Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Nadměrné vytížení procesoru procesem msewcm.exe

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
nom
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 bře 2008 19:22
Bydliště: Kroměříž (ZL)

Nadměrné vytížení procesoru procesem msewcm.exe

#1 Příspěvek od nom »

Dobrý den,
mám problém proces msewcm.exe vytěžuje procesor na 100% + jsou zde ještě drobné problémy z načítáním webových stránek(načte se jednou z 5ti pokusů +-).
Proto prosím o kontrolu logu a případnou radu.
Logfile of random's system information tool 1.08 (written by random/random)
Run by monika at 2014-08-16 13:08:24
Microsoft Windows 7 Home Premium
System drive C: has 48 GB (12%) free of 410 GB
Total RAM: 3532 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:08:30, on 16.8.2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
C:\Users\monika\AppData\Local\Akamai\netsession_win.exe
C:\Users\monika\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\monika\AppData\Local\VNT\vntldr.exe
C:\Windows\inf\msewcm\msewcm.exe
C:\Windows\SysWOW64\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\monika.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A& ... 81-215&t=4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NtVdmSrv] C:\Windows\inf\ntvdm.vbe
O4 - HKLM\..\Run: [VNT] "C:\Program Files (x86)\VNT\vntldr.exe"
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [MSStp] C:\Windows\system32\msstp.vbe
O4 - HKLM\..\Run: [mncgxxiqqSrv] C:\Windows\inf\mncgxxiqq.vbe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\monika\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\monika\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [AdobeChk] C:\Users\monika\AppData\Roaming\AdobeChk\chk.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: Datamngr Coordinator (DatamngrCoordinator) - Unknown owner - C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10122 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update outobox - Unknown owner - C:\Program Files (x86)\outobox\updateoutobox.exe
O23 - Service: Util outobox - Unknown owner - C:\Program Files (x86)\outobox\bin\utiloutobox.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9608 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe" KMPProcess
"taskhost.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Users\monika\AppData\Local\Akamai\netsession_win.exe"
"C:/Users/monika/AppData/Local/Akamai/netsession_win.exe" --client
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
"C:\Users\monika\AppData\Local\VNT\vntldr.exe" /EXEC
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\inf\msewcm\msewcm.exe -o stratum+tcp://mint.bitminter.com:3333 -u pastan_protein -p worker
\??\C:\Windows\system32\conhost.exe
taskmgr
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4072.0.1840320313\717219865" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,16 --disable-accelerated-video-decode --gpu-vendor-id=0x1002 --gpu-device-id=0x9992 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.947.1.1000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe"
"C:\Windows\system32\wuauclt.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="4072.24.175955226\2056080140" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="4072.28.1074040936\1794944145" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4072.29.1967146285\1904052934" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="4072.31.1745216559\1525391033" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Most Likely with Kodachrome/EmbeddedSearch/Group8 pct:10h stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionInstallVerification/Enforce/FlashHardwareVideoDecode/HwVideo/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A8_Stable_R2/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --disable-accelerated-video-decode --channel="4072.44.88563003\1551272940" /prefetch:673131151
taskhost.exe $(Arg0)
"C:\Users\monika\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-08-30 553896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-08-30 211880]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2012-11-12 1664000]
"NUSB3MON"=C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [2012-04-11 97280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]
"Akamai NetSession Interface"=C:\Users\monika\AppData\Local\Akamai\netsession_win.exe [2014-04-17 4672920]
"NextLive"=C:\Windows\SysWOW64\rundll32.exe [2009-07-14 44544]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-10-28 3675352]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-24 21650016]
"AdobeChk"=C:\Users\monika\AppData\Roaming\AdobeChk\chk.exe [2014-07-22 126464]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-08 630952]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-09-19 371976]
"ApnTBMon"=C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2014-07-31 1957784]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
"NtVdmSrv"=C:\Windows\inf\ntvdm.vbe [2013-06-20 1219]
"VNT"=C:\Program Files (x86)\VNT\vntldr.exe [2014-06-14 196504]
"KBD"=C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [2008-07-21 12288]
"MSStp"=C:\Windows\system32\msstp.vbe []
"mncgxxiqqSrv"=C:\Windows\inf\mncgxxiqq.vbe [2014-01-19 1342]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger="tasklist.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2014-08-16 13:08:25 ----D---- C:\Program Files\trend micro
2014-08-16 13:08:24 ----D---- C:\rsit
2014-07-27 13:54:49 ----D---- C:\Program Files (x86)\Steam

