Dobrý den,
prosím o pomoc s odvirováním internetových prohlížečů. Podařilo se mi s nějakým programem do PC stáhnout i vir který mě odkazuje na různé nežádoucí stránky většinou se hrami a sám je i otvírá.
Přikládám log :
Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2015-10-03 21:01:28
Microsoft Windows 8.1
System drive C: has 448 GB (31%) free of 1430 GB
Total RAM: 16349 MB (85% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:01:33, on 3. 10. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe
C:\Program Files (x86)\AIMP3\AIMP3.exe
C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.69\opera_crashreporter.exe
C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe
C:\Program Files\trend micro\Petr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PDF Architect 3 Helper - {06E08260-0695-4EC1-A74B-1310D8899D93} - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll
O2 - BHO: Razor Web - {2e22e1c9-9ddb-40da-85c7-0753217fff76} - C:\Program Files (x86)\Razor Web\Extensions\2e22e1c9-9ddb-40da-85c7-0753217fff76.dll (file missing)
O2 - BHO: SecureWebBHO - {D3C24E2B-C820-4492-9B69-11BF7163F998} - C:\Program Files (x86)\IT Viewer\ssie.dll
O3 - Toolbar: PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe -update pepperplugin
O4 - Global Startup: SOLIDWORKS 2015 Rychlé spuštění.lnk = ?
O4 - Global Startup: SOLIDWORKS Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs: C:\ProgramData\caMyciloP\Xxx-lab.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Application Hosting service (Application Hosting) - Unknown owner - C:\ProgramData\Application Hosting\Application Hosting.exe
O23 - Service: caMyciloP - Unknown owner - C:\ProgramData\caMyciloP\caMyciloP.exe
O23 - Service: Compliant Host Controller (cohci1394) - Unknown owner - C:\Program Files\Controller\cohc.exe
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Malware Protection - SecureSoft - C:\Windows\mlwps.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Hry\Origin\OriginClientService.exe
O23 - Service: PDF Architect 3 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\ws.exe
O23 - Service: PDF Architect 3 CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe
O23 - Service: PDF Architect 3 Creator - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
O23 - Service: PicexaService - Taiwan Shui Mu Chih Ching Technology Limited - C:\Program Files (x86)\Picexa\PicexaSvc.exe
O23 - Service: Privoxy (PrivoxyService) (PrivoxyService) - The Privoxy team - www.privoxy.org - C:\Program Files (x86)\IT Viewer\privoxy.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: WinZiper service (winzipersvc) - Taiwan Shui Mu Chih Ching Technology Limited - C:\Program Files (x86)\WinZipper\winzipersvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10412 bytes
======Listing Processes======
wininit.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\Picexa\PicexaSvc.exe"
"C:\Program Files (x86)\WinZipper\winzipersvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\ProgramData\Application Hosting\Application Hosting.exe"
C:\ProgramData\caMyciloP\caMyciloP.exe
"C:\Program Files\Controller\cohc.exe" /s iid=1335554 did=APSnapdoAMRev sid=3 ref=5f4e8857-8cb5-a976-bc57-432f111ae8ea-PolicyMac id=045165cc25cb9a810ee480019e15d34b724bffd103fd9499058f19378727967f
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {84650e58-50ba-419d-9a41d9f5b1a6494d}
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\PDF Architect 3\creator-ws.exe"
"C:\Program Files (x86)\IT Viewer\privoxy.exe" --service
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss b2695113-8141-42e7-96a5-f8dfa3c488be 1
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session
taskhostex.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\skydrive.exe -Embedding
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
szndesktop.exe default start
"C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe"
"C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe" /launch_from 0
"C:\Windows\system32\GWX\GWX.exe"
"C:\Windows\FileManager\PhotosApp.exe" -ServerName:Microsoft.Windows.PhotoManager
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Program Files (x86)\AIMP3\AIMP3.exe"
"C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe" --ran-launcher
"C:\Program Files (x86)\Opera\32.0.1948.69\opera_crashreporter.exe" --ran-launcher --crash-reporter-parent-id=1088
"C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe" --type=gpu-process --channel="1088.0.1979290148\681089826" --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=5196 --supports-dual-gpus=false --gpu-driver-bug-workarounds=2,26,51,61 --gpu-vendor-id=0x10de --gpu-device-id=0x0614 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3788 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=5196 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_209.dll" --ppapi-flash-version=18.0.0.209 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=5196 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="1088.3.1399336374\1994894808" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_209.dll" --ppapi-flash-version=18.0.0.209 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=5196 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="1088.4.1054011972\248558174" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_209.dll" --ppapi-flash-version=18.0.0.209 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=5196 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="1088.31.1442203031\569525315" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_209.dll" --ppapi-flash-version=18.0.0.209 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=5196 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="1088.46.452385392\1112898011" /prefetch:673131151
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
"C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_209.dll" --ppapi-flash-version=18.0.0.209 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=5196 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="1088.50.221950247\855366675" /prefetch:673131151
"C:\Program Files (x86)\Opera\32.0.1948.69\opera.exe" --type=renderer --alt-high-dpi-setting=96 --system-dpi-setting=96 --disable-direct-npapi-requests --disable-win32k-renderer-lockdown --lang=cs --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --ppapi-flash-path="C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_18_0_0_209.dll" --ppapi-flash-version=18.0.0.209 --with-feature:installer-experiment-test=off --with-feature:installer-ui-stats=off --crash-reporter-pid=5196 --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=4 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --channel="1088.54.1185603897\162920485" /prefetch:673131151
taskeng.exe {6475628A-25E2-4DDC-A1C2-CADFAC595692}
"C:\Users\Petr\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\2a73fa2f-927b-4206-8c4d-835773ccf4ad-5.job - C:\Program Files (x86)\CinemaP-1.9cV26.08\2a73fa2f-927b-4206-8c4d-835773ccf4ad-5.exe /rawdata=upy5bsKWnxVlSjYj63qwFNiTX9x+VZMAup42DHPjtB+iLRDb/BcPfDBRUBmfpoqYLiIUMax4OfPVlULM199VgbRnOvitBRXaKeyHaUjG6x5J08JrwaPisTE15mycWO534EXM2J1mGVaouk1xE/+Sz/ZA9dOf5F3sYFkRYkm+xVTGmjzL0Eh1nPVOpmMHzskwq2trJgOEwBZNcb8X3hfbMTxY3dvgCmpYURKSlI+lV/IKhFf307iQoINWEOreedEip2N7hLcbfeX3eOFkrpHzDeWCpQImp0AnbOqg75Xl2HUx5Qtqtr2f05fKRqqIWY7GCoMj0ozrpeQGDNYDqQY3CwwOgRCqqtu5OXdEq8o597D+brYVcBpNy7X6XRsI3WYZXHA3Po8LYdggUUfVgNugFmPIVEGS40XIP8TlH1YTd69vh+eRtnzSpOtz44kPwn1NjV56u6wfBZFxExU5TnZwFimVPOlgoWn4ihBON8d5SQR/5jTcr5tNgMwpl8CFzpKxiY0Hl9j1bAQWxpHQod8ycs22nGxqAAF/eiEHjP4VVhxp83YMkHb+4i4Nm4oBmVrJbFIGgqZjgi2G4LI2nnAIAzp5Pilqi2RA7lLaR2m91eN2z8BoFq+3S8xBNoQz0Eua6pzkcsxzI8f6iF7tNdBUTiZzRYtrHMhBaxWDZSeYFBk1kfXSxGvqQ0kjZGRV3U5BO5LIAag4zCpvRuKiwEF8+mj6Kurc89IVCmY6p9DY2xW29av/sA+bSBYR5L+H/rRlqOr+NeJwSNK3z+TCBZ9KQ+CqapzgroXlT+zAcqNJALWbSwTHOG4HMKmWyP+OX6UxP9YCI+h/iYBJmW+eiBh0aHTpA6d8cgH68kn/tek/S0/ibjdrw4x89+oDCMMdukJKSFPLQgug4nemFiKdZ3UwiNQ7DDTxSV70YFG9Lx2xJqaudj0T4OGgT3/LbhX1hD1qzShdyNhSg3aHjzO+MONm37n27HSTVDpoQBzrwFLg9IfCpxhVfncQdc3Qjg8O34Qu
C:\Windows\tasks\2a73fa2f-927b-4206-8c4d-835773ccf4ad-5_user.job - C:\Program Files (x86)\CinemaP-1.9cV26.08\2a73fa2f-927b-4206-8c4d-835773ccf4ad-5.exe /rawdata=upy5bsKWnxVlSjYj63qwFNiTX9x+VZMAup42DHPjtB+iLRDb/BcPfDBRUBmfpoqYLiIUMax4OfPVlULM199VgbRnOvitBRXaKeyHaUjG6x5J08JrwaPisTE15mycWO534EXM2J1mGVaouk1xE/+Sz/ZA9dOf5F3sYFkRYkm+xVTGmjzL0Eh1nPVOpmMHzskwq2trJgOEwBZNcb8X3hfbMTxY3dvgCmpYURKSlI+lV/IKhFf307iQoINWEOreedEip2N7hLcbfeX3eOFkrpHzDeWCpQImp0AnbOqg75Xl2HUx5Qtqtr2f05fKRqqIWY7GCoMj0ozrpeQGDNYDqQY3CwwOgRCqqtu5OXdEq8o597D+brYVcBpNy7X6XRsI3WYZXHA3Po8LYdggUUfVgNugFmPIVEGS40XIP8TlH1YTd69vh+eRtnzSpOtz44kPwn1NjV56u6wfBZFxExU5TnZwFimVPOlgoWn4ihBON8d5SQR/5jTcr5tNgMwpl8CFzpKxiY0Hl9j1bAQWxpHQod8ycs22nGxqAAF/eiEHjP4VVhxp83YMkHb+4i4Nm4oBmVrJbFIGgqZjgi2G4LI2nnAIAzp5Pilqi2RA7lLaR2m91eN2z8BoFq+3S8xBNoQz0Eua6pzkcsxzI8f6iF7tNdBUTiZzRYtrHMhBaxWDZSeYFBk1kfXSxGvqQ0kjZGRV3U5BO5LIAag4zCpvRuKiwEF8+mj6Kurc89IVCmY6p9DY2xW29av/sA+bSBYR5L+H/rRlqOr+NeJwSNK3z+TCBZ9KQ+CqapzgroXlT+zAcqNJALWbSwTHOG4HMKmWyP+OX6UxP9YCI+h/iYBJmW+eiBh0aCDy0hb5F6gpCHD9vtXUGWchjL0PpXus7aVnvTx5/1kyT37VsrrG2QM6mUFBY3d8J+VtYvCbzG5yh/eG2LBIxe09kco9LCKmADBa+gAQ2GeEbu7pknrMAhmFWed0vf49XChBZj3MpTZOYsYoP0pLpozAASS1Ge75AH9Uwkfu+RiQ
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe -check pepperplugin
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93}]
PDF Architect 3 Helper - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24 38104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e22e1c9-9ddb-40da-85c7-0753217fff76}]
Razor Web - C:\Program Files (x86)\Razor Web\Extensions\2e22e1c9-9ddb-40da-85c7-0753217fff76.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}]
SecureWebBHO Class - C:\Program Files (x86)\IT Viewer\ssie.dll [2015-09-07 224256]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2DFF3579-5AA7-45B9-9328-1D38EA230861} - PDF Architect 3 Toolbar - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24 496344]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10 13671640]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15 1385840]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-05-30 2352072]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-05-30 1279480]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-23 6501656]
"cz.seznam.software.autoupdate"=C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-29 1155760]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"EaseUS EPM tray"=C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe []
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SOLIDWORKS 2015 Rychlé spuštění.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
SOLIDWORKS Nástroj pro stahování na pozadí.lnk - C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\caMyciloP\Hatflex.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-10-03 21:01:28 ----D---- C:\rsit
2015-10-03 21:01:28 ----D---- C:\Program Files\trend micro
