Dobrý den,
kamarád který není na pc zrovna zdatný mi říkal že mu skončila roční licence zdarma avast abych mu ji prodloužil že to neumí. No tedy dnes jsem mu to prodloužil zase na rok a aktualizoval. Chtěl jsem mu to trochu pročistit ccleanerem a nalezl tam tyto dva programy Yandex a Picexa které mi nejdou odinstalovat. Prosím tedy o pomoc.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Pavel at 2016-01-17 12:25:48
Microsoft Windows 8.1
System drive C: has 279 GB (91%) free of 305 GB
Total RAM: 2047 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:26:18, on 17. 1. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\GWX\GWX.exe
C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Pavel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Pavel\AppData\Local\Yandex\YandexBrowser\Application\40.0.2214.3645\Installer\setup.exe
C:\Users\Pavel\AppData\Local\Yandex\YandexBrowser\Application\browser.exe
C:\Users\Pavel\AppData\Local\Yandex\YandexBrowser\Application\40.0.2214.3645\crash_service.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Pavel\Desktop\RSIT.exe
C:\Program Files\trend micro\Pavel.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... XX9SZ0VX3J
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://yoursites123.com/web?type=ds&ts= ... earchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://yoursites123.com/web?type=ds&ts= ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... XX9SZ0VX3J
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hp&ts=14 ... XX9SZ0VX3J
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&t ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hp&ts=14 ... XX9SZ0VX3J
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [BingSvc] C:\Users\Pavel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: PicexaService - Taiwan Shui Mu Chih Ching Technology Limited - C:\Program Files\Picexa\PicexaSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SSFK - TODO: <???> - C:\Program Files\SFK\SSFK.exe
O23 - Service: WdMan Service (WdMan) - TFuns LIMITED - C:\ProgramData\WWdMW\WdMan.exe
--
End of file - 6314 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-17 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08 1725056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-17 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12021464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-01-17 7021880]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13 1085656]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2015-12-08 6602152]
"BingSvc"=C:\Users\Pavel\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-12 144008]
"cz.seznam.software.autoupdate"=C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2015-12-17 50385536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-01-17 12:25:49 ----D---- C:\Program Files\trend micro
2016-01-17 12:25:48 ----D---- C:\rsit
2016-01-17 11:43:48 ----D---- C:\Program Files\Common Files\Java
2016-01-17 11:43:29 ----D---- C:\Users\Pavel\AppData\Roaming\Sun
2016-01-17 10:46:01 ----A---- C:\Windows\system32\aswBoot.exe
2016-01-17 10:45:51 ----A---- C:\Windows\avastSS.scr
2016-01-12 19:18:46 ----A---- C:\Windows\system32\msmpeg2adec.dll
2016-01-12 19:18:44 ----A---- C:\Windows\system32\WMVDECOD.DLL
2016-01-12 19:18:42 ----A---- C:\Windows\system32\mfnetsrc.dll
2016-01-12 19:18:40 ----A---- C:\Windows\system32\mfcore.dll
2016-01-12 19:18:39 ----A---- C:\Windows\system32\mfnetcore.dll
2016-01-12 19:18:38 ----A---- C:\Windows\system32\WMADMOD.DLL
2016-01-12 19:18:37 ----A---- C:\Windows\system32\WMVENCOD.DLL
2016-01-12 19:18:35 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 19:18:34 ----A---- C:\Windows\system32\WMVSDECD.DLL
2016-01-12 19:18:34 ----A---- C:\Windows\system32\evr.dll
2016-01-12 19:18:33 ----A---- C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 19:18:32 ----A---- C:\Windows\system32\quartz.dll
2016-01-12 19:18:31 ----A---- C:\Windows\system32\mfsvr.dll
2016-01-12 19:18:30 ----A---- C:\Windows\system32\MP4SDECD.DLL
2016-01-12 19:18:30 ----A---- C:\Windows\system32\MP3DMOD.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\VIDRESZR.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\mfps.dll
2016-01-12 19:18:29 ----A---- C:\Windows\system32\devenum.dll