======List of files/folders modified in the last 1 months======

2014-08-16 13:08:30 ----D---- C:\Windows\Prefetch
2014-08-16 13:08:26 ----D---- C:\Windows\Temp
2014-08-16 13:08:25 ----RD---- C:\Program Files
2014-08-16 13:08:20 ----D---- C:\Users\monika\AppData\Roaming\Skype
2014-08-16 13:02:40 ----D---- C:\Windows
2014-08-16 13:02:38 ----D---- C:\Windows\inf
2014-08-16 13:01:51 ----D---- C:\Users\monika\AppData\Roaming\DAEMON Tools Lite
2014-08-16 12:53:35 ----D---- C:\Windows\system32\config
2014-08-16 12:44:05 ----D---- C:\Users\monika\AppData\Roaming\newnext.me
2014-08-16 12:42:24 ----A---- C:\Windows\SYSWOW64\bscs.ini
2014-08-16 06:38:03 ----A---- C:\Windows\win.ini
2014-08-15 14:39:46 ----D---- C:\Program Files (x86)\The KMPlayer
2014-08-15 08:17:26 ----SHD---- C:\Windows\Installer
2014-08-15 08:14:56 ----D---- C:\Windows\SysWOW64
2014-08-11 12:51:13 ----D---- C:\Program Files (x86)\Common Files
2014-08-11 12:49:46 ----D---- C:\ProgramData\Skype
2014-08-09 15:32:10 ----D---- C:\Windows\System32
2014-08-09 15:32:10 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-08-07 13:50:14 ----D---- C:\Program Files (x86)\VNT
2014-08-01 08:53:08 ----RD---- C:\Program Files (x86)\Skype
2014-08-01 08:52:48 ----D---- C:\Windows\system32\catroot2
2014-07-28 12:34:34 ----SHD---- C:\System Volume Information
2014-07-27 13:54:49 ----RD---- C:\Program Files (x86)

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2012-02-01 31872]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 {1a147621-8c9a-4d6b-a557-6513a40d3207}w64;{1a147621-8c9a-4d6b-a557-6513a40d3207}w64; C:\Windows\system32\drivers\{1a147621-8c9a-4d6b-a557-6513a40d3207}w64.sys [2014-04-24 61112]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-02-01 283064]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\amdhub30.sys [2012-11-29 107688]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-08 10832896]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-07-08 328192]
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\amdxhc.sys [2012-11-29 228008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2012-07-05 1874016]
R3 rtbth;RTBTH Bluetooth Device Driver; C:\Windows\system32\DRIVERS\rtbth.sys [2012-10-02 692832]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2012-04-12 708200]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10322; C:\Windows\system32\DRIVERS\stwrt64.sys [2012-11-12 543744]
S3 athr;Atheros – ovladač pro zařízení pro rozšiřitelnou bezdrátovou síť LAN; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
S3 BCM43XX;Broadcom 802.11 – ovladač síťového adaptéru; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-10-02 48608]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\efe5b32e.sys [2009-06-10 192256]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTL8168;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2012-06-12 683664]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-07-08 235520]
R2 APNMCP;Ask Update Service; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2014-06-14 165784]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-09-26 1612552]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
R2 PanService;PandoraService; C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [2013-07-08 1922600]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10122; C:\Program Files\IDT\WDM\STacSV64.exe [2012-11-12 327680]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-09-19 146184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 DatamngrCoordinator;Datamngr Coordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Update outobox;Update outobox; C:\Program Files (x86)\outobox\updateoutobox.exe [2014-08-15 323352]
S2 Util outobox;Util outobox; C:\Program Files (x86)\outobox\bin\utiloutobox.exe [2014-08-15 323352]
S3 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2013-10-12 85096]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28 116648]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-02-08 569024]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119395
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#2 Příspěvek od Rudy »