2015-09-18 10:27:06 ----D---- C:\Users\Petr\AppData\Roaming\Jpeg Resampler
2015-09-18 10:27:02 ----D---- C:\Program Files (x86)\JpegResampler2010
2015-09-09 17:36:13 ----A---- C:\Windows\system32\wuaueng.dll
2015-09-09 17:36:12 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-09-09 17:36:12 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuwebv.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wudriver.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wucltux.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuauclt.exe
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuapi.dll
2015-09-09 17:36:11 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-09-09 17:36:11 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-09-09 17:36:11 ----A---- C:\Windows\system32\wuapp.exe
2015-09-09 17:35:22 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-09-09 17:35:22 ----A---- C:\Windows\system32\InkEd.dll
2015-09-09 17:35:21 ----A---- C:\Windows\system32\consent.exe
2015-09-09 17:35:19 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\UtcResources.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\tdh.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\diagtrack.dll
2015-09-09 17:35:17 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2015-09-09 17:35:17 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-09-09 17:35:17 ----A---- C:\Windows\system32\msxml6.dll
2015-09-09 17:35:17 ----A---- C:\Windows\system32\msxml3.dll
2015-09-09 17:35:10 ----A---- C:\Windows\system32\mshtml.dll
2015-09-09 17:35:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-09-09 17:35:06 ----A---- C:\Windows\system32\ieframe.dll
2015-09-09 17:35:04 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-09-09 17:35:03 ----A---- C:\Windows\system32\jscript9.dll
2015-09-09 17:35:02 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-09-09 17:35:01 ----A---- C:\Windows\system32\wininet.dll
2015-09-09 17:35:01 ----A---- C:\Windows\system32\iertutil.dll
2015-09-09 17:35:00 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-09-09 17:35:00 ----A---- C:\Windows\system32\urlmon.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\vbscript.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\jscript.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\iedkcs32.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\ie4uinit.exe
2015-09-09 17:34:58 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-09-09 17:34:57 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-09-09 17:34:56 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-09-09 17:34:56 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-09-09 17:34:56 ----A---- C:\Windows\system32\webcheck.dll
2015-09-09 17:34:56 ----A---- C:\Windows\system32\msfeeds.dll
2015-09-09 17:34:55 ----A---- C:\Windows\system32\inetcomm.dll
2015-09-09 17:34:54 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-09-09 17:34:54 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-09-09 17:34:54 ----A---- C:\Windows\system32\ieapfltr.dll
2015-09-09 17:31:15 ----A---- C:\Windows\system32\SettingsHandlers.dll
2015-09-09 17:31:14 ----A---- C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\Windows.UI.Immersive.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\shacct.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\SettingSync.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\shacct.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\SettingSync.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\authui.dll
2015-09-09 17:31:12 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-09-09 17:31:12 ----A---- C:\Windows\system32\schedsvc.dll
2015-09-09 17:31:12 ----A---- C:\Windows\system32\gdi32.dll
2015-09-09 17:31:11 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2015-09-09 17:31:11 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\taskeng.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\schtasks.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\profsvc.dll
2015-09-09 17:31:10 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-09-09 17:31:10 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\win32k.sys
2015-09-09 17:31:10 ----A---- C:\Windows\system32\atmfd.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\appidsvc.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\appidapi.dll
2015-09-09 17:31:09 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-09-09 17:31:09 ----A---- C:\Windows\system32\atmlib.dll
2015-09-09 17:31:07 ----A---- C:\Windows\system32\tzsync.exe
2015-09-07 11:28:33 ----A---- C:\Users\Petr\AppData\Roaming\DD27.tmp.exe
2015-09-07 11:28:33 ----A---- C:\Users\Petr\AppData\Roaming\DD27.tmp
2015-09-06 12:42:35 ----A---- C:\Users\Petr\AppData\Roaming\477E.tmp.exe
2015-09-06 12:42:35 ----A---- C:\Users\Petr\AppData\Roaming\477E.tmp
2015-09-05 15:55:00 ----A---- C:\Users\Petr\AppData\Roaming\1565.tmp.exe
2015-09-05 15:55:00 ----A---- C:\Users\Petr\AppData\Roaming\1565.tmp
2015-09-04 16:40:45 ----A---- C:\Users\Petr\AppData\Roaming\9B9F.tmp.exe
2015-09-04 16:40:45 ----A---- C:\Users\Petr\AppData\Roaming\9B9F.tmp
2015-09-04 16:40:43 ----D---- C:\Program Files (x86)\AV Security
======List of files/folders modified in the last 1 month======
2015-10-03 21:01:28 ----D---- C:\Program Files
2015-10-03 20:00:00 ----D---- C:\Windows\system32\sru
2015-10-03 19:47:56 ----D---- C:\Users\Petr\AppData\Roaming\AIMP3
2015-10-03 19:24:06 ----D---- C:\Windows\Temp
2015-10-03 18:59:42 ----D---- C:\Windows\Prefetch
2015-10-03 18:59:17 ----D---- C:\Windows\Microsoft.NET
2015-10-03 18:22:57 ----D---- C:\Users\Petr\AppData\Roaming\Seznam.cz
2015-10-02 18:38:55 ----RD---- C:\Windows\System32
2015-10-02 18:38:55 ----D---- C:\Windows\Inf
2015-10-02 18:38:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-02 18:19:28 ----D---- C:\Program Files (x86)\Opera
2015-10-02 18:19:27 ----D---- C:\Windows\system32\Tasks
2015-10-01 07:25:22 ----D---- C:\Windows\rescache
2015-10-01 07:23:44 ----SHD---- C:\System Volume Information
2015-10-01 07:12:18 ----D---- C:\ProgramData\caMyciloP
2015-09-27 18:38:21 ----D---- C:\Windows\system32\config
2015-09-23 18:07:58 ----D---- C:\Windows\system32\DriverStore
2015-09-23 18:07:53 ----D---- C:\Windows\WinSxS
2015-09-23 18:03:27 ----D---- C:\Windows\system32\catroot2
2015-09-22 20:12:52 ----D---- C:\Windows\SysWOW64
2015-09-21 20:12:48 ----D---- C:\Windows\CbsTemp
2015-09-20 09:03:09 ----D---- C:\ProgramData\Protexis64
2015-09-18 10:58:03 ----D---- C:\Users\Petr\AppData\Roaming\Fenix Updater
2015-09-18 10:27:02 ----RD---- C:\Program Files (x86)
2015-09-17 07:16:47 ----D---- C:\Program Files (x86)\Google
2015-09-15 03:18:38 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-09-10 20:55:39 ----D---- C:\Windows\system32\cs-CZ
2015-09-10 20:55:39 ----D---- C:\Windows\PolicyDefinitions
2015-09-10 20:55:39 ----D---- C:\Program Files\Internet Explorer
2015-09-10 20:55:39 ----D---- C:\Program Files (x86)\Internet Explorer
2015-09-10 03:13:12 ----RSD---- C:\Windows\assembly
2015-09-09 18:05:41 ----D---- C:\Program Files\Windows Journal
2015-09-09 18:04:09 ----D---- C:\Windows\system32\MRT
2015-09-09 17:49:39 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-09-07 19:03:39 ----D---- C:\Program Files (x86)\Picexa
2015-09-05 16:21:20 ----D---- C:\Windows
2015-09-05 16:00:13 ----D---- C:\Windows\Logs
2015-09-05 15:56:07 ----D---- C:\Program Files (x86)\Hry
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\System32\drivers\amd_sata.sys [2014-03-21 81608]
R0 amd_xata;amd_xata; C:\Windows\System32\drivers\amd_xata.sys [2014-03-21 23752]
R0 mvs91xx;mvs91xx; C:\Windows\System32\drivers\mvs91xx.sys [2013-10-11 328488]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 157016]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2007-11-07 104912]
R3 GeneStor;@oem1.inf,%GENESTOR.SvcDesc%;Genesys Logic Storage Driver; C:\Windows\System32\drivers\GeneStor.sys [2014-01-17 107208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-05-06 3956056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-05-20 12688328]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-05-30 20256]
R3 nvvad_WaveExtensible;@oem7.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8168;@oem2.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2014-03-26 843480]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
S3 dg_ssudbus;@oem9.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 ssudmdm;@oem14.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 WDC_SAM;@oem39.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys [2015-01-27 14464]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\System32\drivers\WinUsb.sys [2013-08-22 78848]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Application Hosting;Application Hosting service; C:\ProgramData\Application Hosting\Application Hosting.exe [2015-08-12 70656]
R2 caMyciloP;caMyciloP; C:\ProgramData\caMyciloP\caMyciloP.exe [2015-08-23 34816]
R2 cohci1394;Compliant Host Controller; C:\Program Files\Controller\cohc.exe [2015-08-06 379392]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-05-30 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-05-30 21055432]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 927520]
R2 PDF Architect 3 Creator;PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [2015-04-24 740568]
R2 PicexaService;PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [2015-06-01 396952]
R2 PrivoxyService;Privoxy (PrivoxyService); C:\Program Files (x86)\IT Viewer\privoxy.exe [2015-09-22 371200]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 winzipersvc;WinZiper service; C:\Program Files (x86)\WinZipper\winzipersvc.exe [2015-08-13 647856]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 Live Malware Protection;Live Malware Protection; C:\Windows\mlwps.exe [2015-08-28 473600]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 CoordinatorServiceHost;DTSInterops; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [2014-09-30 81400]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-01-19 1484080]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2015-01-19 1074480]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Hry\Origin\OriginClientService.exe [2015-02-18 1910128]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [2015-04-24 901336]
S3 PDF Architect 3;PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2015-04-24 2244312]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2015-01-19 79360]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nežádoucí odkazy v internetových prohlížečích
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nežádoucí odkazy v internetových prohlížečích
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
spendlik.spidy
Re: Nežádoucí odkazy v internetových prohlížečích
Kdyz jsem to udelal. Prestal mi fungovat internet. Pise mi to nelze se pripojit k proxy serveru. Odepisuji z mobilu.
