817,131072 --service-pipe-token=C9C305B5CAD7E8D2EC8AAA852B394B7D --lang=cs --user-data-dir="C:\Users\Zealot\AppData\Local\wmi_provider\User Data" --nwapp-path="C:\Users\Zealot\AppData\Local\Temp\nw1364_1374" --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --service-request-channel-token=C9C305B5CAD7E8D2EC8AAA852B394B7D --renderer-client-id=3 --mojo-platform-channel-handle=1796 /prefetch:1
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
"C:\Program Files (x86)\Avira\Antivirus\avshadow.exe" avshadowcontrol0_00000a5c
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" /connectToHost
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.0.733441004\1427142484" -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\Zealot\AppData\Local\Temp" 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 1084 gpu
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.3.1555549012\670711368" -childID 1 -isForBrowser -prefsHandle 1572 -prefsLen 13949 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 1580 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.12.1922986967\1022955605" -childID 2 -isForBrowser -prefsHandle 1788 -prefsLen 13949 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 1800 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.20.1035204314\155438538" -childID 3 -isForBrowser -prefsHandle 2800 -prefsLen 17210 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 2792 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.27.1318856146\601677182" -childID 4 -isForBrowser -prefsHandle 3100 -prefsLen 17785 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 3140 tab
"C:\Users\Zealot\Desktop\RSITx64.exe"
"C:\Users\Zealot\Desktop\RSITx64.exe"
=========Mozilla firefox=========
ProfilePath - C:\Users\Zealot\AppData\Roaming\Mozilla\Firefox\Profiles\l8r4ojd3.default
prefs.js - "browser.startup.homepage" - "google.cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.181.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.181.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-12 582008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-12 245112]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-08-09 3206432]
"World of Tanks"=C:\Games\World_of_Tanks\WargamingGameUpdater.exe []
"wmi_provider"=C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe [2018-05-30 1446655]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"Avira SystrayStartTrigger"=C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2018-08-03 98024]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07 601424]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux5"=wdmaud.drv
"aux6"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-08-18 15:48:16 ----D---- C:\Program Files\trend micro
2018-08-18 15:48:14 ----D---- C:\rsit
2018-08-12 19:57:31 ----D---- C:\Users\Zealot\AppData\Roaming\Sun
2018-08-12 19:57:08 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2018-08-12 19:56:01 ----D---- C:\Program Files\Java
2018-08-12 19:44:53 ----D---- C:\Users\Zealot\AppData\Roaming\.minecraft
2018-08-11 22:21:14 ----D---- C:\Users\Zealot\AppData\Roaming\wmi_provider
2018-08-04 23:17:01 ----D---- C:\ProgramData\Oracle
======List of files/folders modified in the last 1 month======
2018-08-18 15:52:02 ----D---- C:\Windows\Temp
2018-08-18 15:48:28 ----D---- C:\Windows\Prefetch
2018-08-18 15:48:16 ----RD---- C:\Program Files
2018-08-18 15:22:12 ----D---- C:\Windows\system32\config
2018-08-18 15:11:05 ----D---- C:\Program Files (x86)\Steam
2018-08-18 15:09:50 ----D---- C:\ProgramData\NVIDIA
2018-08-14 23:18:15 ----D---- C:\ProgramData\Package Cache
2018-08-14 23:18:12 ----SHD---- C:\Windows\Installer
2018-08-12 20:26:45 ----SHD---- C:\System Volume Information
2018-08-12 20:03:22 ----D---- C:\Windows\system32\wdi
2018-08-12 19:58:11 ----D---- C:\Program Files (x86)\Common Files
2018-08-12 19:57:08 ----D---- C:\Windows\System32
2018-08-11 23:07:12 ----D---- C:\Windows\system32\Tasks
2018-08-11 19:37:46 ----D---- C:\Program Files\Mozilla Firefox
2018-08-11 19:37:46 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-05 18:21:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-08-05 18:21:54 ----D---- C:\Windows\inf
2018-08-04 23:17:01 ----HD---- C:\ProgramData
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 avdevprot;avdevprot; C:\Windows\system32\DRIVERS\avdevprot.sys [2018-08-14 73240]
R0 avusbflt;avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [2017-06-15 34128]
R0 IaNVMeF;IaNVMeF; C:\Windows\system32\drivers\IaNVMeF.sys [2016-11-04 35848]
R0 IaRNVMeF;IaRNVMeF; C:\Windows\system32\drivers\IaRNVMeF.sys [2016-01-22 36888]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3hcs.sys [2016-09-02 32264]
