Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Svchost.exe virus ?

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
Sirius
Návštěvník
Návštěvník
Příspěvky: 177
Registrován: 18 zář 2014 17:21

Svchost.exe virus ?

#1 Příspěvek od Sirius »

Zdravíčko,
už 4 dny mi při každém spuštění s přístupem na internet zablokuje antivirus (Microsoft Security Essentials) soubor svchost.exe s tím, že se jedná o trojského koně. Nejsem si jistý zda jde vážně o virus, nikdy předtím mi MSE tento soubor neblokoval. Soubor je umístěn v:
"file:C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\svchost[1].exe"
"file:C:\Windows\temp\svchost.exe"

Věděl by někdo co s tím ? Děkuji předem za odpověď :)
Přikládám RSIT log

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sirius at 2015-02-14 20:31:40
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 151 GB (22%) free of 695 GB
Total RAM: 5996 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:31:46, on 14.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Sirius.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1423941984
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9533 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 26346896
\??\C:\Windows\system32\conhost.exe "-276660104165404622113531096161816561221202185317-13560747345463794316518760
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
taskeng.exe {D6B85415-0250-4B67-A410-16E97D3257D7}
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sBWDATOOLSET
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 6b9ae2bd-ccea-4895-937d-532f121fd3a5 1
\??\C:\Windows\system32\conhost.exe "-956525219-1203609200-6194063201817918596-551960879-1363670073-1638775580-1941600999
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
taskeng.exe {0665563E-A649-4A57-B3BE-14080F3E898B}
C:\Windows\System32\WScript.exe "C:\Users\Sirius\AppData\Roaming\Origin\update.vbe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "156020840-2039125224-1898625424-204494833690971229419605182051038194977-231454187
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -Recover
taskeng.exe {BE7475FD-C988-4B77-A092-71FB049FAB9A}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3984.0.567681756\927463363" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,18,39 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2418 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3984.2.630276350\1525006126" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3984.4.1956248418\1167511813" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3984.5.1620897332\39381469" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3984.7.2081229663\73663981" /prefetch:673131151
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Windows\System32\schtasks.exe" /create /sc onlogon /tn Origin /rl highest /ru System /tr "C:\Windows\system32\config\systemprofile\AppData\Roaming\Origin\update.vbe"
\??\C:\Windows\system32\conhost.exe "771441512749836859-1840316447-146373116888067822720088851702122171600488782527
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="3984.11.504482518\645952990" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Users\Sirius\Documents\Tomáš\Zástupci na panely\Programy\RSIT Logs.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-01-21 218776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2015-01-21 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-11-12 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL [2014-01-22 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL [2015-01-21 1729744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-21 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-21 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-21 416024]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-12-13 2824504]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30 1332296]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-24 13662936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7394584]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Adobe Speed Launcher"=1423941984 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20 1021128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCEPServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [2013-05-16 1039240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7394584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title=CorelDRAW Graphics Suite 12 /date=022114 serial=DR12CNC-8301292-WBN lang=CZ []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
C:\Program Files\Elantech\ETDCtrl.exe [2011-04-05 2589992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management]
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2011-05-10 1831528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2011-05-10 1131296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
C:\PROGRA~2\Secunia\PSI\psi_tray.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll C:\Windows\System32\nvinitx.dll,C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-10 389632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2015-02-14 20:31:39 ----D---- C:\rsit
2015-02-14 20:24:37 ----D---- C:\Windows\SYSWOW64\NV
2015-02-14 20:24:37 ----D---- C:\Windows\system32\NV
2015-02-14 20:24:21 ----D---- C:\ProgramData\NVIDIA
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvvsvc.exe
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvsvcr.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvsvc64.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvshext.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvmctray.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvcpl.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nv3dappshextr.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nv3dappshext.dll
2015-02-14 20:18:32 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-02-14 20:18:32 ----A---- C:\Windows\system32\OpenCL.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvopencl.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvoglv64.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvinitx.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\NvIFR64.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2015-02-14 20:17:12 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\NvFBC64.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvdispgenco6434752.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvdispco6434752.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvcuvid.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvcuda.dll
2015-02-14 20:17:10 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-02-14 20:17:10 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-02-14 20:17:10 ----A---- C:\Windows\system32\nvcompiler.dll
2015-02-14 20:17:10 ----A---- C:\Windows\system32\nvapi64.dll
2015-02-14 20:08:23 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-02-14 20:08:23 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-02-14 20:08:23 ----A---- C:\Windows\system32\jscript9.dll
2015-02-14 20:08:22 ----A---- C:\Windows\system32\jscript9diag.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-02-11 13:34:45 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-02-11 13:34:45 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-02-11 13:34:44 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-02-11 13:34:44 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-02-11 13:34:44 ----A---- C:\Windows\system32\iernonce.dll
2015-02-11 13:34:44 ----A---- C:\Windows\system32\ie4uinit.exe
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-02-11 13:34:43 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 13:34:41 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-02-11 13:34:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-02-11 13:34:41 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-02-11 13:34:41 ----A---- C:\Windows\system32\urlmon.dll
2015-02-11 13:34:41 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 13:34:41 ----A---- C:\Windows\system32\iedkcs32.dll
2015-02-11 13:34:40 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-02-11 13:34:40 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-02-11 13:34:40 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-02-11 13:34:40 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 13:34:40 ----A---- C:\Windows\system32\dxtrans.dll
2015-02-11 13:34:39 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-02-11 13:34:39 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-02-11 13:34:39 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-11 13:34:38 ----A---- C:\Windows\system32\iesetup.dll
2015-02-11 13:34:38 ----A---- C:\Windows\system32\ieapfltr.dll
2015-02-11 13:34:37 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-02-11 13:34:37 ----A---- C:\Windows\system32\iertutil.dll
2015-02-11 13:34:36 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-02-11 13:34:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-02-11 13:34:36 ----A---- C:\Windows\system32\jsproxy.dll
2015-02-11 13:34:36 ----A---- C:\Windows\system32\ieUnatt.exe
2015-02-11 13:34:35 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-02-11 13:34:35 ----A---- C:\Windows\system32\ieui.dll
2015-02-11 13:34:35 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-11 13:34:34 ----A---- C:\Windows\system32\mshtmled.dll
2015-02-11 13:34:34 ----A---- C:\Windows\system32\ieframe.dll
2015-02-11 13:34:33 ----A---- C:\Windows\system32\vbscript.dll
2015-02-11 13:34:33 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-02-11 13:34:32 ----A---- C:\Windows\system32\wininet.dll
2015-02-11 13:34:31 ----A---- C:\Windows\system32\msrating.dll
2015-02-11 13:34:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-02-11 13:34:30 ----A---- C:\Windows\system32\mshtml.dll
2015-02-11 13:33:57 ----A---- C:\Windows\system32\lsasrv.dll
2015-02-11 13:33:57 ----A---- C:\Windows\system32\drivers\cng.sys
2015-02-11 13:33:57 ----A---- C:\Windows\system32\adtschema.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\sspisrv.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\sspicli.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\secur32.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\msobjs.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\msaudite.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\lsass.exe
2015-02-11 13:33:56 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-02-11 13:33:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-02-11 13:33:56 ----A---- C:\Windows\system32\auditpol.exe
2015-02-11 13:33:46 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-02-11 13:33:46 ----A---- C:\Windows\system32\schannel.dll
2015-02-11 13:33:45 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-02-11 13:33:45 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-02-11 13:33:45 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\wdigest.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\TSpkg.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\ncrypt.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\msv1_0.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\kerberos.dll
2015-02-11 13:33:44 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-02-11 13:33:44 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-02-11 13:33:44 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-02-11 13:33:44 ----A---- C:\Windows\system32\credssp.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\invagent.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\generaltel.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\appraiser.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\aeinv.dll
2015-02-11 13:33:34 ----A---- C:\Windows\system32\devinv.dll
2015-02-11 13:33:34 ----A---- C:\Windows\system32\aitstatic.exe
2015-02-11 13:33:33 ----A---- C:\Windows\system32\aepdu.dll
2015-02-11 13:33:32 ----A---- C:\Windows\system32\aepic.dll
2015-02-11 13:33:23 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2015-02-11 13:33:23 ----A---- C:\Windows\system32\oleaut32.dll
2015-02-11 13:33:20 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-02-11 13:33:20 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-02-11 13:33:20 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-02-11 13:33:20 ----A---- C:\Windows\system32\wintrust.dll
2015-02-11 13:33:20 ----A---- C:\Windows\system32\cryptsvc.dll
2015-02-11 13:33:20 ----A---- C:\Windows\system32\crypt32.dll
2015-02-11 13:33:13 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-11 13:33:12 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-02-11 13:29:26 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-02-11 13:29:26 ----A---- C:\Windows\system32\scesrv.dll
2015-02-11 13:28:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-02-11 13:28:38 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-02-11 13:28:38 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-02-11 13:28:35 ----A---- C:\Windows\system32\srcore.dll
2015-02-11 13:28:35 ----A---- C:\Windows\system32\rstrui.exe
2015-02-11 13:28:34 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-02-11 13:28:34 ----A---- C:\Windows\system32\srclient.dll
2015-02-11 13:27:46 ----A---- C:\Windows\system32\win32k.sys
2015-02-11 01:40:16 ----D---- C:\Program Files (x86)\Zaklínač rozšířená edice
2015-02-02 13:32:33 ----D---- C:\Program Files (x86)\Mount&Blade Warband
2015-02-01 19:29:36 ----A---- C:\Windows\SYSWOW64\vp6vfw.dll
2015-02-01 19:18:54 ----D---- C:\Program Files (x86)\The Sims 4
2015-01-30 18:06:01 ----D---- C:\Users\Sirius\AppData\Roaming\dvdcss
2015-01-28 19:56:50 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2015-01-28 19:37:51 ----D---- C:\Program Files (x86)\Dragon Age
2015-01-28 12:37:25 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-28 12:37:25 ----A---- C:\Windows\system32\profsvc.dll
2015-01-28 12:37:24 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-28 12:37:24 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-01-28 12:37:24 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-28 12:37:21 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-28 11:44:10 ----D---- C:\ProgramData\LumaEmu_SteamCloud
2015-01-28 01:31:44 ----D---- C:\ProgramData\752524997046998489
2015-01-25 14:20:12 ----D---- C:\Program Files (x86)\RocketDock
2015-01-20 21:56:59 ----D---- C:\Users\Sirius\AppData\Roaming\TeamViewer
2015-01-20 21:56:53 ----D---- C:\Program Files (x86)\TeamViewer