Prikladam log:
# AdwCleaner v5.009 - Logfile created 03/10/2015 at 21:36:08
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Petr - SPENDLIK
# Running from : C:\Users\Petr\Desktop\adwcleaner_5.009.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : Live Malware Protection
[-] Service Deleted : PrivoxyService
[-] Service Deleted : winzipersvc
[-] Service Deleted : PicexaService
[-] Service Deleted : Application Hosting
[-] Service Deleted : cohci1394
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files\Controller
[-] Folder Deleted : C:\Program Files (x86)\WinZipper
[-] Folder Deleted : C:\Program Files (x86)\Picexa
[-] Folder Deleted : C:\Program Files (x86)\IT Viewer
[-] Folder Deleted : C:\ProgramData\MailUpdate
[-] Folder Deleted : C:\ProgramData\Application Hosting
[-] Folder Deleted : C:\ProgramData\caMyciloPs
[-] Folder Deleted : C:\ProgramData\camycilop
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
[-] Folder Deleted : C:\Users\Petr\AppData\Roaming\WinZipper
[-] Folder Deleted : C:\Users\Petr\AppData\Roaming\MailUpdate
[-] Folder Deleted : C:\Users\Petr\AppData\Roaming\Picexa Viewer
***** [ Files ] *****
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage-journal
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage-journal
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage-journal
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
[-] File Deleted : C:\Windows\mlwps.exe
[-] File Deleted : C:\Windows\Sysnative\log\iSafeKrnlCall.log
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : Malware Cleaner
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
[-] Task Deleted : 2a73fa2f-927b-4206-8c4d-835773ccf4ad-5
[-] Task Deleted : 2a73fa2f-927b-4206-8c4d-835773ccf4ad-5_user
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.bmp
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.gif
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpeg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.png
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.tif
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.001
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.7z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.arj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bzip2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cab
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cpio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.deb
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.dmg
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.fat
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gzip
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.hfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.iso
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lha
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzh
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzma
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.ntfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rpm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.squashfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.swm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.taz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tgz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tpz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.txz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.vhd
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.wim
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.zip
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2E22E1C9-9DDB-40DA-85C7-0753217FFF76}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2561FD25-FE31-4E56-A120-AF7FEAAE3124}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCAD7AF4-2975-4BFD-96A0-15F67DB62A78}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E22E1C9-9DDB-40DA-85C7-0753217FFF76}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428A-92C9-0CFC28B9D1BF}
[-] Key Deleted : HKU\.DEFAULT\Software\Goobzo
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\iWebar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Sense
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\GoHD
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\InetStat
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\V9
[-] Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\V9
[-] Key Deleted : HKLM\SOFTWARE\winzipersvc
[-] Key Deleted : HKLM\SOFTWARE\PicexaSvc
[-] Key Deleted : HKLM\SOFTWARE\Picexa
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picexa
[!] Key Not Deleted : [x64] HKCU\Software\InetStat
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\V9
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\iWebar
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Sense
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\GoHD
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\iWebar
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Sense
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\GoHD
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [First Home Page]
[-] Data Restored : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main [First Home Page]
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-1320987048-3415038541-2125130481-1001\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[!] Key Not Deleted : HKU\S-1-5-21-1320987048-3415038541-2125130481-1001\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKU\S-1-5-21-1320987048-3415038541-2125130481-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
***** [ Web browsers ] *****
[-] [C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch.com
[-] [C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch
[-] [C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... 7224172241
[-] [C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.mystartsearch.com/webfavicon.ico
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12868 bytes] ##########
Prikladam log:
# AdwCleaner v5.009 - Logfile created 03/10/2015 at 21:36:08
# Updated 27/09/2015 by Xplode
# Database : 2015-09-30.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : Petr - SPENDLIK
# Running from : C:\Users\Petr\Desktop\adwcleaner_5.009.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : Live Malware Protection
[-] Service Deleted : PrivoxyService
[-] Service Deleted : winzipersvc
[-] Service Deleted : PicexaService
[-] Service Deleted : Application Hosting
[-] Service Deleted : cohci1394
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files\Controller
[-] Folder Deleted : C:\Program Files (x86)\WinZipper
[-] Folder Deleted : C:\Program Files (x86)\Picexa
[-] Folder Deleted : C:\Program Files (x86)\IT Viewer
[-] Folder Deleted : C:\ProgramData\MailUpdate
[-] Folder Deleted : C:\ProgramData\Application Hosting
[-] Folder Deleted : C:\ProgramData\caMyciloPs
[-] Folder Deleted : C:\ProgramData\camycilop
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
[-] Folder Deleted : C:\Users\Petr\AppData\Roaming\WinZipper
[-] Folder Deleted : C:\Users\Petr\AppData\Roaming\MailUpdate
[-] Folder Deleted : C:\Users\Petr\AppData\Roaming\Picexa Viewer
***** [ Files ] *****
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.kingtopdeals.com_0.localstorage-journal
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.safefinder.com_0.localstorage-journal
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.snapdo.com_0.localstorage-journal
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.delta-homes.com_0.localstorage-journal
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage
[-] File Deleted : C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.mystartsearch.com_0.localstorage-journal
[-] File Deleted : C:\Windows\mlwps.exe
[-] File Deleted : C:\Windows\Sysnative\log\iSafeKrnlCall.log
***** [ Shortcuts ] *****
***** [ Scheduled tasks ] *****
[-] Task Deleted : Malware Cleaner
[-] Task Deleted : amiupdaterExd
[-] Task Deleted : amiupdaterExi
[-] Task Deleted : 2a73fa2f-927b-4206-8c4d-835773ccf4ad-5
[-] Task Deleted : 2a73fa2f-927b-4206-8c4d-835773ccf4ad-5_user
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.bmp
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.gif
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpeg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.png
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.tif
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper
[-] Key Deleted : HKLM\SOFTWARE\Classes\pc-mechanic
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.001
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.7z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.arj
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.bzip2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cab
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.cpio
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.deb
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.dmg
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.fat
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.gzip
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.hfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.iso
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lha
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzh
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.lzma
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.ntfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.rpm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.squashfs
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.swm
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.taz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tbz2
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tgz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.tpz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.txz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.vhd
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.wim
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xar
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.xz
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.z
[-] Key Deleted : HKLM\SOFTWARE\Classes\WinZipper.zip
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3C24E2B-C820-4492-9B69-11BF7163F998}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2E22E1C9-9DDB-40DA-85C7-0753217FFF76}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2F137995-4D26-44AD-9C4E-91055090A817}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2561FD25-FE31-4E56-A120-AF7FEAAE3124}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CCAD7AF4-2975-4BFD-96A0-15F67DB62A78}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3C24E2B-C820-4492-9B69-11BF7163F998}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E22E1C9-9DDB-40DA-85C7-0753217FFF76}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{1F91A9A1-01BA-4C81-863D-3BA0751E1419}]
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B}
[-] Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428A-92C9-0CFC28B9D1BF}
[-] Key Deleted : HKU\.DEFAULT\Software\Goobzo
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\iWebar
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Sense
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\GoHD
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKCU\Software\InetStat
[-] Key Deleted : HKCU\Software\Softonic
[-] Key Deleted : HKCU\Software\V9
[-] Key Deleted : HKLM\SOFTWARE\delta-homesSoftware
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\V9
[-] Key Deleted : HKLM\SOFTWARE\winzipersvc
[-] Key Deleted : HKLM\SOFTWARE\PicexaSvc
[-] Key Deleted : HKLM\SOFTWARE\Picexa
[-] Key Deleted : HKLM\SOFTWARE\SecureWebChannel
[-] Key Deleted : HKLM\SOFTWARE\SecureWeb
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picexa
[!] Key Not Deleted : [x64] HKCU\Software\InetStat
[!] Key Not Deleted : [x64] HKCU\Software\Softonic
[!] Key Not Deleted : [x64] HKCU\Software\V9
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\YorkNewCin
[-] Key Deleted : [x64] HKLM\SOFTWARE\HighDefAction
[-] Key Deleted : [x64] HKLM\SOFTWARE\ArenaHD
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\iWebar
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Sense
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\GoHD
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\iWebar
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Sense
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\GoHD
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main [First Home Page]
[-] Data Restored : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main [First Home Page]
[!] Key Not Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ielnksrch
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[!] Key Not Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[-] Data Restored : HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[-] Data Restored : HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-1320987048-3415038541-2125130481-1001\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
[!] Key Not Deleted : HKU\S-1-5-21-1320987048-3415038541-2125130481-1001\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}
[-] Data Restored : HKU\S-1-5-21-1320987048-3415038541-2125130481-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
***** [ Web browsers ] *****
[-] [C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch.com
[-] [C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : mystartsearch
[-] [C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.mystartsearch.com/?type=hppp&ts=142 ... 7224172241
[-] [C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.mystartsearch.com/webfavicon.ico
*************************
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [12868 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nežádoucí odkazy v internetových prohlížečích
Zkuste opravu sítě - klik pravým myšítkem na ikonu sítě na tray>odstranit problémy. Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
spendlik.spidy
Re: Nežádoucí odkazy v internetových prohlížečích
Oprava site nepomohla.