R0 ocztrimfilter;SSD Device Filter; C:\Windows\system32\drivers\ocztrimfilter.sys [2016-06-10 29064]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2017-01-08 12520]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2017-01-08 213736]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2018-07-08 153040]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2017-04-10 35328]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2014-12-21 40344]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2017-01-08 60416]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2018-07-08 199920]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2017-04-10 78600]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2017-05-19 226712]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-07-24 36864]
S3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\drivers\amdhub30.sys [2016-01-14 108768]
S3 amdhub31;AMD USB3.1 Hub Service; C:\Windows\system32\drivers\amdhub31.sys [2016-02-26 141528]
S3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\amdxhc.sys [2016-01-14 229088]
S3 amdxhc31;AMD XHCI Service; C:\Windows\system32\drivers\amdxhc31.sys [2016-02-26 440536]
S3 asmthub3;ASMedia USB3.1 Hub Service; C:\Windows\system32\drivers\asmthub3.sys [2016-12-06 150392]
S3 asmtxhci;ASMedia XHCI Service; C:\Windows\system32\drivers\asmtxhci.sys [2016-12-06 456056]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2014-02-12 65408]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver; C:\Windows\System32\Drivers\EtronSTOR.sys [2014-02-12 39296]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2014-02-12 94208]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\drivers\FLxHCIc.sys [2016-12-09 273392]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\drivers\FLxHCIh.sys [2016-12-09 88016]
S3 IaNVMe;IaNVMe; C:\Windows\system32\drivers\IaNVMe.sys [2016-11-04 113160]
S3 IaRNVMe;IaRNVMe; C:\Windows\system32\drivers\IaRNVMe.sys [2016-01-22 592408]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3hub.sys [2016-09-02 410120]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3xhc.sys [2016-09-02 823816]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2012-08-27 107912]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2012-08-27 226696]
S3 ocznvme;ocznvme; C:\Windows\system32\drivers\ocznvme.sys [2016-06-10 99592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2017-01-08 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0); C:\Windows\system32\drivers\rusb3hub.sys [2012-08-27 114568]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0); C:\Windows\system32\drivers\rusb3xhc.sys [2012-08-27 230280]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2009-09-21 127488]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2009-09-21 18944]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2009-09-21 161280]
S3 stornvme;stornvme; C:\Windows\system32\drivers\stornvme.sys [2017-01-08 50408]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2017-01-08 29696]
S3 tihub3;TI USB3 Hub Service; C:\Windows\system32\drivers\tihub3.sys [2016-05-12 145904]
S3 tilfilter;TI xHCI Lower Filter Driver Service; C:\Windows\system32\drivers\TIxHCIlfilter.sys [2015-02-11 17672]
S3 tiufilter;TI xHCI Upper Filter Driver Service; C:\Windows\system32\drivers\TIxHCIufilter.sys [2015-02-11 23304]
S3 tixhci;TI XHCI Service; C:\Windows\system32\drivers\tixhci.sys [2016-05-12 422392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2017-01-08 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2017-01-08 29696]
S3 VUSB3HUB;VIA USB 3 Root Hub Service; C:\Windows\system32\drivers\ViaHub3.sys [2015-08-20 221696]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2017-01-08 42496]
S3 xhcdrv;VIA USB eXtensible Host Controller Service; C:\Windows\system32\drivers\xhcdrv.sys [2015-08-20 294912]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2018-08-14 231176]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\Antivirus\sched.exe [2018-08-14 231176]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2018-08-03 431144]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2017-01-08 27136]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-05-01 462968]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2018-08-14 890896]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2018-08-14 1148568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-04-16 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-08-10 194512]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-08-09 1683744]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-01-08 1255736]
S3 WiaRpc;@%SystemRoot%\system32\wiarpc.dll,-2; C:\Windows\system32\svchost.exe [2017-01-08 27136]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
-----------------EOF-----------------
Děkuji mnohokrát
Svoboda R.