2016-01-12 19:18:29 ----A---- C:\Windows\system32\COLORCNV.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\MPG4DECD.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\MP43DECD.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\mfvdsp.dll
2016-01-12 19:18:27 ----A---- C:\Windows\system32\WMADMOE.DLL
2016-01-12 19:18:27 ----A---- C:\Windows\system32\qdvd.dll
2016-01-12 19:18:26 ----A---- C:\Windows\system32\WMVXENCD.DLL
2016-01-12 19:18:26 ----A---- C:\Windows\system32\WMVSENCD.DLL
2016-01-12 19:18:25 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 19:18:25 ----A---- C:\Windows\system32\SysFxUI.dll
2016-01-12 19:18:25 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 19:17:57 ----A---- C:\Windows\system32\schannel.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\ncryptsslp.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\ncrypt.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\lsasrv.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\bcryptprimitives.dll
2016-01-12 19:17:56 ----A---- C:\Windows\system32\drivers\cng.sys
2016-01-12 19:17:48 ----A---- C:\Windows\system32\gdi32.dll
2016-01-12 19:17:48 ----A---- C:\Windows\system32\advapi32.dll
2016-01-12 19:17:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-01-12 19:17:46 ----A---- C:\Windows\system32\ntdll.dll
2016-01-12 19:17:43 ----A---- C:\Windows\system32\jscript9.dll
2016-01-12 19:17:41 ----A---- C:\Windows\system32\mshtml.dll
2016-01-12 19:17:39 ----A---- C:\Windows\system32\ieframe.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\wininet.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\vbscript.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\urlmon.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\msfeeds.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\jscript.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\inetcomm.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\ieapfltr.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\invagent.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\generaltel.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\devinv.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-01-12 19:14:58 ----A---- C:\Windows\system32\appraiser.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\aepic.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\aeinv.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\acmigration.dll
2016-01-12 19:14:36 ----A---- C:\Windows\system32\qedit.dll
2015-12-24 08:44:13 ----D---- C:\ProgramData\McAfee
2015-12-24 08:25:32 ----D---- C:\ProgramData\WWdMW
2015-12-24 08:24:14 ----A---- C:\Program Files\SSFK.exe
2015-12-20 10:30:18 ----D---- C:\Users\Pavel\AppData\Roaming\Seznam Browser
======List of files/folders modified in the last 1 month======
2016-01-17 12:25:49 ----RD---- C:\Program Files
2016-01-17 12:16:53 ----D---- C:\Windows\Tasks
2016-01-17 12:16:53 ----D---- C:\Windows\system32\Tasks
2016-01-17 12:16:38 ----D---- C:\Windows\Prefetch
2016-01-17 12:13:48 ----D---- C:\Users\Pavel\AppData\Roaming\Yandex
2016-01-17 12:13:02 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2016-01-17 12:06:08 ----D---- C:\Program Files\WinZipper
2016-01-17 12:00:00 ----D---- C:\Windows\system32\sru
2016-01-17 11:47:44 ----D---- C:\ProgramData\Oracle
2016-01-17 11:44:10 ----SHD---- C:\Windows\Installer
2016-01-17 11:44:10 ----D---- C:\Windows\Temp
2016-01-17 11:44:10 ----D---- C:\Program Files\Java
2016-01-17 11:44:06 ----RD---- C:\Windows\System32
2016-01-17 11:43:48 ----D---- C:\Program Files\Common Files
2016-01-17 11:42:58 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2016-01-17 11:35:31 ----D---- C:\Users\Pavel\AppData\Roaming\Seznam.cz
2016-01-17 11:32:08 ----D---- C:\Program Files\SFK
2016-01-17 11:29:38 ----D---- C:\Windows\system32\catroot2
2016-01-17 10:49:08 ----D---- C:\Windows\system32\Drivers
2016-01-17 10:48:11 ----D---- C:\Windows\system32\catroot
2016-01-17 10:46:41 ----D---- C:\Windows\system32\DriverStore
2016-01-17 10:46:41 ----D---- C:\Windows\inf
2016-01-17 10:46:00 ----D---- C:\Windows
2016-01-17 10:41:34 ----D---- C:\Windows\system32\config
2016-01-17 10:36:36 ----SHD---- C:\System Volume Information
2016-01-17 10:32:39 ----D---- C:\Windows\Microsoft.NET