Zdravím!
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
nom
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 bře 2008 19:22
Bydliště: Kroměříž (ZL)

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#3 Příspěvek od nom »

ComboFix 14-08-15.01 - monika 16.08.2014 13:39:30.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3532.2300 [GMT 2:00]
Spuštěný z: c:\users\monika\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\monika\AppData\Local\assembly\tmp
c:\windows\inf\ntvdm.vbe
c:\windows\SysWow64\msstp.vbe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-16 do 2014-08-16 )))))))))))))))))))))))))))))))
.
.
2014-08-16 11:44 . 2014-08-16 11:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-16 11:08 . 2014-08-16 11:08 -------- d-----w- c:\program files\trend micro
2014-08-16 11:08 . 2014-08-16 11:08 -------- d-----w- C:\rsit
2014-08-11 10:51 . 2014-08-11 10:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-07-27 11:54 . 2014-07-27 11:54 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-07-27 11:54 . 2014-08-16 11:01 -------- d-----w- c:\program files (x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"Akamai NetSession Interface"="c:\users\monika\AppData\Local\Akamai\netsession_win.exe" [2014-04-17 4672920]
"NextLive"="c:\users\monika\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"AdobeChk"="c:\users\monika\AppData\Roaming\AdobeChk\chk.exe" [2014-07-22 126464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-08 630952]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 371976]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-07-31 1957784]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"VNT"="c:\program files (x86)\VNT\vntldr.exe" [2014-06-14 196504]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"mncgxxiqqSrv"="c:\windows\inf\mncgxxiqq.vbe" [2014-01-19 1342]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DatamngrCoordinator;Datamngr Coordinator;c:\program files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe;c:\program files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S1 {1a147621-8c9a-4d6b-a557-6513a40d3207}w64;{1a147621-8c9a-4d6b-a557-6513a40d3207}w64;c:\windows\system32\drivers\{1a147621-8c9a-4d6b-a557-6513a40d3207}w64.sys;c:\windows\SYSNATIVE\drivers\{1a147621-8c9a-4d6b-a557-6513a40d3207}w64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
S2 Update outobox;Update outobox;c:\program files (x86)\outobox\updateoutobox.exe;c:\program files (x86)\outobox\updateoutobox.exe [x]
S2 Util outobox;Util outobox;c:\program files (x86)\outobox\bin\utiloutobox.exe;c:\program files (x86)\outobox\bin\utiloutobox.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 11:58 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28 18:15]
.
2014-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-28 18:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-12 1664000]
"NUSB3MON"="c:\program files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 97280]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?o=APN10645A&gct=hp& ... 81-215&t=4
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 10.0.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-NtVdmSrv - c:\windows\inf\ntvdm.vbe
Wow6432Node-HKLM-Run-MSStp - c:\windows\system32\msstp.vbe
Toolbar-10 - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\PANDORA.TV\PanService\KMPProcess.exe
c:\windows\SysWOW64\WScript.exe
c:\users\monika\AppData\Local\VNT\vntldr.exe
c:\program files (x86)\outobox\bin\outobox.BrowserAdapter.exe
c:\windows\SysWOW64\taskmgr.exe
c:\windows\inf\mncgxxiqq\mncgxxiqq.exe
c:\windows\SysWOW64\WerFault.exe
.
**************************************************************************
.
Celkový čas: 2014-08-16 13:51:18 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-16 11:51
.
Před spuštěním: Volných bajtů: 50 082 959 360
Po spuštění: Volných bajtů: 49 536 532 480
.
- - End Of File - - 393076A89796BCABCE48EAD4910EC0F3
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119395
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#4 Příspěvek od Rudy »

Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Folder::
c:\users\monika\AppData\Local\Akamai
c:\program files (x86)\AskPartnerNetwork

Collect::
c:\windows\inf\mncgxxiqq.vbe

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ApnTBMon"=-
"mncgxxiqqSrv"=-

Driver::
c2cautoupdatesvc
c2cpnrsvc

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
nom
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 bře 2008 19:22
Bydliště: Kroměříž (ZL)

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#5 Příspěvek od nom »

ComboFix 14-08-15.01 - monika 16.08.2014 18:07:29.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.3532.2298 [GMT 2:00]
Spuštěný z: c:\users\monika\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\monika\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AskPartnerNetwork
c:\program files (x86)\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe
c:\program files (x86)\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaipkbmjkakicapiinmamgjlkaeehh.json
c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\1031.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\1033.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\1034.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\1036.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\1040.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\1041.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\1043.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\1045.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\1049.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\2070.mst
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_KMPV7@apn.ask.com.xpi
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\AskToolbarInstaller-12.10.0_KMPV7.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\AskToolbarInstaller-12.10.2_KMPV7.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\AskToolbarInstaller-12.10.3_KMPV7.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\AskToolbarInstaller-12.10.6_KMPV7.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\AskToolbarInstaller-12.15.0_KMPV7.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\AskToolbarInstaller-12.15.5_KMPV7.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\AskToolbarInstaller-12.3.0_KMPV7.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\AskToolbarInstaller-12.5.1_KMPV7.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\AskToolbarInstaller-12.6.0_KMPV7.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\AskToolbarInstaller-12.7.0_KMPV7.msi
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\ToolbarCR.crx
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\Update.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\ChromeUtils\com.apn.native_messaging_host_aaaaipkbmjkakicapiinmamgjlkaeehh.json
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID}\Passport_x64.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\searchhook.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\SO.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\TBCOffer\TBCOffer.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\TBCOffer\TBCSO.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\toolbar.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\toolbar_x64.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\ToolbarPS.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID}\config.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\VNT\content.zip
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\VNT\vntldr.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\KMPV7\Source\program files\VNT\vntsrv.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\TBCOffer\TBCOffer.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\TBCOffer\TBCSO.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\ask-search.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrv_x64.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC\IdcSrvStub_x64.dll
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\KMPV7\config.xml
c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
c:\users\monika\AppData\Local\Akamai
c:\users\monika\AppData\Local\Akamai\admintool.exe
c:\users\monika\AppData\Local\Akamai\client.ini
c:\users\monika\AppData\Local\Akamai\ControlPanel.exe
c:\users\monika\AppData\Local\Akamai\CplTasks.xml
c:\users\monika\AppData\Local\Akamai\euc_state.json
c:\users\monika\AppData\Local\Akamai\extraroot.pem
c:\users\monika\AppData\Local\Akamai\guid.ini
c:\users\monika\AppData\Local\Akamai\installer.txt
c:\users\monika\AppData\Local\Akamai\installer_no_upload_silent.exe
c:\users\monika\AppData\Local\Akamai\Languages\csy.dll
c:\users\monika\AppData\Local\Akamai\Languages\dan.dll
c:\users\monika\AppData\Local\Akamai\Languages\deu.dll
c:\users\monika\AppData\Local\Akamai\Languages\esp.dll
c:\users\monika\AppData\Local\Akamai\Languages\fin.dll
c:\users\monika\AppData\Local\Akamai\Languages\fra.dll
c:\users\monika\AppData\Local\Akamai\Languages\chs.dll
c:\users\monika\AppData\Local\Akamai\Languages\cht.dll
c:\users\monika\AppData\Local\Akamai\Languages\ita.dll
c:\users\monika\AppData\Local\Akamai\Languages\jpn.dll
c:\users\monika\AppData\Local\Akamai\Languages\kor.dll
c:\users\monika\AppData\Local\Akamai\Languages\nld.dll
c:\users\monika\AppData\Local\Akamai\Languages\nor.dll
c:\users\monika\AppData\Local\Akamai\Languages\plk.dll
c:\users\monika\AppData\Local\Akamai\Languages\ptb.dll
c:\users\monika\AppData\Local\Akamai\Languages\ptg.dll
c:\users\monika\AppData\Local\Akamai\Languages\rus.dll
c:\users\monika\AppData\Local\Akamai\Languages\sve.dll
c:\users\monika\AppData\Local\Akamai\Languages\trk.dll
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140809_192758.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140810_043713.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140810_051931.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140810_104555.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140810_201520.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140811_065820.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140811_071540.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140811_104702.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140811_141840.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140811_173126.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140811_200756.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140812_061317.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140812_203618.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140813_062728.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140814_035419.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140814_041112.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140814_113149.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140814_211550.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140815_061156.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140815_190618.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140816_043841.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140816_054009.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140816_104345.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon.debug.log.140816_114626.sent
c:\users\monika\AppData\Local\Akamai\Logs\daemon1.debug.log
c:\users\monika\AppData\Local\Akamai\Logs\debug.log