Prikladam log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2015-10-03 22:26:06
Microsoft Windows 8.1
System drive C: has 448 GB (31%) free of 1430 GB
Total RAM: 16349 MB (91% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:26:09, on 3. 10. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe
C:\Program Files\trend micro\Petr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PDF Architect 3 Helper - {06E08260-0695-4EC1-A74B-1310D8899D93} - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll
O3 - Toolbar: PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - Global Startup: SOLIDWORKS 2015 Rychlé spuštění.lnk = ?
O4 - Global Startup: SOLIDWORKS Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs: C:\ProgramData\caMyciloP\Xxx-lab.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: caMyciloP - Unknown owner - C:\ProgramData\caMyciloP\caMyciloP.exe (file missing)
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Hry\Origin\OriginClientService.exe
O23 - Service: PDF Architect 3 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\ws.exe
O23 - Service: PDF Architect 3 CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe
O23 - Service: PDF Architect 3 Creator - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8752 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Windows\system32\nvvsvc.exe"
"dwm.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {84e69279-ce02-48c7-ab31ae0da6442cb7}
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\PDF Architect 3\creator-ws.exe"
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss b2695113-8141-42e7-96a5-f8dfa3c488be 1
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
szndesktop.exe default start
"C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe"
"C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe" /launch_from 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
C:\Windows\splwow64.exe 8192
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Petr\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe -check pepperplugin
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93}]
PDF Architect 3 Helper - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24 38104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2DFF3579-5AA7-45B9-9328-1D38EA230861} - PDF Architect 3 Toolbar - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24 496344]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10 13671640]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15 1385840]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-05-30 2352072]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-05-30 1279480]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-23 6501656]
"cz.seznam.software.autoupdate"=C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"EaseUS EPM tray"=C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe []
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SOLIDWORKS 2015 Rychlé spuštění.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
SOLIDWORKS Nástroj pro stahování na pozadí.lnk - C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\caMyciloP\Hatflex.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-10-03 21:36:18 ----D---- C:\Program Files\Controller
2015-10-03 21:35:17 ----D---- C:\AdwCleaner
2015-10-03 21:01:28 ----D---- C:\rsit
2015-10-03 21:01:28 ----D---- C:\Program Files\trend micro
2015-09-18 10:27:06 ----D---- C:\Users\Petr\AppData\Roaming\Jpeg Resampler
2015-09-18 10:27:02 ----D---- C:\Program Files (x86)\JpegResampler2010
2015-09-09 17:36:13 ----A---- C:\Windows\system32\wuaueng.dll
2015-09-09 17:36:12 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-09-09 17:36:12 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuwebv.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wudriver.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wucltux.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuauclt.exe
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuapi.dll
2015-09-09 17:36:11 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-09-09 17:36:11 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-09-09 17:36:11 ----A---- C:\Windows\system32\wuapp.exe
2015-09-09 17:35:22 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-09-09 17:35:22 ----A---- C:\Windows\system32\InkEd.dll
2015-09-09 17:35:21 ----A---- C:\Windows\system32\consent.exe
2015-09-09 17:35:19 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\UtcResources.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\tdh.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\diagtrack.dll
2015-09-09 17:35:17 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2015-09-09 17:35:17 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-09-09 17:35:17 ----A---- C:\Windows\system32\msxml6.dll
2015-09-09 17:35:17 ----A---- C:\Windows\system32\msxml3.dll
2015-09-09 17:35:10 ----A---- C:\Windows\system32\mshtml.dll
2015-09-09 17:35:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-09-09 17:35:06 ----A---- C:\Windows\system32\ieframe.dll
2015-09-09 17:35:04 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-09-09 17:35:03 ----A---- C:\Windows\system32\jscript9.dll
2015-09-09 17:35:02 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-09-09 17:35:01 ----A---- C:\Windows\system32\wininet.dll
2015-09-09 17:35:01 ----A---- C:\Windows\system32\iertutil.dll
2015-09-09 17:35:00 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-09-09 17:35:00 ----A---- C:\Windows\system32\urlmon.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\vbscript.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\jscript.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\iedkcs32.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\ie4uinit.exe
2015-09-09 17:34:58 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-09-09 17:34:57 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-09-09 17:34:56 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-09-09 17:34:56 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-09-09 17:34:56 ----A---- C:\Windows\system32\webcheck.dll
2015-09-09 17:34:56 ----A---- C:\Windows\system32\msfeeds.dll
2015-09-09 17:34:55 ----A---- C:\Windows\system32\inetcomm.dll
2015-09-09 17:34:54 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-09-09 17:34:54 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-09-09 17:34:54 ----A---- C:\Windows\system32\ieapfltr.dll
2015-09-09 17:31:15 ----A---- C:\Windows\system32\SettingsHandlers.dll
2015-09-09 17:31:14 ----A---- C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\Windows.UI.Immersive.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\shacct.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\SettingSync.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\shacct.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\SettingSync.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\authui.dll
2015-09-09 17:31:12 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-09-09 17:31:12 ----A---- C:\Windows\system32\schedsvc.dll
2015-09-09 17:31:12 ----A---- C:\Windows\system32\gdi32.dll
2015-09-09 17:31:11 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2015-09-09 17:31:11 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\taskeng.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\schtasks.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\profsvc.dll
2015-09-09 17:31:10 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-09-09 17:31:10 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\win32k.sys
2015-09-09 17:31:10 ----A---- C:\Windows\system32\atmfd.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\appidsvc.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\appidapi.dll
2015-09-09 17:31:09 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-09-09 17:31:09 ----A---- C:\Windows\system32\atmlib.dll
2015-09-09 17:31:07 ----A---- C:\Windows\system32\tzsync.exe
2015-09-07 11:28:33 ----A---- C:\Users\Petr\AppData\Roaming\DD27.tmp.exe
2015-09-07 11:28:33 ----A---- C:\Users\Petr\AppData\Roaming\DD27.tmp
2015-09-06 12:42:35 ----A---- C:\Users\Petr\AppData\Roaming\477E.tmp.exe
2015-09-06 12:42:35 ----A---- C:\Users\Petr\AppData\Roaming\477E.tmp
2015-09-05 15:55:00 ----A---- C:\Users\Petr\AppData\Roaming\1565.tmp.exe
2015-09-05 15:55:00 ----A---- C:\Users\Petr\AppData\Roaming\1565.tmp
2015-09-04 16:40:45 ----A---- C:\Users\Petr\AppData\Roaming\9B9F.tmp.exe
2015-09-04 16:40:45 ----A---- C:\Users\Petr\AppData\Roaming\9B9F.tmp
2015-09-04 16:40:43 ----D---- C:\Program Files (x86)\AV Security
======List of files/folders modified in the last 1 month======
2015-10-03 22:25:38 ----D---- C:\Windows\Prefetch
2015-10-03 22:24:55 ----D---- C:\Windows\system32\NDF
2015-10-03 22:14:33 ----D---- C:\Windows\Temp
2015-10-03 22:00:00 ----D---- C:\Windows\system32\sru
2015-10-03 21:50:20 ----D---- C:\Users\Petr\AppData\Roaming\Seznam.cz
2015-10-03 21:36:18 ----D---- C:\Program Files
2015-10-03 21:36:15 ----D---- C:\Windows\Tasks
2015-10-03 21:36:13 ----RD---- C:\Program Files (x86)
2015-10-03 21:36:13 ----HD---- C:\ProgramData
2015-10-03 21:36:13 ----D---- C:\Windows\system32\Tasks
2015-10-03 21:36:13 ----D---- C:\Windows\system32\log
2015-10-03 21:36:13 ----D---- C:\Windows
2015-10-03 21:34:20 ----D---- C:\Users\Petr\AppData\Roaming\AIMP3
2015-10-03 18:59:17 ----D---- C:\Windows\Microsoft.NET
2015-10-02 18:38:55 ----RD---- C:\Windows\System32
2015-10-02 18:38:55 ----D---- C:\Windows\Inf
2015-10-02 18:38:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-02 18:19:28 ----D---- C:\Program Files (x86)\Opera
2015-10-01 07:25:22 ----D---- C:\Windows\rescache
2015-10-01 07:23:44 ----SHD---- C:\System Volume Information
2015-09-27 18:38:21 ----D---- C:\Windows\system32\config
2015-09-23 18:07:58 ----D---- C:\Windows\system32\DriverStore
2015-09-23 18:07:53 ----D---- C:\Windows\WinSxS
2015-09-23 18:03:27 ----D---- C:\Windows\system32\catroot2
2015-09-22 20:12:52 ----D---- C:\Windows\SysWOW64
2015-09-21 20:12:48 ----D---- C:\Windows\CbsTemp
2015-09-20 09:03:09 ----D---- C:\ProgramData\Protexis64
2015-09-18 10:58:03 ----D---- C:\Users\Petr\AppData\Roaming\Fenix Updater
2015-09-17 07:16:47 ----D---- C:\Program Files (x86)\Google
2015-09-15 03:18:38 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-09-10 20:55:39 ----D---- C:\Windows\system32\cs-CZ
2015-09-10 20:55:39 ----D---- C:\Windows\PolicyDefinitions