======List of files/folders modified in the last 1 months======

2015-02-14 20:31:41 ----D---- C:\Program Files\trend micro
2015-02-14 20:30:52 ----D---- C:\Windows\temp
2015-02-14 20:26:19 ----A---- C:\Windows\SYSWOW64\log.txt
2015-02-14 20:24:37 ----D---- C:\Windows\SysWOW64
2015-02-14 20:24:37 ----D---- C:\Windows\System32
2015-02-14 20:24:21 ----D---- C:\ProgramData
2015-02-14 20:24:12 ----D---- C:\Windows\winsxs
2015-02-14 20:23:56 ----D---- C:\Windows\system32\config
2015-02-14 20:22:50 ----SD---- C:\Windows\system32\CompatTel
2015-02-14 20:22:50 ----D---- C:\Windows\SYSWOW64\en-US
2015-02-14 20:22:50 ----D---- C:\Windows\system32\en-US
2015-02-14 20:22:50 ----D---- C:\Windows\system32\appraiser
2015-02-14 20:18:51 ----D---- C:\Windows\Help
2015-02-14 20:18:51 ----D---- C:\Program Files\NVIDIA Corporation
2015-02-14 20:18:32 ----D---- C:\Temp
2015-02-14 20:18:26 ----D---- C:\ProgramData\NVIDIA Corporation
2015-02-14 20:18:22 ----D---- C:\Windows\system32\drivers
2015-02-14 20:18:21 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-02-14 20:18:19 ----D---- C:\Windows\inf
2015-02-14 20:18:15 ----D---- C:\Windows\system32\DriverStore
2015-02-14 20:12:25 ----D---- C:\Windows\Microsoft.NET
2015-02-14 20:12:16 ----SHD---- C:\Windows\Installer
2015-02-14 20:11:22 ----RSD---- C:\Windows\assembly
2015-02-14 20:09:54 ----D---- C:\Windows\Prefetch
2015-02-14 20:09:15 ----SHD---- C:\System Volume Information
2015-02-14 05:58:11 ----D---- C:\Users\Sirius\AppData\Roaming\Skype
2015-02-13 22:36:41 ----D---- C:\Windows\system32\catroot2
2015-02-13 22:33:23 ----D---- C:\Windows
2015-02-13 01:32:11 ----D---- C:\Windows\system32\catroot
2015-02-13 01:31:51 ----D---- C:\Windows\system32\cs-CZ
2015-02-13 01:31:51 ----D---- C:\Program Files\Internet Explorer
2015-02-13 01:31:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-02-13 01:31:50 ----D---- C:\Program Files (x86)\Internet Explorer
2015-02-11 14:06:49 ----D---- C:\ProgramData\Microsoft Help
2015-02-11 14:03:09 ----D---- C:\ProgramData\Package Cache
2015-02-11 13:53:31 ----A---- C:\Windows\win.ini
2015-02-11 13:52:30 ----D---- C:\Program Files\Microsoft Security Client
2015-02-11 13:52:30 ----D---- C:\Program Files (x86)\Microsoft Security Client
2015-02-11 13:47:17 ----D---- C:\Windows\system32\MRT
2015-02-11 13:39:31 ----D---- C:\Windows\debug
2015-02-11 13:39:29 ----A---- C:\Windows\system32\MRT.exe
2015-02-11 12:52:00 ----D---- C:\Users\Sirius\AppData\Roaming\uTorrent
2015-02-11 12:50:22 ----D---- C:\Windows\SoftwareDistribution
2015-02-11 12:49:47 ----D---- C:\Windows\Logs
2015-02-11 01:40:16 ----D---- C:\Program Files (x86)
2015-02-11 01:40:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-02-10 23:18:46 ----D---- C:\Origin
2015-02-10 19:23:49 ----D---- C:\Program Files (x86)\Common Files
2015-02-10 19:23:39 ----RSD---- C:\Windows\Fonts
2015-02-06 19:20:45 ----SD---- C:\ProgramData\Microsoft
2015-02-03 21:20:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-31 18:05:56 ----D---- C:\Windows\system32\Tasks
2015-01-31 18:05:54 ----D---- C:\Users\Sirius\AppData\Roaming\Origin
2015-01-28 20:14:06 ----D---- C:\ProgramData\BioWare
2015-01-28 19:56:40 ----D---- C:\ProgramData\Media Center Programs
2015-01-28 11:41:51 ----SD---- C:\Users\Sirius\AppData\Roaming\Microsoft
2015-01-28 02:05:22 ----D---- C:\Program Files\Recuva
2015-01-28 01:32:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 19:32:39 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-25 21:41:58 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-01-25 13:23:23 ----D---- C:\Users\Sirius\AppData\Roaming\vlc
2015-01-24 19:32:42 ----D---- C:\ProgramData\Origin
2015-01-24 14:03:01 ----D---- C:\ProgramData\Skype
2015-01-24 14:02:59 ----RD---- C:\Program Files (x86)\Skype
2015-01-20 02:42:01 ----D---- C:\Program Files\Adobe
2015-01-20 02:40:49 ----D---- C:\Program Files (x86)\Adobe
2015-01-20 02:34:59 ----D---- C:\Program Files\Common Files\Adobe
2015-01-20 02:29:58 ----D---- C:\Users\Sirius\AppData\Roaming\Adobe
2015-01-20 02:29:28 ----D---- C:\ProgramData\Adobe
2015-01-15 17:59:12 ----D---- C:\Windows\SYSWOW64\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-04-26 557848]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-11-15 274696]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2015-02-05 31376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2014-05-29 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2014-05-29 43680]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 124560]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service; C:\Windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv; C:\Windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-06-08 4729408]
R3 bScsiMSa;bScsiMSa; C:\Windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
R3 bScsiSDa;bScsiSDa; C:\Windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-10 12230912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-11-05 3707864]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-01-10 349736]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-01-24 107560]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-09-14 138280]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-09-14 21416]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 OSFMount;OSFMount; \??\C:\Program Files (x86)\Counter-Strike Global Offensive\image\x64\OSFMount.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-22 325656]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-01-30 23784]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET); C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-02-05 935056]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-01-30 366512]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 114688]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2014-11-11 3398544]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-02-06 1255736]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25 267440]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-05-10 956192]
S4 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S4 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-05-10 872552]
S4 GREGService;GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-01-18 39528]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06 116648]
S4 Live Updater Service;Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-04-22 244624]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-27 114800]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 Origin Client Service;Origin Client Service; C:\Origin\OriginClientService.exe [2015-01-31 1910128]
S4 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-15 5426448]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Svchost.exe virus ?

#2 Příspěvek od Rudy »

Také zdravím!