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140809_155538.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140809_165539.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140809_175539.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140809_185539.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140809_192758.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_043729.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_051930.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_104604.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_114604.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_124605.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_134605.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_144605.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_154606.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_164606.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_174607.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_184607.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_194608.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140810_201519.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140811_065829.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140811_071539.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140811_104711.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140811_114711.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140811_124712.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140811_134712.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140811_141840.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140811_173137.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140811_184438.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140811_194436.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140811_200755.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140812_061328.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140812_084219.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140812_094220.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140812_111237.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140812_131340.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140812_155429.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140812_165722.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140812_175723.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140812_185723.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140812_195724.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140812_203617.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_062739.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_100522.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_110522.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_120522.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_130523.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_140524.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_150524.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_160524.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_170524.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_181635.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_191635.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140813_193500.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_035429.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_041112.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_113159.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_123200.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_133200.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_143201.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_153201.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_163202.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_173202.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_183202.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_210400.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140814_211549.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_061216.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_071216.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_083450.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_093541.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_103541.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_113542.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_123542.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_133543.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_143544.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_153544.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_163545.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_173546.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_183546.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140815_190615.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140816_043857.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140816_053858.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140816_054009.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140816_104354.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140816_114636.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140816_131600.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140816_141601.sent
c:\users\monika\AppData\Local\Akamai\Logs\debug.log.140816_151602.sent
c:\users\monika\AppData\Local\Akamai\netsession_installer.exe
c:\users\monika\AppData\Local\Akamai\netsession_win.exe
c:\users\monika\AppData\Local\Akamai\readme.txt
c:\users\monika\AppData\Local\Akamai\root.pem
c:\users\monika\AppData\Local\Akamai\rswinui.exe
c:\users\monika\AppData\Local\Akamai\uninstall.exe
c:\users\monika\AppData\Local\Akamai\user.dat
c:\windows\inf\mncgxxiqq.vbe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_c2cautoupdatesvc
-------\Service_c2cpnrsvc
-------\Service_APNMCP
-------\Service_APNMCP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-16 do 2014-08-16 )))))))))))))))))))))))))))))))
.
.
2014-08-16 16:17 . 2014-08-16 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-16 11:08 . 2014-08-16 11:08 -------- d-----w- c:\program files\trend micro
2014-08-16 11:08 . 2014-08-16 11:08 -------- d-----w- C:\rsit
2014-08-11 10:51 . 2014-08-11 10:51 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-07-27 11:54 . 2014-07-27 11:54 -------- d-----w- c:\program files (x86)\Common Files\Steam
2014-07-27 11:54 . 2014-08-16 11:01 -------- d-----w- c:\program files (x86)\Steam
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NextLive"="c:\users\monika\AppData\Roaming\newnext.me\nengine.dll" [2013-11-14 1283584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-10-28 3675352]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"AdobeChk"="c:\users\monika\AppData\Roaming\AdobeChk\chk.exe" [2014-07-22 126464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-08 630952]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 371976]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"VNT"="c:\program files (x86)\VNT\vntldr.exe" [2014-06-14 196504]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DatamngrCoordinator;Datamngr Coordinator;c:\program files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe;c:\program files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S1 {1a147621-8c9a-4d6b-a557-6513a40d3207}w64;{1a147621-8c9a-4d6b-a557-6513a40d3207}w64;c:\windows\system32\drivers\{1a147621-8c9a-4d6b-a557-6513a40d3207}w64.sys;c:\windows\SYSNATIVE\drivers\{1a147621-8c9a-4d6b-a557-6513a40d3207}w64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]
S2 Update outobox;Update outobox;c:\program files (x86)\outobox\updateoutobox.exe;c:\program files (x86)\outobox\updateoutobox.exe [x]
S2 Util outobox;Util outobox;c:\program files (x86)\outobox\bin\utiloutobox.exe;c:\program files (x86)\outobox\bin\utiloutobox.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-15 11:58 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-11-12 1664000]
"NUSB3MON"="c:\program files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 97280]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?o=APN10645A&gct=hp& ... 81-215&t=4
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 10.0.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-10 - (no file)
AddRemove-Akamai - c:\users\monika\AppData\Local\Akamai\uninstall.exe
.
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\PANDORA.TV\PanService\KMPProcess.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\users\monika\AppData\Local\VNT\vntldr.exe
c:\program files (x86)\outobox\bin\outobox.BrowserAdapter.exe
.
**************************************************************************
.
Celkový čas: 2014-08-16 18:39:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-16 16:39
ComboFix2.txt 2014-08-16 11:51
.
Před spuštěním: Volných bajtů: 60 023 930 880
Po spuštění: Volných bajtů: 59 664 752 640
.
- - End Of File - - 9F3F28ABA941904DBDA589C11439DE8D
A36C5E4F47E84449FF07ED3517B43A31
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119395
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#6 Příspěvek od Rudy »