2015-09-10 20:55:39 ----D---- C:\Program Files\Internet Explorer
2015-09-10 20:55:39 ----D---- C:\Program Files (x86)\Internet Explorer
2015-09-10 03:13:12 ----RSD---- C:\Windows\assembly
2015-09-09 18:05:41 ----D---- C:\Program Files\Windows Journal
2015-09-09 18:04:09 ----D---- C:\Windows\system32\MRT
2015-09-09 17:49:39 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-09-05 16:00:13 ----D---- C:\Windows\Logs
2015-09-05 15:56:07 ----D---- C:\Program Files (x86)\Hry
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\System32\drivers\amd_sata.sys [2014-03-21 81608]
R0 amd_xata;amd_xata; C:\Windows\System32\drivers\amd_xata.sys [2014-03-21 23752]
R0 mvs91xx;mvs91xx; C:\Windows\System32\drivers\mvs91xx.sys [2013-10-11 328488]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 157016]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2007-11-07 104912]
R3 GeneStor;@oem1.inf,%GENESTOR.SvcDesc%;Genesys Logic Storage Driver; C:\Windows\System32\drivers\GeneStor.sys [2014-01-17 107208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-05-06 3956056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-05-20 12688328]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-05-30 20256]
R3 nvvad_WaveExtensible;@oem7.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8168;@oem2.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2014-03-26 843480]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
S3 dg_ssudbus;@oem9.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 ssudmdm;@oem14.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 WDC_SAM;@oem39.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys [2015-01-27 14464]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\System32\drivers\WinUsb.sys [2013-08-22 78848]
S3 WSDPrintDevice;@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support; C:\Windows\System32\drivers\WSDPrint.sys [2013-08-22 20992]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-05-30 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-05-30 21055432]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 927520]
R2 PDF Architect 3 Creator;PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [2015-04-24 740568]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 caMyciloP;caMyciloP; C:\ProgramData\caMyciloP\caMyciloP.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 CoordinatorServiceHost;DTSInterops; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [2014-09-30 81400]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-01-19 1484080]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2015-01-19 1074480]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Hry\Origin\OriginClientService.exe [2015-02-18 1910128]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [2015-04-24 901336]
S3 PDF Architect 3;PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2015-04-24 2244312]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2015-01-19 79360]
-----------------EOF-----------------
Prikladam log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2015-10-03 22:26:06
Microsoft Windows 8.1
System drive C: has 448 GB (31%) free of 1430 GB
Total RAM: 16349 MB (91% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:26:09, on 3. 10. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe
C:\Program Files\trend micro\Petr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PDF Architect 3 Helper - {06E08260-0695-4EC1-A74B-1310D8899D93} - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll
O3 - Toolbar: PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - Global Startup: SOLIDWORKS 2015 Rychlé spuštění.lnk = ?
O4 - Global Startup: SOLIDWORKS Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs: C:\ProgramData\caMyciloP\Xxx-lab.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: caMyciloP - Unknown owner - C:\ProgramData\caMyciloP\caMyciloP.exe (file missing)
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Hry\Origin\OriginClientService.exe
O23 - Service: PDF Architect 3 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\ws.exe
O23 - Service: PDF Architect 3 CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe
O23 - Service: PDF Architect 3 Creator - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8752 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Windows\system32\nvvsvc.exe"
"dwm.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {84e69279-ce02-48c7-ab31ae0da6442cb7}
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\PDF Architect 3\creator-ws.exe"
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss b2695113-8141-42e7-96a5-f8dfa3c488be 1
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
szndesktop.exe default start
"C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe"
"C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe" /launch_from 0
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
C:\Windows\splwow64.exe 8192
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Petr\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe -check pepperplugin
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93}]
PDF Architect 3 Helper - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24 38104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2DFF3579-5AA7-45B9-9328-1D38EA230861} - PDF Architect 3 Toolbar - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24 496344]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10 13671640]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15 1385840]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-05-30 2352072]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-05-30 1279480]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-23 6501656]
"cz.seznam.software.autoupdate"=C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"EaseUS EPM tray"=C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe []
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SOLIDWORKS 2015 Rychlé spuštění.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
SOLIDWORKS Nástroj pro stahování na pozadí.lnk - C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\caMyciloP\Hatflex.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-10-03 21:36:18 ----D---- C:\Program Files\Controller
2015-10-03 21:35:17 ----D---- C:\AdwCleaner
2015-10-03 21:01:28 ----D---- C:\rsit
2015-10-03 21:01:28 ----D---- C:\Program Files\trend micro
2015-09-18 10:27:06 ----D---- C:\Users\Petr\AppData\Roaming\Jpeg Resampler
2015-09-18 10:27:02 ----D---- C:\Program Files (x86)\JpegResampler2010
2015-09-09 17:36:13 ----A---- C:\Windows\system32\wuaueng.dll
2015-09-09 17:36:12 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-09-09 17:36:12 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuwebv.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wudriver.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wucltux.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuauclt.exe
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuapi.dll
2015-09-09 17:36:11 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-09-09 17:36:11 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-09-09 17:36:11 ----A---- C:\Windows\system32\wuapp.exe
2015-09-09 17:35:22 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-09-09 17:35:22 ----A---- C:\Windows\system32\InkEd.dll
2015-09-09 17:35:21 ----A---- C:\Windows\system32\consent.exe
2015-09-09 17:35:19 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\UtcResources.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\tdh.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\diagtrack.dll
2015-09-09 17:35:17 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2015-09-09 17:35:17 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-09-09 17:35:17 ----A---- C:\Windows\system32\msxml6.dll
2015-09-09 17:35:17 ----A---- C:\Windows\system32\msxml3.dll
2015-09-09 17:35:10 ----A---- C:\Windows\system32\mshtml.dll
2015-09-09 17:35:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-09-09 17:35:06 ----A---- C:\Windows\system32\ieframe.dll
2015-09-09 17:35:04 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-09-09 17:35:03 ----A---- C:\Windows\system32\jscript9.dll
2015-09-09 17:35:02 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-09-09 17:35:01 ----A---- C:\Windows\system32\wininet.dll
2015-09-09 17:35:01 ----A---- C:\Windows\system32\iertutil.dll
2015-09-09 17:35:00 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-09-09 17:35:00 ----A---- C:\Windows\system32\urlmon.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\vbscript.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\jscript.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\iedkcs32.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\ie4uinit.exe
2015-09-09 17:34:58 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-09-09 17:34:57 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-09-09 17:34:56 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-09-09 17:34:56 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-09-09 17:34:56 ----A---- C:\Windows\system32\webcheck.dll
2015-09-09 17:34:56 ----A---- C:\Windows\system32\msfeeds.dll
2015-09-09 17:34:55 ----A---- C:\Windows\system32\inetcomm.dll
2015-09-09 17:34:54 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-09-09 17:34:54 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-09-09 17:34:54 ----A---- C:\Windows\system32\ieapfltr.dll
2015-09-09 17:31:15 ----A---- C:\Windows\system32\SettingsHandlers.dll
2015-09-09 17:31:14 ----A---- C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\Windows.UI.Immersive.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\shacct.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\SettingSync.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\shacct.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\SettingSync.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\authui.dll
2015-09-09 17:31:12 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-09-09 17:31:12 ----A---- C:\Windows\system32\schedsvc.dll
2015-09-09 17:31:12 ----A---- C:\Windows\system32\gdi32.dll
2015-09-09 17:31:11 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2015-09-09 17:31:11 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\taskeng.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\schtasks.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\profsvc.dll