Tento soubor: C:\Windows\temp\svchost.exe opravdu v pořádku není. Standardní svchost je ve windows\system32. Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Sirius
Návštěvník
Návštěvník
Příspěvky: 177
Registrován: 18 zář 2014 17:21

Re: Svchost.exe virus ?

#3 Příspěvek od Sirius »

Po restartu antivir opět zablokoval svchost. Všiml jsem si, že je ve složce Content.IE5. Zajímalo by mě jestli to má spojitost s Internet Explorerem. Ten jsem totiž použil naposledy když jsem stahoval Chrome a Mozillu. To už je nějaká doba.

Přikládám log

# AdwCleaner v4.110 - Logfile created 14/02/2015 at 21:20:04
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Sirius - UNIVERSE
# Running from : C:\Users\Sirius\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\752524997046998489
Folder Deleted : C:\Users\Sirius\AppData\Local\FileViewPro
Folder Deleted : C:\Users\Sirius\AppData\Roaming\Mozilla\Firefox\Profiles\2xlfafam.default\Extensions\V4X@VOmaz68.net
File Deleted : C:\Users\Sirius\AppData\Roaming\Mozilla\Firefox\Profiles\2xlfafam.default\searchplugins\yahoo_ff.xml

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v35.0.1 (x86 cs)


-\\ Google Chrome v40.0.2214.93


*************************

AdwCleaner[R1].txt - [1257 bytes] - [18/09/2014 21:03:31]
AdwCleaner[R2].txt - [1359 bytes] - [21/09/2014 23:38:23]
AdwCleaner[R3].txt - [1419 bytes] - [22/09/2014 04:13:02]
AdwCleaner[R4].txt - [1520 bytes] - [22/12/2014 03:15:51]
AdwCleaner[R5].txt - [1217 bytes] - [08/01/2015 17:27:13]
AdwCleaner[R6].txt - [1857 bytes] - [14/02/2015 21:18:21]
AdwCleaner[S1].txt - [1287 bytes] - [18/09/2014 21:20:23]
AdwCleaner[S2].txt - [1439 bytes] - [22/09/2014 04:14:21]
AdwCleaner[S3].txt - [1591 bytes] - [22/12/2014 03:17:47]
AdwCleaner[S4].txt - [1279 bytes] - [08/01/2015 17:29:54]
AdwCleaner[S5].txt - [1796 bytes] - [14/02/2015 21:20:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1855 bytes] ##########
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Svchost.exe virus ?

#4 Příspěvek od Rudy »

Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Sirius
Návštěvník
Návštěvník
Příspěvky: 177
Registrován: 18 zář 2014 17:21

Re: Svchost.exe virus ?

#5 Příspěvek od Sirius »

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sirius at 2015-02-14 22:05:02
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 150 GB (22%) free of 695 GB
Total RAM: 5996 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:05:09, on 14.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Sirius.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1423945464
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9495 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 4060928
\??\C:\Windows\system32\conhost.exe "728824305111439758454116931624392145112622597606779253643189896241264640181
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
taskeng.exe {5A9FCE85-435B-437A-BCC3-EAFDA26D3E46}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sBWDATOOLSET
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\System32\WScript.exe "C:\Users\Sirius\AppData\Roaming\Origin\update.vbe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 6b9ae2bd-ccea-4895-937d-532f121fd3a5 1
\??\C:\Windows\system32\conhost.exe "-1138823360517205738-2106499886-123031924-352340840711783082-627334898-2071445749
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-2115345565-647305937929902813-12749537415024805361651859703-8398043352110428117
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
taskeng.exe {03D40104-F678-4B5D-AF17-7890E1EFFAAF}
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4444.0.521489938\128769356" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,18,39 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2418 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/EnabledForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4444.2.1159221686\357524074" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/EnabledForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4444.4.1298726445\245061058" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/EnabledForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4444.5.390211533\946353673" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/EnabledForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4444.7.127542627\1983376788" /prefetch:673131151
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/EnabledForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4444.10.119203115\201633046" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/EnabledForLargePopulation/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4444.13.1619464999\1231541356" /prefetch:673131151
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\System32\schtasks.exe" /create /sc onlogon /tn Origin /rl highest /ru System /tr "C:\Windows\system32\config\systemprofile\AppData\Roaming\Origin\update.vbe"
\??\C:\Windows\system32\conhost.exe "1423729265-2021633587586902258-12934225801974701393-1172225870309956088-529543992
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Users\Sirius\Documents\Tomáš\Zástupci na panely\Programy\RSIT Logs.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-01-21 218776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2015-01-21 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-11-12 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL [2014-01-22 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL [2015-01-21 1729744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-21 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-21 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-21 416024]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-12-13 2824504]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30 1332296]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-24 13662936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7394584]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Adobe Speed Launcher"=1423945464 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20 1021128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCEPServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [2013-05-16 1039240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7394584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title=CorelDRAW Graphics Suite 12 /date=022114 serial=DR12CNC-8301292-WBN lang=CZ []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
C:\Program Files\Elantech\ETDCtrl.exe [2011-04-05 2589992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management]
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2011-05-10 1831528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2011-05-10 1131296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
C:\PROGRA~2\Secunia\PSI\psi_tray.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll C:\Windows\System32\nvinitx.dll,C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-10 389632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2015-02-14 20:31:39 ----D---- C:\rsit
2015-02-14 20:24:37 ----D---- C:\Windows\SYSWOW64\NV
2015-02-14 20:24:37 ----D---- C:\Windows\system32\NV
2015-02-14 20:24:21 ----D---- C:\ProgramData\NVIDIA
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvvsvc.exe
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvsvcr.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvsvc64.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvshext.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvmctray.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvcpl.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nv3dappshextr.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nv3dappshext.dll
2015-02-14 20:18:32 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-02-14 20:18:32 ----A---- C:\Windows\system32\OpenCL.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvopencl.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvoglv64.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvinitx.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\NvIFR64.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2015-02-14 20:17:12 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\NvFBC64.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvdispgenco6434752.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvdispco6434752.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvcuvid.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvcuda.dll
2015-02-14 20:17:10 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-02-14 20:17:10 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-02-14 20:17:10 ----A---- C:\Windows\system32\nvcompiler.dll
2015-02-14 20:17:10 ----A---- C:\Windows\system32\nvapi64.dll
2015-02-14 20:08:23 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-02-14 20:08:23 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-02-14 20:08:23 ----A---- C:\Windows\system32\jscript9.dll
2015-02-14 20:08:22 ----A---- C:\Windows\system32\jscript9diag.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-02-11 13:34:45 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-02-11 13:34:45 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-02-11 13:34:44 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-02-11 13:34:44 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-02-11 13:34:44 ----A---- C:\Windows\system32\iernonce.dll
2015-02-11 13:34:44 ----A---- C:\Windows\system32\ie4uinit.exe
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-02-11 13:34:43 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 13:34:41 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-02-11 13:34:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-02-11 13:34:41 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-02-11 13:34:41 ----A---- C:\Windows\system32\urlmon.dll
2015-02-11 13:34:41 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 13:34:41 ----A---- C:\Windows\system32\iedkcs32.dll
2015-02-11 13:34:40 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-02-11 13:34:40 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-02-11 13:34:40 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-02-11 13:34:40 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 13:34:40 ----A---- C:\Windows\system32\dxtrans.dll
2015-02-11 13:34:39 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-02-11 13:34:39 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-02-11 13:34:39 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-11 13:34:38 ----A---- C:\Windows\system32\iesetup.dll
2015-02-11 13:34:38 ----A---- C:\Windows\system32\ieapfltr.dll
2015-02-11 13:34:37 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-02-11 13:34:37 ----A---- C:\Windows\system32\iertutil.dll
2015-02-11 13:34:36 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-02-11 13:34:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-02-11 13:34:36 ----A---- C:\Windows\system32\jsproxy.dll
2015-02-11 13:34:36 ----A---- C:\Windows\system32\ieUnatt.exe
2015-02-11 13:34:35 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-02-11 13:34:35 ----A---- C:\Windows\system32\ieui.dll
2015-02-11 13:34:35 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-11 13:34:34 ----A---- C:\Windows\system32\mshtmled.dll
2015-02-11 13:34:34 ----A---- C:\Windows\system32\ieframe.dll
2015-02-11 13:34:33 ----A---- C:\Windows\system32\vbscript.dll
2015-02-11 13:34:33 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-02-11 13:34:32 ----A---- C:\Windows\system32\wininet.dll
2015-02-11 13:34:31 ----A---- C:\Windows\system32\msrating.dll
2015-02-11 13:34:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-02-11 13:34:30 ----A---- C:\Windows\system32\mshtml.dll
2015-02-11 13:33:57 ----A---- C:\Windows\system32\lsasrv.dll
2015-02-11 13:33:57 ----A---- C:\Windows\system32\drivers\cng.sys
2015-02-11 13:33:57 ----A---- C:\Windows\system32\adtschema.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\sspisrv.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\sspicli.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\secur32.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\msobjs.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\msaudite.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\lsass.exe
2015-02-11 13:33:56 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-02-11 13:33:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-02-11 13:33:56 ----A---- C:\Windows\system32\auditpol.exe
2015-02-11 13:33:46 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-02-11 13:33:46 ----A---- C:\Windows\system32\schannel.dll
2015-02-11 13:33:45 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-02-11 13:33:45 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-02-11 13:33:45 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\wdigest.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\TSpkg.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\ncrypt.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\msv1_0.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\kerberos.dll
2015-02-11 13:33:44 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-02-11 13:33:44 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-02-11 13:33:44 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-02-11 13:33:44 ----A---- C:\Windows\system32\credssp.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\invagent.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\generaltel.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\appraiser.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\aeinv.dll
2015-02-11 13:33:34 ----A---- C:\Windows\system32\devinv.dll
2015-02-11 13:33:34 ----A---- C:\Windows\system32\aitstatic.exe
2015-02-11 13:33:33 ----A---- C:\Windows\system32\aepdu.dll
2015-02-11 13:33:32 ----A---- C:\Windows\system32\aepic.dll
2015-02-11 13:33:23 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2015-02-11 13:33:23 ----A---- C:\Windows\system32\oleaut32.dll
2015-02-11 13:33:20 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-02-11 13:33:20 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-02-11 13:33:20 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-02-11 13:33:20 ----A---- C:\Windows\system32\wintrust.dll
2015-02-11 13:33:20 ----A---- C:\Windows\system32\cryptsvc.dll
2015-02-11 13:33:20 ----A---- C:\Windows\system32\crypt32.dll
2015-02-11 13:33:13 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-11 13:33:12 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-02-11 13:29:26 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-02-11 13:29:26 ----A---- C:\Windows\system32\scesrv.dll
2015-02-11 13:28:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-02-11 13:28:38 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-02-11 13:28:38 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-02-11 13:28:35 ----A---- C:\Windows\system32\srcore.dll
2015-02-11 13:28:35 ----A---- C:\Windows\system32\rstrui.exe
2015-02-11 13:28:34 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-02-11 13:28:34 ----A---- C:\Windows\system32\srclient.dll
2015-02-11 13:27:46 ----A---- C:\Windows\system32\win32k.sys
2015-02-11 01:40:16 ----D---- C:\Program Files (x86)\Zaklínač rozšířená edice
2015-02-02 13:32:33 ----D---- C:\Program Files (x86)\Mount&Blade Warband
2015-02-01 19:29:36 ----A---- C:\Windows\SYSWOW64\vp6vfw.dll
2015-02-01 19:18:54 ----D---- C:\Program Files (x86)\The Sims 4
2015-01-30 18:06:01 ----D---- C:\Users\Sirius\AppData\Roaming\dvdcss
2015-01-28 19:56:50 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2015-01-28 19:37:51 ----D---- C:\Program Files (x86)\Dragon Age
2015-01-28 12:37:25 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-28 12:37:25 ----A---- C:\Windows\system32\profsvc.dll
2015-01-28 12:37:24 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-28 12:37:24 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-01-28 12:37:24 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-28 12:37:21 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-28 11:44:10 ----D---- C:\ProgramData\LumaEmu_SteamCloud
2015-01-25 14:20:12 ----D---- C:\Program Files (x86)\RocketDock
2015-01-20 21:56:59 ----D---- C:\Users\Sirius\AppData\Roaming\TeamViewer
2015-01-20 21:56:53 ----D---- C:\Program Files (x86)\TeamViewer