moc prosím o kontrolu logu, Avira si s tím chudák nějak nemůže poradit a stále mi spouští scan disku - zřejmě to chytila Mozilla do sebe.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Zealot at 2018-08-18 15:51:56
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 51 GB (21%) free of 238 GB
Total RAM: 6142 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:52:08, on 18.8.2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18666)
Boot mode: Normal
Running processes:
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files\trend micro\Zealot.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [World of Tanks] "C:\Games\World_of_Tanks\WargamingGameUpdater.exe"
O4 - HKCU\..\Run: [wmi_provider] C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6871 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -f "C:\ProgramData\NVIDIA\DisplaySessionContainer%d.log" -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\Session" -r -l 3 -p 30000 -c
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\Antivirus\sched.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe"
"C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe --type=crashpad-handler "--user-data-dir=C:\Users\Zealot\AppData\Local\wmi_provider\User Data" /prefetch:7 --monitor-self --monitor-self-argument=--type=crashpad-handler "--monitor-self-argument=--user-data-dir=C:\Users\Zealot\AppData\Local\wmi_provider\User Data" --monitor-self-argument=/prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Zealot\AppData\Local\wmi_provider\User Data\Crashpad" "--metrics-dir=C:\Users\Zealot\AppData\Local\wmi_provider\User Data" --annotation=plat=Win32 --annotation=prod=wmi_provider --annotation=ver= --initial-client-data=0x15c,0x160,0x164,0x158,0x168,0x722a0098,0x722a00a8,0x722a00b4
C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe --type=crashpad-handler "--user-data-dir=C:\Users\Zealot\AppData\Local\wmi_provider\User Data" /prefetch:7 --no-periodic-tasks --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Zealot\AppData\Local\wmi_provider\User Data\Crashpad" --annotation=plat=Win32 --annotation=prod=wmi_provider --annotation=ver= --initial-client-data=0xac,0xb0,0xb4,0xa8,0xb8,0xf6ca30,0xf6ca40,0xf6ca4c
"C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe" --type=gpu-process --field-trial-handle=336,18030782947520557554,17697351945891456817,131072 --no-sandbox --user-data-dir="C:\Users\Zealot\AppData\Local\wmi_provider\User Data" --nwapp-path="C:\Users\Zealot\AppData\Local\Temp\nw1364_1374" --gpu-preferences=KAAAAAAAAACAAwDAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --user-data-dir="C:\Users\Zealot\AppData\Local\wmi_provider\User Data" --nwapp-path="C:\Users\Zealot\AppData\Local\Temp\nw1364_1374" --service-request-channel-token=5FF48EFA7EE5218190E4061A7A1EAE3D --mojo-platform-channel-handle=1176 /prefetch:2
"C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe" --type=renderer --no-sandbox --no-zygote --field-trial-handle=336,18030782947520557554,17697351945891456817,131072 --service-pipe-token=C9C305B5CAD7E8D2EC8AAA852B394B7D --lang=cs --user-data-dir="C:\Users\Zealot\AppData\Local\wmi_provider\User Data" --nwapp-path="C:\Users\Zealot\AppData\Local\Temp\nw1364_1374" --nwjs --extension-process --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --blink-settings=cssExternalScannerNoPreload=false,cssExternalScannerPreload=true --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-checker-imaging --service-request-channel-token=C9C305B5CAD7E8D2EC8AAA852B394B7D --renderer-client-id=3 --mojo-platform-channel-handle=1796 /prefetch:1
"C:\Program Files (x86)\Avira\Antivirus\avguard.exe"
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe"
"C:\Program Files (x86)\Avira\Antivirus\avshadow.exe" avshadowcontrol0_00000a5c
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Avira\Antivirus\avgnt.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe" /connectToHost
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.0.733441004\1427142484" -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\Zealot\AppData\Local\Temp" 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 1084 gpu
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.3.1555549012\670711368" -childID 1 -isForBrowser -prefsHandle 1572 -prefsLen 13949 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 1580 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.12.1922986967\1022955605" -childID 2 -isForBrowser -prefsHandle 1788 -prefsLen 13949 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 1800 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.20.1035204314\155438538" -childID 3 -isForBrowser -prefsHandle 2800 -prefsLen 17210 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 2792 tab