2015-09-09 17:31:10 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-09-09 17:31:10 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\win32k.sys
2015-09-09 17:31:10 ----A---- C:\Windows\system32\atmfd.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\appidsvc.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\appidapi.dll
2015-09-09 17:31:09 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-09-09 17:31:09 ----A---- C:\Windows\system32\atmlib.dll
2015-09-09 17:31:07 ----A---- C:\Windows\system32\tzsync.exe
2015-09-07 11:28:33 ----A---- C:\Users\Petr\AppData\Roaming\DD27.tmp.exe
2015-09-07 11:28:33 ----A---- C:\Users\Petr\AppData\Roaming\DD27.tmp
2015-09-06 12:42:35 ----A---- C:\Users\Petr\AppData\Roaming\477E.tmp.exe
2015-09-06 12:42:35 ----A---- C:\Users\Petr\AppData\Roaming\477E.tmp
2015-09-05 15:55:00 ----A---- C:\Users\Petr\AppData\Roaming\1565.tmp.exe
2015-09-05 15:55:00 ----A---- C:\Users\Petr\AppData\Roaming\1565.tmp
2015-09-04 16:40:45 ----A---- C:\Users\Petr\AppData\Roaming\9B9F.tmp.exe
2015-09-04 16:40:45 ----A---- C:\Users\Petr\AppData\Roaming\9B9F.tmp
2015-09-04 16:40:43 ----D---- C:\Program Files (x86)\AV Security
======List of files/folders modified in the last 1 month======
2015-10-03 22:25:38 ----D---- C:\Windows\Prefetch
2015-10-03 22:24:55 ----D---- C:\Windows\system32\NDF
2015-10-03 22:14:33 ----D---- C:\Windows\Temp
2015-10-03 22:00:00 ----D---- C:\Windows\system32\sru
2015-10-03 21:50:20 ----D---- C:\Users\Petr\AppData\Roaming\Seznam.cz
2015-10-03 21:36:18 ----D---- C:\Program Files
2015-10-03 21:36:15 ----D---- C:\Windows\Tasks
2015-10-03 21:36:13 ----RD---- C:\Program Files (x86)
2015-10-03 21:36:13 ----HD---- C:\ProgramData
2015-10-03 21:36:13 ----D---- C:\Windows\system32\Tasks
2015-10-03 21:36:13 ----D---- C:\Windows\system32\log
2015-10-03 21:36:13 ----D---- C:\Windows
2015-10-03 21:34:20 ----D---- C:\Users\Petr\AppData\Roaming\AIMP3
2015-10-03 18:59:17 ----D---- C:\Windows\Microsoft.NET
2015-10-02 18:38:55 ----RD---- C:\Windows\System32
2015-10-02 18:38:55 ----D---- C:\Windows\Inf
2015-10-02 18:38:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-02 18:19:28 ----D---- C:\Program Files (x86)\Opera
2015-10-01 07:25:22 ----D---- C:\Windows\rescache
2015-10-01 07:23:44 ----SHD---- C:\System Volume Information
2015-09-27 18:38:21 ----D---- C:\Windows\system32\config
2015-09-23 18:07:58 ----D---- C:\Windows\system32\DriverStore
2015-09-23 18:07:53 ----D---- C:\Windows\WinSxS
2015-09-23 18:03:27 ----D---- C:\Windows\system32\catroot2
2015-09-22 20:12:52 ----D---- C:\Windows\SysWOW64
2015-09-21 20:12:48 ----D---- C:\Windows\CbsTemp
2015-09-20 09:03:09 ----D---- C:\ProgramData\Protexis64
2015-09-18 10:58:03 ----D---- C:\Users\Petr\AppData\Roaming\Fenix Updater
2015-09-17 07:16:47 ----D---- C:\Program Files (x86)\Google
2015-09-15 03:18:38 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-09-10 20:55:39 ----D---- C:\Windows\system32\cs-CZ
2015-09-10 20:55:39 ----D---- C:\Windows\PolicyDefinitions
2015-09-10 20:55:39 ----D---- C:\Program Files\Internet Explorer
2015-09-10 20:55:39 ----D---- C:\Program Files (x86)\Internet Explorer
2015-09-10 03:13:12 ----RSD---- C:\Windows\assembly
2015-09-09 18:05:41 ----D---- C:\Program Files\Windows Journal
2015-09-09 18:04:09 ----D---- C:\Windows\system32\MRT
2015-09-09 17:49:39 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-09-05 16:00:13 ----D---- C:\Windows\Logs
2015-09-05 15:56:07 ----D---- C:\Program Files (x86)\Hry
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\System32\drivers\amd_sata.sys [2014-03-21 81608]
R0 amd_xata;amd_xata; C:\Windows\System32\drivers\amd_xata.sys [2014-03-21 23752]
R0 mvs91xx;mvs91xx; C:\Windows\System32\drivers\mvs91xx.sys [2013-10-11 328488]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 157016]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2007-11-07 104912]
R3 GeneStor;@oem1.inf,%GENESTOR.SvcDesc%;Genesys Logic Storage Driver; C:\Windows\System32\drivers\GeneStor.sys [2014-01-17 107208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-05-06 3956056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-05-20 12688328]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-05-30 20256]
R3 nvvad_WaveExtensible;@oem7.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8168;@oem2.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2014-03-26 843480]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
S3 dg_ssudbus;@oem9.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 ssudmdm;@oem14.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 WDC_SAM;@oem39.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys [2015-01-27 14464]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\System32\drivers\WinUsb.sys [2013-08-22 78848]
S3 WSDPrintDevice;@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support; C:\Windows\System32\drivers\WSDPrint.sys [2013-08-22 20992]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-05-30 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-05-30 21055432]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 927520]
R2 PDF Architect 3 Creator;PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [2015-04-24 740568]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 caMyciloP;caMyciloP; C:\ProgramData\caMyciloP\caMyciloP.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 CoordinatorServiceHost;DTSInterops; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [2014-09-30 81400]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-01-19 1484080]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2015-01-19 1074480]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Hry\Origin\OriginClientService.exe [2015-02-18 1910128]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [2015-04-24 901336]
S3 PDF Architect 3;PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2015-04-24 2244312]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2015-01-19 79360]
-----------------EOF-----------------
-
spendlik.spidy
Re: Nežádoucí odkazy v internetových prohlížečích
Internet už funguje nastavení jsem opravil proxy serveru.
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nežádoucí odkazy v internetových prohlížečích
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.
Díky za oznámení, ADV by rozhodně mazat nastavení proxy neměl.
:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Petr\AppData\Roaming\*.tmp.exe
C:\Users\Petr\AppData\Roaming\*.tmp
C:\ProgramData\caMyciloP
:commands
[Purity]
[Emptytemp]
[Emptyflash]
a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.
Díky za oznámení, ADV by rozhodně mazat nastavení proxy neměl.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
spendlik.spidy
Re: Nežádoucí odkazy v internetových prohlížečích
Logfile of random's system information tool 1.10 (written by random/random)
Run by Petr at 2015-10-04 20:08:33
Microsoft Windows 8.1
System drive C: has 452 GB (32%) free of 1430 GB
Total RAM: 16349 MB (90% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:08:38, on 4. 10. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe
C:\Program Files\trend micro\Petr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PDF Architect 3 Helper - {06E08260-0695-4EC1-A74B-1310D8899D93} - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll
O3 - Toolbar: PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - Global Startup: SOLIDWORKS 2015 Rychlé spuštění.lnk = ?
O4 - Global Startup: SOLIDWORKS Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs: C:\ProgramData\caMyciloP\Xxx-lab.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: caMyciloP - Unknown owner - C:\ProgramData\caMyciloP\caMyciloP.exe (file missing)
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Hry\Origin\OriginClientService.exe
O23 - Service: PDF Architect 3 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\ws.exe
O23 - Service: PDF Architect 3 CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe
O23 - Service: PDF Architect 3 Creator - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8808 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Windows\system32\nvvsvc.exe"
"dwm.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {caab1db2-0c1d-47b1-9ccc59e63196111e}
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\PDF Architect 3\creator-ws.exe"
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss b2695113-8141-42e7-96a5-f8dfa3c488be 1
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
taskeng.exe {7649C1D1-E5DD-4D39-9530-22584C159535}
taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\System32\skydrive.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 556 560 568 65536 564
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe" -c
"C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe"
szndesktop.exe default start
"C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding
"C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe" /launch_from 0
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Petr\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe -check pepperplugin
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93}]
PDF Architect 3 Helper - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24 38104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2DFF3579-5AA7-45B9-9328-1D38EA230861} - PDF Architect 3 Toolbar - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24 496344]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10 13671640]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15 1385840]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-05-30 2352072]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-05-30 1279480]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-23 6501656]
"cz.seznam.software.autoupdate"=C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"EaseUS EPM tray"=C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe []
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SOLIDWORKS 2015 Rychlé spuštění.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
SOLIDWORKS Nástroj pro stahování na pozadí.lnk - C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\caMyciloP\Hatflex.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-10-04 20:01:46 ----D---- C:\_OTM
2015-10-03 21:36:18 ----D---- C:\Program Files\Controller
2015-10-03 21:35:17 ----D---- C:\AdwCleaner
2015-10-03 21:01:28 ----D---- C:\rsit
2015-10-03 21:01:28 ----D---- C:\Program Files\trend micro