======List of files/folders modified in the last 1 months======

2015-02-14 22:05:03 ----D---- C:\Program Files\trend micro
2015-02-14 21:32:45 ----D---- C:\Windows\temp
2015-02-14 21:24:51 ----A---- C:\Windows\SYSWOW64\log.txt
2015-02-14 21:20:12 ----D---- C:\Windows\system32\config
2015-02-14 21:20:04 ----D---- C:\ProgramData
2015-02-14 21:20:04 ----D---- C:\AdwCleaner
2015-02-14 20:24:37 ----D---- C:\Windows\SysWOW64
2015-02-14 20:24:37 ----D---- C:\Windows\System32
2015-02-14 20:24:12 ----D---- C:\Windows\winsxs
2015-02-14 20:22:50 ----SD---- C:\Windows\system32\CompatTel
2015-02-14 20:22:50 ----D---- C:\Windows\SYSWOW64\en-US
2015-02-14 20:22:50 ----D---- C:\Windows\system32\en-US
2015-02-14 20:22:50 ----D---- C:\Windows\system32\appraiser
2015-02-14 20:19:04 ----D---- C:\Temp
2015-02-14 20:18:51 ----D---- C:\Windows\Help
2015-02-14 20:18:51 ----D---- C:\Program Files\NVIDIA Corporation
2015-02-14 20:18:26 ----D---- C:\ProgramData\NVIDIA Corporation
2015-02-14 20:18:22 ----D---- C:\Windows\system32\drivers
2015-02-14 20:18:21 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-02-14 20:18:19 ----D---- C:\Windows\inf
2015-02-14 20:18:15 ----D---- C:\Windows\system32\DriverStore
2015-02-14 20:12:25 ----D---- C:\Windows\Microsoft.NET
2015-02-14 20:12:16 ----SHD---- C:\Windows\Installer
2015-02-14 20:11:22 ----RSD---- C:\Windows\assembly
2015-02-14 20:09:54 ----D---- C:\Windows\Prefetch
2015-02-14 20:09:15 ----SHD---- C:\System Volume Information
2015-02-14 05:58:11 ----D---- C:\Users\Sirius\AppData\Roaming\Skype
2015-02-13 22:36:41 ----D---- C:\Windows\system32\catroot2
2015-02-13 22:33:23 ----D---- C:\Windows
2015-02-13 01:32:11 ----D---- C:\Windows\system32\catroot
2015-02-13 01:31:51 ----D---- C:\Windows\system32\cs-CZ
2015-02-13 01:31:51 ----D---- C:\Program Files\Internet Explorer
2015-02-13 01:31:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-02-13 01:31:50 ----D---- C:\Program Files (x86)\Internet Explorer
2015-02-11 14:06:49 ----D---- C:\ProgramData\Microsoft Help
2015-02-11 14:03:09 ----D---- C:\ProgramData\Package Cache
2015-02-11 13:53:31 ----A---- C:\Windows\win.ini
2015-02-11 13:52:30 ----D---- C:\Program Files\Microsoft Security Client
2015-02-11 13:52:30 ----D---- C:\Program Files (x86)\Microsoft Security Client
2015-02-11 13:47:17 ----D---- C:\Windows\system32\MRT
2015-02-11 13:39:31 ----D---- C:\Windows\debug
2015-02-11 13:39:29 ----A---- C:\Windows\system32\MRT.exe
2015-02-11 12:52:00 ----D---- C:\Users\Sirius\AppData\Roaming\uTorrent
2015-02-11 12:50:22 ----D---- C:\Windows\SoftwareDistribution
2015-02-11 12:49:47 ----D---- C:\Windows\Logs
2015-02-11 01:40:16 ----D---- C:\Program Files (x86)
2015-02-11 01:40:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-02-10 23:18:46 ----D---- C:\Origin
2015-02-10 19:23:49 ----D---- C:\Program Files (x86)\Common Files
2015-02-10 19:23:39 ----RSD---- C:\Windows\Fonts
2015-02-06 19:20:45 ----SD---- C:\ProgramData\Microsoft
2015-02-03 21:20:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-31 18:05:56 ----D---- C:\Windows\system32\Tasks
2015-01-31 18:05:54 ----D---- C:\Users\Sirius\AppData\Roaming\Origin
2015-01-28 20:14:06 ----D---- C:\ProgramData\BioWare
2015-01-28 19:56:40 ----D---- C:\ProgramData\Media Center Programs
2015-01-28 11:41:51 ----SD---- C:\Users\Sirius\AppData\Roaming\Microsoft
2015-01-28 02:05:22 ----D---- C:\Program Files\Recuva
2015-01-28 01:32:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 19:32:39 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-25 21:41:58 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-01-25 13:23:23 ----D---- C:\Users\Sirius\AppData\Roaming\vlc
2015-01-24 19:32:42 ----D---- C:\ProgramData\Origin
2015-01-24 14:03:01 ----D---- C:\ProgramData\Skype
2015-01-24 14:02:59 ----RD---- C:\Program Files (x86)\Skype
2015-01-20 02:42:01 ----D---- C:\Program Files\Adobe
2015-01-20 02:40:49 ----D---- C:\Program Files (x86)\Adobe
2015-01-20 02:34:59 ----D---- C:\Program Files\Common Files\Adobe
2015-01-20 02:29:58 ----D---- C:\Users\Sirius\AppData\Roaming\Adobe
2015-01-20 02:29:28 ----D---- C:\ProgramData\Adobe
2015-01-15 17:59:12 ----D---- C:\Windows\SYSWOW64\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-04-26 557848]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-11-15 274696]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2015-02-05 31376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2014-05-29 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2014-05-29 43680]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 124560]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service; C:\Windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv; C:\Windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-06-08 4729408]
R3 bScsiMSa;bScsiMSa; C:\Windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
R3 bScsiSDa;bScsiSDa; C:\Windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-10 12230912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-11-05 3707864]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-01-10 349736]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-01-24 107560]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-09-14 138280]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-09-14 21416]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 OSFMount;OSFMount; \??\C:\Program Files (x86)\Counter-Strike Global Offensive\image\x64\OSFMount.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-22 325656]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-01-30 23784]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET); C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-02-05 935056]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-01-30 366512]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 114688]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2014-11-11 3398544]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-02-06 1255736]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25 267440]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-05-10 956192]
S4 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S4 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-05-10 872552]
S4 GREGService;GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-01-18 39528]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06 116648]
S4 Live Updater Service;Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-04-22 244624]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-27 114800]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 Origin Client Service;Origin Client Service; C:\Origin\OriginClientService.exe [2015-01-31 1910128]
S4 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-15 5426448]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Svchost.exe virus ?