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2852.27.1318856146\601677182" -childID 4 -isForBrowser -prefsHandle 3100 -prefsLen 17785 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 2852 "\\.\pipe\gecko-crash-server-pipe.2852" 3140 tab
"C:\Users\Zealot\Desktop\RSITx64.exe"
"C:\Users\Zealot\Desktop\RSITx64.exe"
=========Mozilla firefox=========
ProfilePath - C:\Users\Zealot\AppData\Roaming\Mozilla\Firefox\Profiles\l8r4ojd3.default
prefs.js - "browser.startup.homepage" - "google.cz"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 25.0.0.171 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=11.181.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre1.8.0_181\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=11.181.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.8.0_181\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll [2018-08-12 582008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll [2018-08-12 245112]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2018-08-09 3206432]
"World of Tanks"=C:\Games\World_of_Tanks\WargamingGameUpdater.exe []
"wmi_provider"=C:\Users\Zealot\AppData\Roaming\wmi_provider\wmi_provider.exe [2018-05-30 1446655]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"=C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"Avira SystrayStartTrigger"=C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [2018-08-03 98024]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2018-07-07 601424]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux5"=wdmaud.drv
"aux6"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-08-18 15:48:16 ----D---- C:\Program Files\trend micro
2018-08-18 15:48:14 ----D---- C:\rsit
2018-08-12 19:57:31 ----D---- C:\Users\Zealot\AppData\Roaming\Sun
2018-08-12 19:57:08 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2018-08-12 19:56:01 ----D---- C:\Program Files\Java
2018-08-12 19:44:53 ----D---- C:\Users\Zealot\AppData\Roaming\.minecraft
2018-08-11 22:21:14 ----D---- C:\Users\Zealot\AppData\Roaming\wmi_provider
2018-08-04 23:17:01 ----D---- C:\ProgramData\Oracle
======List of files/folders modified in the last 1 month======
2018-08-18 15:52:02 ----D---- C:\Windows\Temp
2018-08-18 15:48:28 ----D---- C:\Windows\Prefetch
2018-08-18 15:48:16 ----RD---- C:\Program Files
2018-08-18 15:22:12 ----D---- C:\Windows\system32\config
2018-08-18 15:11:05 ----D---- C:\Program Files (x86)\Steam
2018-08-18 15:09:50 ----D---- C:\ProgramData\NVIDIA
2018-08-14 23:18:15 ----D---- C:\ProgramData\Package Cache
2018-08-14 23:18:12 ----SHD---- C:\Windows\Installer
2018-08-12 20:26:45 ----SHD---- C:\System Volume Information
2018-08-12 20:03:22 ----D---- C:\Windows\system32\wdi
2018-08-12 19:58:11 ----D---- C:\Program Files (x86)\Common Files
2018-08-12 19:57:08 ----D---- C:\Windows\System32
2018-08-11 23:07:12 ----D---- C:\Windows\system32\Tasks
2018-08-11 19:37:46 ----D---- C:\Program Files\Mozilla Firefox
2018-08-11 19:37:46 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2018-08-05 18:21:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2018-08-05 18:21:54 ----D---- C:\Windows\inf
2018-08-04 23:17:01 ----HD---- C:\ProgramData
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 avdevprot;avdevprot; C:\Windows\system32\DRIVERS\avdevprot.sys [2018-08-14 73240]
R0 avusbflt;avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [2017-06-15 34128]
R0 IaNVMeF;IaNVMeF; C:\Windows\system32\drivers\IaNVMeF.sys [2016-11-04 35848]
R0 IaRNVMeF;IaRNVMeF; C:\Windows\system32\drivers\IaRNVMeF.sys [2016-01-22 36888]
R0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3hcs.sys [2016-09-02 32264]
R0 ocztrimfilter;SSD Device Filter; C:\Windows\system32\drivers\ocztrimfilter.sys [2016-06-10 29064]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2017-01-08 12520]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2017-01-08 213736]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2018-07-08 153040]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2017-04-10 35328]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2014-12-21 40344]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2017-01-08 60416]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2018-07-08 199920]
R2 avnetflt;avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [2017-04-10 78600]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2017-05-19 226712]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2013-07-24 36864]