2015-09-18 10:27:06 ----D---- C:\Users\Petr\AppData\Roaming\Jpeg Resampler
2015-09-18 10:27:02 ----D---- C:\Program Files (x86)\JpegResampler2010
2015-09-09 17:36:13 ----A---- C:\Windows\system32\wuaueng.dll
2015-09-09 17:36:12 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-09-09 17:36:12 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuwebv.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wudriver.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wucltux.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuauclt.exe
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuapi.dll
2015-09-09 17:36:11 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-09-09 17:36:11 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-09-09 17:36:11 ----A---- C:\Windows\system32\wuapp.exe
2015-09-09 17:35:22 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-09-09 17:35:22 ----A---- C:\Windows\system32\InkEd.dll
2015-09-09 17:35:21 ----A---- C:\Windows\system32\consent.exe
2015-09-09 17:35:19 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\UtcResources.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\tdh.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\diagtrack.dll
2015-09-09 17:35:17 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2015-09-09 17:35:17 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-09-09 17:35:17 ----A---- C:\Windows\system32\msxml6.dll
2015-09-09 17:35:17 ----A---- C:\Windows\system32\msxml3.dll
2015-09-09 17:35:10 ----A---- C:\Windows\system32\mshtml.dll
2015-09-09 17:35:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-09-09 17:35:06 ----A---- C:\Windows\system32\ieframe.dll
2015-09-09 17:35:04 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-09-09 17:35:03 ----A---- C:\Windows\system32\jscript9.dll
2015-09-09 17:35:02 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-09-09 17:35:01 ----A---- C:\Windows\system32\wininet.dll
2015-09-09 17:35:01 ----A---- C:\Windows\system32\iertutil.dll
2015-09-09 17:35:00 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-09-09 17:35:00 ----A---- C:\Windows\system32\urlmon.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\vbscript.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\jscript.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\iedkcs32.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\ie4uinit.exe
2015-09-09 17:34:58 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-09-09 17:34:57 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-09-09 17:34:56 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-09-09 17:34:56 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-09-09 17:34:56 ----A---- C:\Windows\system32\webcheck.dll
2015-09-09 17:34:56 ----A---- C:\Windows\system32\msfeeds.dll
2015-09-09 17:34:55 ----A---- C:\Windows\system32\inetcomm.dll
2015-09-09 17:34:54 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-09-09 17:34:54 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-09-09 17:34:54 ----A---- C:\Windows\system32\ieapfltr.dll
2015-09-09 17:31:15 ----A---- C:\Windows\system32\SettingsHandlers.dll
2015-09-09 17:31:14 ----A---- C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\Windows.UI.Immersive.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\shacct.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\SettingSync.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\shacct.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\SettingSync.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\authui.dll
2015-09-09 17:31:12 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-09-09 17:31:12 ----A---- C:\Windows\system32\schedsvc.dll
2015-09-09 17:31:12 ----A---- C:\Windows\system32\gdi32.dll
2015-09-09 17:31:11 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2015-09-09 17:31:11 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\taskeng.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\schtasks.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\profsvc.dll
2015-09-09 17:31:10 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-09-09 17:31:10 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\win32k.sys
2015-09-09 17:31:10 ----A---- C:\Windows\system32\atmfd.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\appidsvc.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\appidapi.dll
2015-09-09 17:31:09 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-09-09 17:31:09 ----A---- C:\Windows\system32\atmlib.dll
2015-09-09 17:31:07 ----A---- C:\Windows\system32\tzsync.exe
======List of files/folders modified in the last 1 month======
2015-10-04 20:08:10 ----D---- C:\Windows\Prefetch
2015-10-04 20:02:43 ----D---- C:\Windows\Temp
2015-10-04 20:02:29 ----D---- C:\Windows
2015-10-04 20:01:46 ----D---- C:\Windows\Tasks
2015-10-04 19:58:33 ----D---- C:\Windows\system32\sru
2015-10-04 11:52:16 ----SHD---- C:\System Volume Information
2015-10-04 11:45:02 ----D---- C:\Users\Petr\AppData\Roaming\Seznam.cz
2015-10-03 22:25:10 ----D---- C:\Windows\system32\NDF
2015-10-03 21:36:18 ----D---- C:\Program Files
2015-10-03 21:36:13 ----RD---- C:\Program Files (x86)
2015-10-03 21:36:13 ----HD---- C:\ProgramData
2015-10-03 21:36:13 ----D---- C:\Windows\system32\Tasks
2015-10-03 21:36:13 ----D---- C:\Windows\system32\log
2015-10-03 21:34:20 ----D---- C:\Users\Petr\AppData\Roaming\AIMP3
2015-10-03 18:59:17 ----D---- C:\Windows\Microsoft.NET
2015-10-02 18:38:55 ----RD---- C:\Windows\System32
2015-10-02 18:38:55 ----D---- C:\Windows\Inf
2015-10-02 18:38:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-02 18:19:28 ----D---- C:\Program Files (x86)\Opera
2015-10-01 07:25:22 ----D---- C:\Windows\rescache
2015-09-27 18:38:21 ----D---- C:\Windows\system32\config
2015-09-23 18:07:58 ----D---- C:\Windows\system32\DriverStore
2015-09-23 18:07:53 ----D---- C:\Windows\WinSxS
2015-09-23 18:03:27 ----D---- C:\Windows\system32\catroot2
2015-09-22 20:12:52 ----D---- C:\Windows\SysWOW64
2015-09-21 20:12:48 ----D---- C:\Windows\CbsTemp
2015-09-20 09:03:09 ----D---- C:\ProgramData\Protexis64
2015-09-18 10:58:03 ----D---- C:\Users\Petr\AppData\Roaming\Fenix Updater
2015-09-17 07:16:47 ----D---- C:\Program Files (x86)\Google
2015-09-15 03:18:38 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-09-10 20:55:39 ----D---- C:\Windows\system32\cs-CZ
2015-09-10 20:55:39 ----D---- C:\Windows\PolicyDefinitions
2015-09-10 20:55:39 ----D---- C:\Program Files\Internet Explorer
2015-09-10 20:55:39 ----D---- C:\Program Files (x86)\Internet Explorer
2015-09-10 03:13:12 ----RSD---- C:\Windows\assembly
2015-09-09 18:05:41 ----D---- C:\Program Files\Windows Journal
2015-09-09 18:04:09 ----D---- C:\Windows\system32\MRT
2015-09-09 17:49:39 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-09-05 16:00:13 ----D---- C:\Windows\Logs
2015-09-05 15:56:07 ----D---- C:\Program Files (x86)\Hry
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\System32\drivers\amd_sata.sys [2014-03-21 81608]
R0 amd_xata;amd_xata; C:\Windows\System32\drivers\amd_xata.sys [2014-03-21 23752]
R0 mvs91xx;mvs91xx; C:\Windows\System32\drivers\mvs91xx.sys [2013-10-11 328488]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 157016]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2007-11-07 104912]
R3 GeneStor;@oem1.inf,%GENESTOR.SvcDesc%;Genesys Logic Storage Driver; C:\Windows\System32\drivers\GeneStor.sys [2014-01-17 107208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-05-06 3956056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-05-20 12688328]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-05-30 20256]
R3 nvvad_WaveExtensible;@oem7.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8168;@oem2.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2014-03-26 843480]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
S3 dg_ssudbus;@oem9.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 ssudmdm;@oem14.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 WDC_SAM;@oem39.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys [2015-01-27 14464]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\System32\drivers\WinUsb.sys [2013-08-22 78848]
S3 WSDPrintDevice;@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support; C:\Windows\System32\drivers\WSDPrint.sys [2013-08-22 20992]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-05-30 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-05-30 21055432]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 927520]
R2 PDF Architect 3 Creator;PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [2015-04-24 740568]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 caMyciloP;caMyciloP; C:\ProgramData\caMyciloP\caMyciloP.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 CoordinatorServiceHost;DTSInterops; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [2014-09-30 81400]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-01-19 1484080]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2015-01-19 1074480]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Hry\Origin\OriginClientService.exe [2015-02-18 1910128]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [2015-04-24 901336]
S3 PDF Architect 3;PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2015-04-24 2244312]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2015-01-19 79360]
-----------------EOF-----------------
Run by Petr at 2015-10-04 20:08:33
Microsoft Windows 8.1
System drive C: has 452 GB (32%) free of 1430 GB
Total RAM: 16349 MB (90% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:08:38, on 4. 10. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe
C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe
C:\Program Files\trend micro\Petr.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRYEqQao2TxTGptbOxpBNaVXAdGTZAYinpjJDVaRrSck_AqghTsUGBnhkoKmsZloNqxnevNPh_PBESTRfF-XJEwjc8Mj-JV9_mDBuMu5xydKZoyrzPgIJFx3Nj4lyO35Btx9iiEhmetKw8UXNx6DZNy6i8L0PokdXyqOkDVClFdVjCa906JY,&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PDF Architect 3 Helper - {06E08260-0695-4EC1-A74B-1310D8899D93} - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll
O3 - Toolbar: PDF Architect 3 Toolbar - {2DFF3579-5AA7-45B9-9328-1D38EA230861} - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EaseUS EPM tray] C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - Global Startup: SOLIDWORKS 2015 Rychlé spuštění.lnk = ?