#6 Příspěvek od Rudy »

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
:files
C:\Windows\temp\svchost.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\svchost[1].exe
C:\Windows\1C4551A64743409391E41477CD655043.TMP

:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Sirius
Návštěvník
Návštěvník
Příspěvky: 177
Registrován: 18 zář 2014 17:21

Re: Svchost.exe virus ?

#7 Příspěvek od Sirius »

Soubory byly opět zablokovány, něco mi je tam vytvoří ihned po startu :?:
Přikládám log

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sirius at 2015-02-14 23:58:24
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 152 GB (22%) free of 695 GB
Total RAM: 5996 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:58:50, on 14.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files\trend micro\Sirius.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1423954633
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9806 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 27940576
\??\C:\Windows\system32\conhost.exe "-1281435397-1066835681-1920835321533317121-196902666416161118781804460593-546317258
C:\Windows\System32\spoolsv.exe
taskeng.exe {848C11FE-E4C2-4D1C-8FA2-692C2C6CFD74}
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
"C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sBWDATOOLSET
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
C:\Windows\System32\WScript.exe "C:\Users\Sirius\AppData\Roaming\Origin\update.vbe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe"
"C:\Windows\System32\schtasks.exe" /create /sc onlogon /tn Origin /rl highest /ru System /tr "C:\Windows\system32\config\systemprofile\AppData\Roaming\Origin\update.vbe"
\??\C:\Windows\system32\conhost.exe "781942301604035576-925797297-8130820135705878698897442727406968781518466340
"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 6b9ae2bd-ccea-4895-937d-532f121fd3a5 1
\??\C:\Windows\system32\conhost.exe "-117618106-4087729559758844413800036-269184312-752004183-239461712-2061819578
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "-1253118851-792907920227619705-1979792311920761727338653100-1661631726-339000629
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe"
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\RocketDock\RocketDock.exe"
taskeng.exe {0F9F857E-F1EB-4E44-8AF3-2E6203B5642F}
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4404.0.1619518839\964165422" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,18,39 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2418 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4404.3.1724126710\2070642372" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4404.4.835768711\894580020" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4404.6.168046292\1153895096" /prefetch:673131151
C:\Windows\system32\wbem\wmiprvse.exe
taskeng.exe {FAEE8ECB-AFC0-4C16-8991-138558139FF9}
"C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4404.8.1329861266\257148466" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4404.9.1065348349\1143822078" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4404.10.1647994092\79314553" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group4 pct:10d stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnableSessionCrashedBubbleUI/Disabled/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Enabled/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/StableBookmarksIndexURLs/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy4Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_12/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_12/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/OnButInvisible/VoiceTrigger/Install/WebRTC-IPv6Default/Default/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --disable-accelerated-video-decode --channel="4404.11.703825475\533221026" /prefetch:673131151
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4404.13.1156154962\2100992194" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"C:\Users\Sirius\Documents\Tomáš\Zástupci na panely\Programy\RSIT Logs.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-01-21 218776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL [2014-01-23 881880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL [2015-01-21 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2014-11-12 153248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL [2014-01-22 707800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL [2015-01-21 1729744]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-21 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-21 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-21 416024]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-12-13 2531472]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-12-13 2824504]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-01-30 1332296]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-24 13662936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7394584]
"RocketDock"=C:\Program Files (x86)\RocketDock\RocketDock.exe [2007-09-02 495616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Adobe Speed Launcher"=1423954633 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20 1021128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21 472992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCEPServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [2013-05-16 1039240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2014-12-12 7394584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CorelDRAW Graphics Suite 11b]
C:\Program Files (x86)\Corel\Corel Graphics 12\Languages\CZ\Programs\Registration.exe /title=CorelDRAW Graphics Suite 12 /date=022114 serial=DR12CNC-8301292-WBN lang=CZ []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDCtrl]
C:\Program Files\Elantech\ETDCtrl.exe [2011-04-05 2589992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\Program Files (x86)\Launch Manager\LManager.exe [2011-07-01 1103440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power Management]
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2011-05-10 1831528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2011-05-10 1131296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]
C:\PROGRA~2\Secunia\PSI\psi_tray.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\System32\nvinitx.dll C:\Windows\System32\nvinitx.dll,C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-10 389632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2015-02-14 23:53:11 ----D---- C:\_OTM
2015-02-14 20:31:39 ----D---- C:\rsit
2015-02-14 20:24:37 ----D---- C:\Windows\SYSWOW64\NV
2015-02-14 20:24:37 ----D---- C:\Windows\system32\NV
2015-02-14 20:24:21 ----D---- C:\ProgramData\NVIDIA
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvvsvc.exe
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvsvcr.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvsvc64.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvshext.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvmctray.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nvcpl.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nv3dappshextr.dll
2015-02-14 20:18:51 ----A---- C:\Windows\system32\nv3dappshext.dll
2015-02-14 20:18:32 ----A---- C:\Windows\SYSWOW64\OpenCL.dll
2015-02-14 20:18:32 ----A---- C:\Windows\system32\OpenCL.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvoglshim32.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-02-14 20:17:12 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvumdshimx.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvopencl.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvoglv64.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvoglshim64.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\nvinitx.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\NvIFR64.dll
2015-02-14 20:17:12 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2015-02-14 20:17:12 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-02-14 20:17:11 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\NvFBC64.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvdispgenco6434752.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvdispco6434752.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvcuvid.dll