Smazáno. CF odinstalujte pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe . Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
nom
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 bře 2008 19:22
Bydliště: Kroměříž (ZL)

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#7 Příspěvek od nom »

Combofix odstraněn,ale jedná se o sestřin počítač nechám ji to vyzkoušet a zítra ještě napíšu. No ještě jsem si teď všiml ,že se zobrazuje reklama označena jako outobox Ads . Nevím o co se jedná, ale určitě by se neměla zobrazovat na vašem webu asi se jedná o něco v prohlížeči.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119395
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#8 Příspěvek od Rudy »

Ještě spusťte tyto utility (postupně):

1.
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
a

2.
Stáhněte Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
-Uložte program na plochu a spusťte . Pak se zobrazí se licenční podminky - potvrďte start libovolnou klávesou.
- vytvoří se záloha a proběhne skenování.
Po skončení skenování na Vás vyběhne log (bude uložen v c:\JRT jako JRT.txt) - zkopírujte jej sem
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
nom
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 bře 2008 19:22
Bydliště: Kroměříž (ZL)

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#9 Příspěvek od nom »

1.

AutoIt Error
Line 3276 (File "C:\Users\monika\Desktop\adwcleaner_3.306.exe"):
Error: Array variable has incorrect number of subscripts or subscript dimension range exceeded.

2.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by monika on ne 17.08.2014 at 9:33:57,13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nextlive
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3973969844-4267508288-1205472980-1000\Software\Microsoft\Internet Explorer\Main\\Start Page