O4 - Global Startup: SOLIDWORKS Nástroj pro stahování na pozadí.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O20 - AppInit_DLLs: C:\ProgramData\caMyciloP\Xxx-lab.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: caMyciloP - Unknown owner - C:\ProgramData\caMyciloP\caMyciloP.exe (file missing)
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systemes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Hry\Origin\OriginClientService.exe
O23 - Service: PDF Architect 3 - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\ws.exe
O23 - Service: PDF Architect 3 CrashHandler - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe
O23 - Service: PDF Architect 3 Creator - pdfforge GmbH - C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8808 bytes
======Listing Processes======
wininit.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Windows\system32\nvvsvc.exe"
"dwm.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {caab1db2-0c1d-47b1-9ccc59e63196111e}
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
"C:\Program Files (x86)\PDF Architect 3\creator-ws.exe"
"c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss b2695113-8141-42e7-96a5-f8dfa3c488be 1
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
taskeng.exe {7649C1D1-E5DD-4D39-9530-22584C159535}
taskhostex.exe
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe 0x4
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\GWX\GWX.exe"
"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server
C:\Windows\System32\skydrive.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 556 560 568 65536 564
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe" -c
"C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\sldworks_fs.exe"
szndesktop.exe default start
"C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe"
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding
"C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe" /launch_from 0
C:\Windows\System32\RuntimeBroker.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR /uac
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Petr\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe -check pepperplugin
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06E08260-0695-4EC1-A74B-1310D8899D93}]
PDF Architect 3 Helper - C:\Program Files (x86)\PDF Architect 3\creator-ie-helper.dll [2015-04-24 38104]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2DFF3579-5AA7-45B9-9328-1D38EA230861} - PDF Architect 3 Toolbar - C:\Program Files (x86)\PDF Architect 3\creator-ie-plugin.dll [2015-04-24 496344]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-04-10 13671640]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-04-15 1385840]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-05-30 2352072]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-05-30 1279480]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2014-10-23 6501656]
"cz.seznam.software.autoupdate"=C:\Users\Petr\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Petr\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"EaseUS EPM tray"=C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.2\bin\EpmNews.exe []
"seznam-listicka-distribuce"=C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
SOLIDWORKS 2015 Rychlé spuštění.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
SOLIDWORKS Nástroj pro stahování na pozadí.lnk - C:\Program Files (x86)\Common Files\Manažer instalací SOLIDWORKS\BackgroundDownloading\sldBgDwld.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\ProgramData\caMyciloP\Hatflex.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"PromptOnSecureDesktop"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2015-10-04 20:01:46 ----D---- C:\_OTM
2015-10-03 21:36:18 ----D---- C:\Program Files\Controller
2015-10-03 21:35:17 ----D---- C:\AdwCleaner
2015-10-03 21:01:28 ----D---- C:\rsit
2015-10-03 21:01:28 ----D---- C:\Program Files\trend micro
2015-09-18 10:27:06 ----D---- C:\Users\Petr\AppData\Roaming\Jpeg Resampler
2015-09-18 10:27:02 ----D---- C:\Program Files (x86)\JpegResampler2010
2015-09-09 17:36:13 ----A---- C:\Windows\system32\wuaueng.dll
2015-09-09 17:36:12 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2015-09-09 17:36:12 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuwebv.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wudriver.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wucltux.dll
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuauclt.exe
2015-09-09 17:36:12 ----A---- C:\Windows\system32\wuapi.dll
2015-09-09 17:36:11 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2015-09-09 17:36:11 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2015-09-09 17:36:11 ----A---- C:\Windows\system32\wuapp.exe
2015-09-09 17:35:22 ----A---- C:\Windows\SYSWOW64\InkEd.dll
2015-09-09 17:35:22 ----A---- C:\Windows\system32\InkEd.dll
2015-09-09 17:35:21 ----A---- C:\Windows\system32\consent.exe
2015-09-09 17:35:19 ----A---- C:\Windows\SYSWOW64\tdh.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\UtcResources.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\tdh.dll
2015-09-09 17:35:19 ----A---- C:\Windows\system32\diagtrack.dll
2015-09-09 17:35:17 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2015-09-09 17:35:17 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2015-09-09 17:35:17 ----A---- C:\Windows\system32\msxml6.dll
2015-09-09 17:35:17 ----A---- C:\Windows\system32\msxml3.dll
2015-09-09 17:35:10 ----A---- C:\Windows\system32\mshtml.dll
2015-09-09 17:35:08 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2015-09-09 17:35:06 ----A---- C:\Windows\system32\ieframe.dll
2015-09-09 17:35:04 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2015-09-09 17:35:03 ----A---- C:\Windows\system32\jscript9.dll
2015-09-09 17:35:02 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\jscript.dll
2015-09-09 17:35:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2015-09-09 17:35:01 ----A---- C:\Windows\system32\wininet.dll
2015-09-09 17:35:01 ----A---- C:\Windows\system32\iertutil.dll
2015-09-09 17:35:00 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2015-09-09 17:35:00 ----A---- C:\Windows\system32\urlmon.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\vbscript.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\jscript.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\iedkcs32.dll
2015-09-09 17:34:59 ----A---- C:\Windows\system32\ie4uinit.exe
2015-09-09 17:34:58 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2015-09-09 17:34:57 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2015-09-09 17:34:56 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2015-09-09 17:34:56 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2015-09-09 17:34:56 ----A---- C:\Windows\system32\webcheck.dll
2015-09-09 17:34:56 ----A---- C:\Windows\system32\msfeeds.dll
2015-09-09 17:34:55 ----A---- C:\Windows\system32\inetcomm.dll
2015-09-09 17:34:54 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2015-09-09 17:34:54 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2015-09-09 17:34:54 ----A---- C:\Windows\system32\ieapfltr.dll
2015-09-09 17:31:15 ----A---- C:\Windows\system32\SettingsHandlers.dll
2015-09-09 17:31:14 ----A---- C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\Windows.UI.Immersive.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\shacct.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\SettingSync.dll
2015-09-09 17:31:13 ----A---- C:\Windows\SYSWOW64\authui.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\shacct.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\SettingSync.dll
2015-09-09 17:31:13 ----A---- C:\Windows\system32\authui.dll
2015-09-09 17:31:12 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2015-09-09 17:31:12 ----A---- C:\Windows\system32\schedsvc.dll
2015-09-09 17:31:12 ----A---- C:\Windows\system32\gdi32.dll
2015-09-09 17:31:11 ----A---- C:\Windows\SYSWOW64\taskeng.exe
2015-09-09 17:31:11 ----A---- C:\Windows\SYSWOW64\schtasks.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\taskeng.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\schtasks.exe
2015-09-09 17:31:11 ----A---- C:\Windows\system32\profsvc.dll
2015-09-09 17:31:10 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2015-09-09 17:31:10 ----A---- C:\Windows\SYSWOW64\appidapi.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\win32k.sys
2015-09-09 17:31:10 ----A---- C:\Windows\system32\atmfd.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\appidsvc.dll
2015-09-09 17:31:10 ----A---- C:\Windows\system32\appidapi.dll
2015-09-09 17:31:09 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2015-09-09 17:31:09 ----A---- C:\Windows\system32\atmlib.dll
2015-09-09 17:31:07 ----A---- C:\Windows\system32\tzsync.exe
======List of files/folders modified in the last 1 month======
2015-10-04 20:08:10 ----D---- C:\Windows\Prefetch
2015-10-04 20:02:43 ----D---- C:\Windows\Temp
2015-10-04 20:02:29 ----D---- C:\Windows
2015-10-04 20:01:46 ----D---- C:\Windows\Tasks
2015-10-04 19:58:33 ----D---- C:\Windows\system32\sru
2015-10-04 11:52:16 ----SHD---- C:\System Volume Information
2015-10-04 11:45:02 ----D---- C:\Users\Petr\AppData\Roaming\Seznam.cz
2015-10-03 22:25:10 ----D---- C:\Windows\system32\NDF
2015-10-03 21:36:18 ----D---- C:\Program Files
2015-10-03 21:36:13 ----RD---- C:\Program Files (x86)
2015-10-03 21:36:13 ----HD---- C:\ProgramData
2015-10-03 21:36:13 ----D---- C:\Windows\system32\Tasks
2015-10-03 21:36:13 ----D---- C:\Windows\system32\log
2015-10-03 21:34:20 ----D---- C:\Users\Petr\AppData\Roaming\AIMP3
2015-10-03 18:59:17 ----D---- C:\Windows\Microsoft.NET
2015-10-02 18:38:55 ----RD---- C:\Windows\System32
2015-10-02 18:38:55 ----D---- C:\Windows\Inf
2015-10-02 18:38:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-10-02 18:19:28 ----D---- C:\Program Files (x86)\Opera
2015-10-01 07:25:22 ----D---- C:\Windows\rescache
2015-09-27 18:38:21 ----D---- C:\Windows\system32\config
2015-09-23 18:07:58 ----D---- C:\Windows\system32\DriverStore
2015-09-23 18:07:53 ----D---- C:\Windows\WinSxS
2015-09-23 18:03:27 ----D---- C:\Windows\system32\catroot2
2015-09-22 20:12:52 ----D---- C:\Windows\SysWOW64
2015-09-21 20:12:48 ----D---- C:\Windows\CbsTemp
2015-09-20 09:03:09 ----D---- C:\ProgramData\Protexis64
2015-09-18 10:58:03 ----D---- C:\Users\Petr\AppData\Roaming\Fenix Updater
2015-09-17 07:16:47 ----D---- C:\Program Files (x86)\Google
2015-09-15 03:18:38 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-09-10 20:55:39 ----D---- C:\Windows\system32\cs-CZ
2015-09-10 20:55:39 ----D---- C:\Windows\PolicyDefinitions
2015-09-10 20:55:39 ----D---- C:\Program Files\Internet Explorer
2015-09-10 20:55:39 ----D---- C:\Program Files (x86)\Internet Explorer
2015-09-10 03:13:12 ----RSD---- C:\Windows\assembly
2015-09-09 18:05:41 ----D---- C:\Program Files\Windows Journal
2015-09-09 18:04:09 ----D---- C:\Windows\system32\MRT
2015-09-09 17:49:39 ----D---- C:\Windows\SYSWOW64\cs-CZ
2015-09-05 16:00:13 ----D---- C:\Windows\Logs
2015-09-05 15:56:07 ----D---- C:\Program Files (x86)\Hry
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amd_sata;amd_sata; C:\Windows\System32\drivers\amd_sata.sys [2014-03-21 81608]
R0 amd_xata;amd_xata; C:\Windows\System32\drivers\amd_xata.sys [2014-03-21 23752]
R0 mvs91xx;mvs91xx; C:\Windows\System32\drivers\mvs91xx.sys [2013-10-11 328488]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 157016]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2007-11-07 104912]
R3 GeneStor;@oem1.inf,%GENESTOR.SvcDesc%;Genesys Logic Storage Driver; C:\Windows\System32\drivers\GeneStor.sys [2014-01-17 107208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2014-05-06 3956056]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-05-20 12688328]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-05-30 20256]
R3 nvvad_WaveExtensible;@oem7.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-31 40392]
R3 RTL8168;@oem2.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2014-03-26 843480]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
S3 dg_ssudbus;@oem9.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 ssudmdm;@oem14.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 WDC_SAM;@oem39.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam64.sys [2015-01-27 14464]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\System32\drivers\WinUsb.sys [2013-08-22 78848]
S3 WSDPrintDevice;@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support; C:\Windows\System32\drivers\WSDPrint.sys [2013-08-22 20992]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-05-30 1631008]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-05-30 21055432]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-05-20 927520]
R2 PDF Architect 3 Creator;PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [2015-04-24 740568]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 caMyciloP;caMyciloP; C:\ProgramData\caMyciloP\caMyciloP.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 CoordinatorServiceHost;DTSInterops; C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [2014-09-30 81400]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [2015-01-19 1484080]
S3 FlexNet Licensing Service;FlexNet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [2015-01-19 1074480]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 Origin Client Service;Origin Client Service; C:\Program Files (x86)\Hry\Origin\OriginClientService.exe [2015-02-18 1910128]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PDF Architect 3 CrashHandler;PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [2015-04-24 901336]
S3 PDF Architect 3;PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2015-04-24 2244312]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2015-01-19 79360]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nežádoucí odkazy v internetových prohlížečích
Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
spendlik.spidy
Re: Nežádoucí odkazy v internetových prohlížečích
Vše vypadá, že už je v pořádku. Děkuji za pomoc.
-
Rudy
- Site Admin
- Příspěvky: 119674
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nežádoucí odkazy v internetových prohlížečích
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?