2015-02-14 20:17:11 ----A---- C:\Windows\system32\nvcuda.dll
2015-02-14 20:17:10 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-02-14 20:17:10 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-02-14 20:17:10 ----A---- C:\Windows\system32\nvcompiler.dll
2015-02-14 20:17:10 ----A---- C:\Windows\system32\nvapi64.dll
2015-02-14 20:08:23 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2015-02-14 20:08:23 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-02-14 20:08:23 ----A---- C:\Windows\system32\jscript9.dll
2015-02-14 20:08:22 ----A---- C:\Windows\system32\jscript9diag.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2015-02-11 13:34:45 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2015-02-11 13:34:45 ----A---- C:\Windows\system32\ieetwproxystub.dll
2015-02-11 13:34:45 ----A---- C:\Windows\system32\ieetwcollector.exe
2015-02-11 13:34:44 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-02-11 13:34:44 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-02-11 13:34:44 ----A---- C:\Windows\system32\iernonce.dll
2015-02-11 13:34:44 ----A---- C:\Windows\system32\ie4uinit.exe
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2015-02-11 13:34:43 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2015-02-11 13:34:43 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 13:34:41 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2015-02-11 13:34:41 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-02-11 13:34:41 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-02-11 13:34:41 ----A---- C:\Windows\system32\urlmon.dll
2015-02-11 13:34:41 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 13:34:41 ----A---- C:\Windows\system32\iedkcs32.dll
2015-02-11 13:34:40 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2015-02-11 13:34:40 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2015-02-11 13:34:40 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2015-02-11 13:34:40 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 13:34:40 ----A---- C:\Windows\system32\dxtrans.dll
2015-02-11 13:34:39 ----A---- C:\Windows\SYSWOW64\ieui.dll
2015-02-11 13:34:39 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-02-11 13:34:39 ----A---- C:\Windows\system32\msfeeds.dll
2015-02-11 13:34:38 ----A---- C:\Windows\system32\iesetup.dll
2015-02-11 13:34:38 ----A---- C:\Windows\system32\ieapfltr.dll
2015-02-11 13:34:37 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2015-02-11 13:34:37 ----A---- C:\Windows\system32\iertutil.dll
2015-02-11 13:34:36 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-02-11 13:34:36 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-02-11 13:34:36 ----A---- C:\Windows\system32\jsproxy.dll
2015-02-11 13:34:36 ----A---- C:\Windows\system32\ieUnatt.exe
2015-02-11 13:34:35 ----A---- C:\Windows\SYSWOW64\msrating.dll
2015-02-11 13:34:35 ----A---- C:\Windows\system32\ieui.dll
2015-02-11 13:34:35 ----A---- C:\Windows\system32\dxtmsft.dll
2015-02-11 13:34:34 ----A---- C:\Windows\system32\mshtmled.dll
2015-02-11 13:34:34 ----A---- C:\Windows\system32\ieframe.dll
2015-02-11 13:34:33 ----A---- C:\Windows\system32\vbscript.dll
2015-02-11 13:34:33 ----A---- C:\Windows\system32\mshtmlmedia.dll
2015-02-11 13:34:32 ----A---- C:\Windows\system32\wininet.dll
2015-02-11 13:34:31 ----A---- C:\Windows\system32\msrating.dll
2015-02-11 13:34:31 ----A---- C:\Windows\system32\MshtmlDac.dll
2015-02-11 13:34:30 ----A---- C:\Windows\system32\mshtml.dll
2015-02-11 13:33:57 ----A---- C:\Windows\system32\lsasrv.dll
2015-02-11 13:33:57 ----A---- C:\Windows\system32\drivers\cng.sys
2015-02-11 13:33:57 ----A---- C:\Windows\system32\adtschema.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\secur32.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\msobjs.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\auditpol.exe
2015-02-11 13:33:56 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\sspisrv.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\sspicli.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\secur32.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\msobjs.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\msaudite.dll
2015-02-11 13:33:56 ----A---- C:\Windows\system32\lsass.exe
2015-02-11 13:33:56 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2015-02-11 13:33:56 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2015-02-11 13:33:56 ----A---- C:\Windows\system32\auditpol.exe
2015-02-11 13:33:46 ----A---- C:\Windows\SYSWOW64\schannel.dll
2015-02-11 13:33:46 ----A---- C:\Windows\system32\schannel.dll
2015-02-11 13:33:45 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2015-02-11 13:33:45 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2015-02-11 13:33:45 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\wdigest.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\TSpkg.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\ncrypt.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\msv1_0.dll
2015-02-11 13:33:45 ----A---- C:\Windows\system32\kerberos.dll
2015-02-11 13:33:44 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2015-02-11 13:33:44 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2015-02-11 13:33:44 ----A---- C:\Windows\SYSWOW64\credssp.dll
2015-02-11 13:33:44 ----A---- C:\Windows\system32\credssp.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\invagent.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\generaltel.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\appraiser.dll
2015-02-11 13:33:35 ----A---- C:\Windows\system32\aeinv.dll
2015-02-11 13:33:34 ----A---- C:\Windows\system32\devinv.dll
2015-02-11 13:33:34 ----A---- C:\Windows\system32\aitstatic.exe
2015-02-11 13:33:33 ----A---- C:\Windows\system32\aepdu.dll
2015-02-11 13:33:32 ----A---- C:\Windows\system32\aepic.dll
2015-02-11 13:33:23 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2015-02-11 13:33:23 ----A---- C:\Windows\system32\oleaut32.dll
2015-02-11 13:33:20 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2015-02-11 13:33:20 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2015-02-11 13:33:20 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2015-02-11 13:33:20 ----A---- C:\Windows\system32\wintrust.dll
2015-02-11 13:33:20 ----A---- C:\Windows\system32\cryptsvc.dll
2015-02-11 13:33:20 ----A---- C:\Windows\system32\crypt32.dll
2015-02-11 13:33:13 ----A---- C:\Windows\system32\WindowsCodecs.dll
2015-02-11 13:33:12 ----A---- C:\Windows\SYSWOW64\WindowsCodecs.dll
2015-02-11 13:29:26 ----A---- C:\Windows\SYSWOW64\scesrv.dll
2015-02-11 13:29:26 ----A---- C:\Windows\system32\scesrv.dll
2015-02-11 13:28:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-02-11 13:28:38 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-02-11 13:28:38 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-02-11 13:28:35 ----A---- C:\Windows\system32\srcore.dll
2015-02-11 13:28:35 ----A---- C:\Windows\system32\rstrui.exe
2015-02-11 13:28:34 ----A---- C:\Windows\SYSWOW64\srclient.dll
2015-02-11 13:28:34 ----A---- C:\Windows\system32\srclient.dll
2015-02-11 13:27:46 ----A---- C:\Windows\system32\win32k.sys
2015-02-11 01:40:16 ----D---- C:\Program Files (x86)\Zaklínač rozšířená edice
2015-02-02 13:32:33 ----D---- C:\Program Files (x86)\Mount&Blade Warband
2015-02-01 19:29:36 ----A---- C:\Windows\SYSWOW64\vp6vfw.dll
2015-02-01 19:18:54 ----D---- C:\Program Files (x86)\The Sims 4
2015-01-30 18:06:01 ----D---- C:\Users\Sirius\AppData\Roaming\dvdcss
2015-01-28 19:37:51 ----D---- C:\Program Files (x86)\Dragon Age
2015-01-28 12:37:25 ----A---- C:\Windows\system32\TSWbPrxy.exe
2015-01-28 12:37:25 ----A---- C:\Windows\system32\profsvc.dll
2015-01-28 12:37:24 ----A---- C:\Windows\SYSWOW64\nlaapi.dll
2015-01-28 12:37:24 ----A---- C:\Windows\SYSWOW64\ncsi.dll
2015-01-28 12:37:24 ----A---- C:\Windows\system32\nlasvc.dll
2015-01-28 12:37:21 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2015-01-28 11:44:10 ----D---- C:\ProgramData\LumaEmu_SteamCloud
2015-01-25 14:20:12 ----D---- C:\Program Files (x86)\RocketDock
2015-01-20 21:56:59 ----D---- C:\Users\Sirius\AppData\Roaming\TeamViewer
2015-01-20 21:56:53 ----D---- C:\Program Files (x86)\TeamViewer