S3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\drivers\amdhub30.sys [2016-01-14 108768]
S3 amdhub31;AMD USB3.1 Hub Service; C:\Windows\system32\drivers\amdhub31.sys [2016-02-26 141528]
S3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\amdxhc.sys [2016-01-14 229088]
S3 amdxhc31;AMD XHCI Service; C:\Windows\system32\drivers\amdxhc31.sys [2016-02-26 440536]
S3 asmthub3;ASMedia USB3.1 Hub Service; C:\Windows\system32\drivers\asmthub3.sys [2016-12-06 150392]
S3 asmtxhci;ASMedia XHCI Service; C:\Windows\system32\drivers\asmtxhci.sys [2016-12-06 456056]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2014-02-12 65408]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver; C:\Windows\System32\Drivers\EtronSTOR.sys [2014-02-12 39296]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2014-02-12 94208]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver; C:\Windows\system32\drivers\FLxHCIc.sys [2016-12-09 273392]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver; C:\Windows\system32\drivers\FLxHCIh.sys [2016-12-09 88016]
S3 IaNVMe;IaNVMe; C:\Windows\system32\drivers\IaNVMe.sys [2016-11-04 113160]
S3 IaRNVMe;IaRNVMe; C:\Windows\system32\drivers\IaRNVMe.sys [2016-01-22 592408]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3hub.sys [2016-09-02 410120]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0; C:\Windows\system32\drivers\iusb3xhc.sys [2016-09-02 823816]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2012-08-27 107912]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2012-08-27 226696]
S3 ocznvme;ocznvme; C:\Windows\system32\drivers\ocznvme.sys [2016-06-10 99592]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2017-01-08 19456]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0); C:\Windows\system32\drivers\rusb3hub.sys [2012-08-27 114568]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0); C:\Windows\system32\drivers\rusb3xhc.sys [2012-08-27 230280]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\Windows\system32\DRIVERS\ss_bus.sys [2009-09-21 127488]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\Windows\system32\DRIVERS\ss_mdfl.sys [2009-09-21 18944]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\Windows\system32\DRIVERS\ss_mdm.sys [2009-09-21 161280]
S3 stornvme;stornvme; C:\Windows\system32\drivers\stornvme.sys [2017-01-08 50408]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2017-01-08 29696]
S3 tihub3;TI USB3 Hub Service; C:\Windows\system32\drivers\tihub3.sys [2016-05-12 145904]
S3 tilfilter;TI xHCI Lower Filter Driver Service; C:\Windows\system32\drivers\TIxHCIlfilter.sys [2015-02-11 17672]
S3 tiufilter;TI xHCI Upper Filter Driver Service; C:\Windows\system32\drivers\TIxHCIufilter.sys [2015-02-11 23304]
S3 tixhci;TI XHCI Service; C:\Windows\system32\drivers\tixhci.sys [2016-05-12 422392]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2017-01-08 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2017-01-08 29696]
S3 VUSB3HUB;VIA USB 3 Root Hub Service; C:\Windows\system32\drivers\ViaHub3.sys [2015-08-20 221696]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2017-01-08 42496]
S3 xhcdrv;VIA USB eXtensible Host Controller Service; C:\Windows\system32\drivers\xhcdrv.sys [2015-08-20 294912]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [2018-08-14 231176]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\Antivirus\sched.exe [2018-08-14 231176]
R2 Avira.ServiceHost;Avira Service Host; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [2018-08-03 431144]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2017-01-08 27136]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-05-01 462968]
S2 AntiVirMailService;Avira Mail Protection; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [2018-08-14 890896]
S2 AntiVirWebService;Avira Web Protection; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [2018-08-14 1148568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2015-11-05 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2015-11-05 125112]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-04-16 116224]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2018-08-10 194512]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2018-08-09 1683744]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2017-01-08 1255736]
S3 WiaRpc;@%SystemRoot%\system32\wiarpc.dll,-2; C:\Windows\system32\svchost.exe [2017-01-08 27136]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2015-11-05 51376]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2015-11-05 135848]
-----------------EOF-----------------
Děkuji mnohokrát
Svoboda R.