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividmediabar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividmediabar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\KMPAskPIPCount_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\KMPAskPIPCount_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r1032-n-bc (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r1032-n-bc (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r400-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r400-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SetupDataMngr_iLivid_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SetupDataMngr_iLivid_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\KMPAskPIPCount_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\KMPAskPIPCount_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r1032-n-bc (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r1032-n-bc (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r400-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r400-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_iLivid_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SetupDataMngr_iLivid_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C664121D-0F8E-4969-B0DC-6853E3987217}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\monika\AppData\Roaming\newnext.me"
Successfully deleted: [Folder] "C:\Users\monika\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\monika\appdata\locallow\searchresultstb"
Successfully deleted: [Folder] "C:\Program Files (x86)\mobogenie"
Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Failed to delete: [Folder] "C:\Program Files (x86)\outobox"
Successfully deleted: [Folder] "C:\ProgramData\AskPartnerNetwork"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 17.08.2014 at 9:40:44,05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Nahoru
nom
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 bře 2008 19:22
Bydliště: Kroměříž (ZL)

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#10 Příspěvek od nom »

Už se my podařilo rozchodit i ten první

# AdwCleaner v3.306 - Report created 17/08/2014 at 09:59:21
# Updated 15/08/2014 by Xplode
# Operating System : Windows 7 Home Premium (64 bits)
# Username : monika - MONCICAK
# Running from : C:\Users\monika\Desktop\adwcleaner_3.306.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : DatamngrCoordinator
[#] Service Deleted : Update outobox
[#] Service Deleted : Util outobox
Service Deleted : {1a147621-8c9a-4d6b-a557-6513a40d3207}w64

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\BitGuard
[!] Folder Deleted : C:\ProgramData\Browser Manager
[!] Folder Deleted : C:\ProgramData\BrowserProtect
[!] Folder Deleted : C:\ProgramData\AlawarWrapper
[!] Folder Deleted : C:\Program Files (x86)\outobox
[!] Folder Deleted : C:\Program Files (x86)\VNT
[!] Folder Deleted : C:\Users\monika\AppData\Local\AskPartnerNetwork
[!] Folder Deleted : C:\Users\monika\AppData\Local\genienext
[!] Folder Deleted : C:\Users\monika\AppData\Local\Mobogenie
[!] Folder Deleted : C:\Users\monika\AppData\Local\VNT
[!] Folder Deleted : C:\Users\monika\AppData\Local\AlawarWrapper
[!] Folder Deleted : C:\Users\monika\Documents\Mobogenie
[!] Folder Deleted : C:\Users\Public\Documents\AlawarWrapper
File Deleted : C:\Windows\System32\drivers\{1a147621-8c9a-4d6b-a557-6513a40d3207}w64.sys
File Deleted : C:\Users\monika\daemonprocess.txt

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fjpdnoojnohifgekbkmnfbiobhcbedka
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\outobox_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\outobox_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\outobox1120_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\outobox1120_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VNT]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3D86A75B-CB6B-4764-885D-CA6336F04BA2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\outobox
Key Deleted : HKLM\SOFTWARE\outobox
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\outobox

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385


-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\monika\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=1032&systemid=406&v=n10781-215&apn_uid=5601254524454556&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
Deleted [Startup_urls] : hxxp://www.search.ask.com/?o=APN10645A&gct=hp& ... 81-215&t=4
Deleted [Extension] : aaaaabcbmongicmdegkmmfgdickgnnob
Deleted [Extension] : fjpdnoojnohifgekbkmnfbiobhcbedka

*************************

AdwCleaner[R0].txt - [263 octets] - [17/08/2014 09:26:55]
AdwCleaner[R1].txt - [263 octets] - [17/08/2014 09:27:29]
AdwCleaner[R2].txt - [4260 octets] - [17/08/2014 09:58:22]
AdwCleaner[S0].txt - [4286 octets] - [17/08/2014 09:59:21]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4346 octets] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119395
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#11 Příspěvek od Rudy »

Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
nom
Návštěvník
Návštěvník
Příspěvky: 100
Registrován: 23 bře 2008 19:22
Bydliště: Kroměříž (ZL)

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#12 Příspěvek od nom »

No reklama se již neoběvila a ten process se nepouští při startu.
Myslím, že můžete lock.
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119395
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Nadměrné vytížení procesoru procesem msewcm.exe

#13 Příspěvek od Rudy »

To jsem rád.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“