======List of files/folders modified in the last 1 months======

2015-02-14 23:58:36 ----D---- C:\Program Files\trend micro
2015-02-14 23:58:23 ----D---- C:\Windows\temp
2015-02-14 23:58:17 ----A---- C:\Windows\SYSWOW64\log.txt
2015-02-14 23:57:36 ----SHD---- C:\System Volume Information
2015-02-14 23:53:11 ----D---- C:\Windows
2015-02-14 22:14:31 ----D---- C:\Windows\system32\drivers
2015-02-14 21:20:12 ----D---- C:\Windows\system32\config
2015-02-14 21:20:04 ----D---- C:\ProgramData
2015-02-14 21:20:04 ----D---- C:\AdwCleaner
2015-02-14 20:24:37 ----D---- C:\Windows\SysWOW64
2015-02-14 20:24:37 ----D---- C:\Windows\System32
2015-02-14 20:24:12 ----D---- C:\Windows\winsxs
2015-02-14 20:22:50 ----SD---- C:\Windows\system32\CompatTel
2015-02-14 20:22:50 ----D---- C:\Windows\SYSWOW64\en-US
2015-02-14 20:22:50 ----D---- C:\Windows\system32\en-US
2015-02-14 20:22:50 ----D---- C:\Windows\system32\appraiser
2015-02-14 20:19:04 ----D---- C:\Temp
2015-02-14 20:18:51 ----D---- C:\Windows\Help
2015-02-14 20:18:51 ----D---- C:\Program Files\NVIDIA Corporation
2015-02-14 20:18:26 ----D---- C:\ProgramData\NVIDIA Corporation
2015-02-14 20:18:21 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2015-02-14 20:18:19 ----D---- C:\Windows\inf
2015-02-14 20:18:15 ----D---- C:\Windows\system32\DriverStore
2015-02-14 20:12:25 ----D---- C:\Windows\Microsoft.NET
2015-02-14 20:12:16 ----SHD---- C:\Windows\Installer
2015-02-14 20:11:22 ----RSD---- C:\Windows\assembly
2015-02-14 20:09:54 ----D---- C:\Windows\Prefetch
2015-02-14 05:58:11 ----D---- C:\Users\Sirius\AppData\Roaming\Skype
2015-02-13 22:36:41 ----D---- C:\Windows\system32\catroot2
2015-02-13 01:32:11 ----D---- C:\Windows\system32\catroot
2015-02-13 01:31:51 ----D---- C:\Windows\system32\cs-CZ
2015-02-13 01:31:51 ----D---- C:\Program Files\Internet Explorer
2015-02-13 01:31:50 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-02-13 01:31:50 ----D---- C:\Program Files (x86)\Internet Explorer
2015-02-11 14:06:49 ----D---- C:\ProgramData\Microsoft Help
2015-02-11 14:03:09 ----D---- C:\ProgramData\Package Cache
2015-02-11 13:53:31 ----A---- C:\Windows\win.ini
2015-02-11 13:52:30 ----D---- C:\Program Files\Microsoft Security Client
2015-02-11 13:52:30 ----D---- C:\Program Files (x86)\Microsoft Security Client
2015-02-11 13:47:17 ----D---- C:\Windows\system32\MRT
2015-02-11 13:39:31 ----D---- C:\Windows\debug
2015-02-11 13:39:29 ----A---- C:\Windows\system32\MRT.exe
2015-02-11 12:52:00 ----D---- C:\Users\Sirius\AppData\Roaming\uTorrent
2015-02-11 12:50:22 ----D---- C:\Windows\SoftwareDistribution
2015-02-11 12:49:47 ----D---- C:\Windows\Logs
2015-02-11 01:40:16 ----D---- C:\Program Files (x86)
2015-02-11 01:40:14 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-02-10 23:18:46 ----D---- C:\Origin
2015-02-10 19:23:49 ----D---- C:\Program Files (x86)\Common Files
2015-02-10 19:23:39 ----RSD---- C:\Windows\Fonts
2015-02-06 19:20:45 ----SD---- C:\ProgramData\Microsoft
2015-02-03 21:20:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-01-31 18:05:56 ----D---- C:\Windows\system32\Tasks
2015-01-31 18:05:54 ----D---- C:\Users\Sirius\AppData\Roaming\Origin
2015-01-28 20:14:06 ----D---- C:\ProgramData\BioWare
2015-01-28 19:56:40 ----D---- C:\ProgramData\Media Center Programs
2015-01-28 11:41:51 ----SD---- C:\Users\Sirius\AppData\Roaming\Microsoft
2015-01-28 02:05:22 ----D---- C:\Program Files\Recuva
2015-01-28 01:32:40 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-27 19:32:39 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-01-25 21:41:58 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-01-25 13:23:23 ----D---- C:\Users\Sirius\AppData\Roaming\vlc
2015-01-24 19:32:42 ----D---- C:\ProgramData\Origin
2015-01-24 14:03:01 ----D---- C:\ProgramData\Skype
2015-01-24 14:02:59 ----RD---- C:\Program Files (x86)\Skype
2015-01-20 02:42:01 ----D---- C:\Program Files\Adobe
2015-01-20 02:40:49 ----D---- C:\Program Files (x86)\Adobe
2015-01-20 02:34:59 ----D---- C:\Program Files\Common Files\Adobe
2015-01-20 02:29:58 ----D---- C:\Users\Sirius\AppData\Roaming\Adobe
2015-01-20 02:29:28 ----D---- C:\ProgramData\Adobe
2015-01-15 17:59:12 ----D---- C:\Windows\SYSWOW64\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-04-26 557848]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-11-15 274696]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2015-02-05 31376]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2014-05-29 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2014-05-29 43680]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 124560]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service; C:\Windows\system32\DRIVERS\b57xdbd.sys [2011-01-21 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv; C:\Windows\system32\DRIVERS\b57xdmp.sys [2011-01-21 19496]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-06-08 4729408]
R3 bScsiMSa;bScsiMSa; C:\Windows\system32\DRIVERS\bScsiMSa.sys [2011-05-16 51240]
R3 bScsiSDa;bScsiSDa; C:\Windows\system32\DRIVERS\bScsiSDa.sys [2011-05-06 86056]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2011-04-05 142632]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-06-10 12230912]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-11-05 3707864]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-05-10 425000]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-11-22 38032]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2011-01-10 349736]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2011-01-24 107560]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-09-14 138280]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-09-14 21416]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 OSFMount;OSFMount; \??\C:\Program Files (x86)\Counter-Strike Global Offensive\image\x64\OSFMount.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
R2 GfExperienceService;NVIDIA GeForce Experience Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 1148560]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-12-22 325656]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-01-30 23784]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET); C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 19823248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-02-05 935056]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-01-30 366512]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-01-12 114688]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2014-11-11 3398544]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-12-08 178760]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-01 5132888]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-02-06 1255736]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S4 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-03 81088]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25 267440]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-05-10 956192]
S4 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S4 ePowerSvc;Acer ePower Service; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-05-10 872552]
S4 GREGService;GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2011-01-18 39528]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06 116648]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-06 116648]
S4 Live Updater Service;Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2011-04-22 244624]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-01-27 114800]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 Origin Client Service;Origin Client Service; C:\Origin\OriginClientService.exe [2015-01-31 1910128]
S4 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-15 5426448]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Svchost.exe virus ?

#8 Příspěvek od Rudy »

OK. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Restartujte PC a dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Sirius
Návštěvník
Návštěvník
Příspěvky: 177
Registrován: 18 zář 2014 17:21

Re: Svchost.exe virus ?

#9 Příspěvek od Sirius »

Omlouvám se za menší prodlevu, moc práce do školy :)
Všiml jsem si že včera ani dnes už se soubory nevytvořily, nebo je přinejmenším MSE neblokoval.
Přikládám log Combo Fixu

ComboFix 15-02-16.01 - Sirius 16.02.2015 19:30:35.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.5996.3603 [GMT 1:00]
Spuštěný z: c:\users\Sirius\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-01-16 do 2015-02-16 )))))))))))))))))))))))))))))))
.
.
2015-02-16 18:38 . 2015-02-16 18:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-02-16 18:38 . 2015-02-16 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-16 18:27 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{77737549-5CDA-47BA-9D73-2A1E44A85C2D}\mpengine.dll
2015-02-14 19:24 . 2015-02-14 19:24 -------- d-----w- c:\windows\SysWow64\NV
2015-02-14 19:24 . 2015-02-14 19:24 -------- d-----w- c:\windows\system32\NV
2015-02-14 19:24 . 2015-02-14 19:24 -------- d-----w- c:\programdata\NVIDIA
2015-02-14 19:18 . 2015-02-05 19:07 6861128 ----a-w- c:\windows\system32\nvcpl.dll
2015-02-14 19:18 . 2015-02-05 19:07 3517584 ----a-w- c:\windows\system32\nvsvc64.dll
2015-02-14 19:18 . 2015-02-05 19:07 935056 ----a-w- c:\windows\system32\nvvsvc.exe
2015-02-14 19:18 . 2015-02-05 19:07 62792 ----a-w- c:\windows\system32\nvshext.dll
2015-02-14 19:18 . 2015-02-05 19:07 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2015-02-14 19:18 . 2015-02-05 19:06 74896 ----a-w- c:\windows\system32\nv3dappshextr.dll
2015-02-14 19:18 . 2015-02-05 19:06 385168 ----a-w- c:\windows\system32\nvmctray.dll
2015-02-14 19:18 . 2015-02-05 19:06 1098384 ----a-w- c:\windows\system32\nv3dappshext.dll
2015-02-14 19:18 . 2015-02-05 12:50 4236870 ----a-w- c:\windows\system32\nvcoproc.bin
2015-02-14 19:18 . 2015-02-05 21:01 74056 ----a-w- c:\windows\system32\OpenCL.dll
2015-02-14 19:18 . 2015-02-05 21:01 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-02-14 19:15 . 2014-12-02 10:26 11870360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-14 19:08 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-14 19:08 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-14 19:08 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-14 19:08 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-12 02:17 . 2015-02-12 02:26 -------- d-----w- c:\users\Sirius\AppData\Local\The Witcher
2015-02-11 12:33 . 2015-01-15 08:09 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-02-11 12:29 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-02-11 12:29 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-02-11 12:28 . 2015-01-14 06:09 5554112 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-02-11 12:28 . 2015-01-14 05:44 3972544 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-02-11 12:28 . 2015-01-14 05:44 3917760 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-02-11 12:28 . 2015-01-14 06:05 503808 ----a-w- c:\windows\system32\srcore.dll
2015-02-11 12:28 . 2015-01-14 06:04 296960 ----a-w- c:\windows\system32\rstrui.exe
2015-02-11 12:28 . 2015-01-14 06:05 50176 ----a-w- c:\windows\system32\srclient.dll
2015-02-11 12:28 . 2015-01-14 05:41 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2015-02-11 12:27 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-11 12:18 . 2015-02-11 12:18 -------- d-----w- c:\users\Sirius\AppData\Local\Gameforge4d
2015-02-11 11:59 . 2014-09-17 02:02 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{339C4E0E-F920-4ABA-BDEA-B1EF19E755FC}\gapaengine.dll
2015-02-11 00:40 . 2015-02-11 01:02 -------- d-----w- c:\program files (x86)\Zaklínač rozšířená edice
2015-02-02 12:32 . 2015-02-10 18:14 -------- d-----w- c:\program files (x86)\Mount&Blade Warband
2015-02-01 18:29 . 2014-10-19 14:54 447752 ----a-w- c:\windows\SysWow64\vp6vfw.dll
2015-02-01 18:18 . 2015-02-01 18:29 -------- d-----w- c:\program files (x86)\The Sims 4
2015-01-30 17:06 . 2015-01-30 17:06 -------- d-----w- c:\users\Sirius\AppData\Roaming\dvdcss
2015-01-30 01:02 . 2015-01-30 01:02 -------- d-----w- c:\users\Sirius\AppData\Local\Ndemic Creations
2015-01-28 18:37 . 2015-01-28 19:16 -------- d-----w- c:\program files (x86)\Dragon Age
2015-01-28 11:37 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-01-28 11:37 . 2014-12-11 17:47 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2015-01-28 11:37 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-01-28 11:37 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-01-28 11:37 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-01-28 11:37 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-01-28 10:44 . 2015-01-28 10:44 -------- d-----w- c:\programdata\LumaEmu_SteamCloud
2015-01-25 13:20 . 2015-01-25 13:20 -------- d-----w- c:\program files (x86)\RocketDock
2015-01-22 18:17 . 2015-01-22 18:17 252096 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1029\OSFINTL.DLL
2015-01-22 16:47 . 2015-01-22 16:47 3063992 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1029\MSOINTL.DLL
2015-01-21 14:05 . 2015-01-21 14:05 81238200 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-01-21 14:05 . 2015-01-21 14:05 5736144 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2015-01-21 14:05 . 2015-01-21 14:05 5435576 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2015-01-21 14:05 . 2015-01-21 14:05 26476728 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-01-21 14:02 . 2015-01-21 14:02 877808 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEES.DLL
2015-01-21 14:02 . 2015-01-21 14:02 532704 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEEXCL.DLL
2015-01-21 14:02 . 2015-01-21 14:02 445664 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL
2015-01-21 14:02 . 2015-01-21 14:02 2272456 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACECORE.DLL
2015-01-21 14:02 . 2015-01-21 14:02 203480 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACETXT.DLL
2015-01-21 14:01 . 2015-01-21 14:01 617720 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\ACEDAO.DLL
2015-01-21 14:01 . 2015-01-21 14:01 3644088 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\MSOINTL.DLL
2015-01-21 14:01 . 2015-01-21 14:01 235192 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\1033\OSFINTL.DLL
2015-01-21 14:01 . 2015-01-21 14:01 853200 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\WXPNSE.DLL
2015-01-21 14:01 . 2015-01-21 14:01 81238200 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2015-01-21 14:01 . 2015-01-21 14:01 7838928 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CMigrate.exe
2015-01-21 14:01 . 2015-01-21 14:01 7603896 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
2015-01-21 14:01 . 2015-01-21 14:01 2226848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\RICHED20.DLL
2015-01-21 14:01 . 2015-01-21 14:01 111848 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
2015-01-21 14:01 . 2015-01-21 14:01 654512 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2015-01-21 14:01 . 2015-01-21 14:01 36978360 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2015-01-20 20:56 . 2015-02-11 16:44 -------- d-----w- c:\users\Sirius\AppData\Roaming\TeamViewer
2015-01-20 20:56 . 2015-01-20 20:57 -------- d-----w- c:\program files (x86)\TeamViewer
2015-01-18 16:53 . 2015-01-27 18:32 73840 ----a-w- c:\program files (x86)\Mozilla Firefox\wow_helper.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-11 12:39 . 2014-02-06 16:21 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-01-25 20:41 . 2014-03-23 23:40 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-25 20:41 . 2011-07-20 14:06 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-01-14 17:15 . 2015-01-14 17:15 4877488 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-12-31 11:14 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-13 00:12 . 2014-06-18 17:37 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12 . 2014-02-07 16:40 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12 . 2014-06-18 17:37 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-12-13 00:12 . 2014-02-07 16:40 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
2014-11-22 10:46 . 2015-01-09 12:58 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-11-22 10:46 . 2015-01-09 12:58 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-11-22 10:46 . 2014-02-07 16:39 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-11-18 19:47 . 2014-11-18 19:47 1691816 ----a-w- c:\windows\system32\FM20.DLL
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:05 1729744 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-12-12 7394584]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 OSFMount;OSFMount;c:\program files (x86)\Counter-Strike Global Offensive\image\x64\OSFMount.sys;c:\program files (x86)\Counter-Strike Global Offensive\image\x64\OSFMount.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va025;X6va025;c:\windows\SysWOW64\Drivers\X6va025;c:\windows\SysWOW64\Drivers\X6va025 [x]
R4 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
R4 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
R4 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
R4 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 Origin Client Service;Origin Client Service;c:\origin\OriginClientService.exe;c:\origin\OriginClientService.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe;c:\program files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-27 08:20 1086280 ----a-w- c:\program files (x86)\Google\Chrome\Application\40.0.2214.93\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-02-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-23 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-21 14:01 2334928 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-24 13662936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 94.74.192.252 94.74.192.244
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Sirius\AppData\Roaming\Mozilla\Firefox\Profiles\2xlfafam.default\
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=501549&p=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
AddRemove-Third Age - Total War 3.0 (Part 1of2) - c:\program files (x86)\SEGA\Medieval II Total War\Uninstal.exe
AddRemove-Third Age - Total War 3.0 (Part 2of2) - c:\program files (x86)\SEGA\Medieval II Total War\Uninstal.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va025]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va025"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2015-02-16 19:41:54
ComboFix-quarantined-files.txt 2015-02-16 18:41
.
Před spuštěním: Volných bajtů: 158 312 132 608
Po spuštění: Volných bajtů: 158 078 574 592
.
- - End Of File - - 2B1A114814F38DDE9A9DDD80C2BD1456
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Svchost.exe virus ?

#10 Příspěvek od Rudy »

Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

File::
c:\windows\SysWOW64\Drivers\X6va025

Driver::
X6va025

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přtáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkzy ze skriptu.

Obrázek
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Sirius
Návštěvník
Návštěvník
Příspěvky: 177
Registrován: 18 zář 2014 17:21

Re: Svchost.exe virus ?

#11 Příspěvek od Sirius »

Hotovo, ještě něco ? :)
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Svchost.exe virus ?

#12 Příspěvek od Rudy »

Odinstalujte CF pomocí T-Cleaneru: http://vyosek.tym.cz/pro_usery/T-Cleaner.exe .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Sirius
Návštěvník
Návštěvník
Příspěvky: 177
Registrován: 18 zář 2014 17:21

Re: Svchost.exe virus ?

#13 Příspěvek od Sirius »

Hotovo. Jelikož MSE už nic nehlásí, předpokládám že je vše v pořádku :)
Děkuji mnohokrát za pomoc, poklona :worship: :)

EDIT: Tak po 6ti dnech mi to znovu naběhlo :shock:
Poslední blokování proběhlo 14.2.
Dnes 20. mi MSE opět zablokoval svchost.exe
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119678
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: Svchost.exe virus ?

#14 Příspěvek od Rudy »

Tak to je opravdu divné. Svchost je regulérní proces. Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
Sirius
Návštěvník
Návštěvník
Příspěvky: 177
Registrován: 18 zář 2014 17:21

Re: Svchost.exe virus ?

#15 Příspěvek od Sirius »

V MSE je virus popsán takto: Tento program je nebezpečný. Provádí příkazy zadané útočníkem.
Může se přes takový virus zjistit heslo k Facebooku, Skype, Emailu a podobným programům ? Kdosi mi leze na Skype, FB a mail. Otravuje nás.
Nenašel nic.
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21.2.2015
Scan Time: 19:39:21
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.02.21.06
Rootkit Database: v2015.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Sirius

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 366629
Time Elapsed: 39 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“