2016-01-17 09:55:18 ----RD---- C:\Program Files\Skype
2016-01-13 18:56:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-01-13 18:54:32 ----D---- C:\Program Files\Picexa
2016-01-13 18:50:50 ----D---- C:\Windows\WinSxS
2016-01-13 18:48:34 ----D---- C:\Program Files\Microsoft Silverlight
2016-01-12 21:25:34 ----SD---- C:\Windows\system32\CompatTel
2016-01-12 21:25:34 ----D---- C:\Windows\system32\appraiser
2016-01-12 21:25:34 ----D---- C:\Windows\apppatch
2016-01-12 21:24:37 ----D---- C:\Windows\CbsTemp
2016-01-12 21:23:08 ----D---- C:\Windows\system32\MRT
2016-01-12 21:20:38 ----A---- C:\Windows\system32\MRT.exe
2016-01-05 21:04:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-12-24 09:58:39 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2015-12-24 08:44:13 ----HD---- C:\ProgramData
2015-12-24 08:25:16 ----D---- C:\Users\Pavel\AppData\Roaming\TSv
2015-12-19 10:46:35 ----SD---- C:\Windows\system32\GWX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-01-17 49776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-01-17 209432]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-01-17 81728]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-01-17 794952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-01-17 436360]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-01-17 24016]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-01-17 81168]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-01-17 117712]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3125592]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2000-01-01 732888]
R3 WDC_SAM;@oem14.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-04-29 20256]
R3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
S1 MpKsl2154706d;MpKsl2154706d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl2154706d.sys [2015-01-28 29904]
S1 MpKsl253ff5c3;MpKsl253ff5c3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl253ff5c3.sys [2015-01-28 29904]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2015-01-28 13464]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 37888]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-01-17 226440]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-01-08 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-01-08 1773696]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 33088]
R2 PicexaService;PicexaService; C:\Program Files\Picexa\PicexaSvc.exe [2015-12-15 731784]
R2 SSFK;SSFK; C:\Program Files\SFK\SSFK.exe [2015-12-24 172192]
R2 WdMan;WdMan Service; C:\ProgramData\WWdMW\WdMan.exe [2015-12-04 333312]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-13 269504]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 33088]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Nejde odinstalovat Yandex a Picexa
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejde odinstalovat Yandex a Picexa
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejde odinstalovat Yandex a Picexa
# AdwCleaner v5.029 - Logfile created 17/01/2016 at 13:19:04
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 8.1 (x86)
# Username : Pavel - PAVLŮV-KOMPÍK
# Running from : C:\Users\Pavel\Desktop\adwcleaner_5.029.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : PicexaService
[-] Service Deleted : swdumon
[-] Service Deleted : SSFK
[-] Service Deleted : WdMan
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files\WinZipper
[-] Folder Deleted : C:\Program Files\Picexa
[-] Folder Deleted : C:\Program Files\SFK
[-] Folder Deleted : C:\Program Files\MiniLite
[-] Folder Deleted : C:\ProgramData\MailUpdate
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
[-] Folder Deleted : C:\Users\Pavel\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\istartsurf
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\WinZipper
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\MailUpdate
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\Picexa Viewer
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\TSv
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
***** [ Files ] *****
[-] File Deleted : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] File Deleted : C:\Windows\system32\drivers\swdumon.sys
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk
[-] Shortcut Disinfected : C:\Users\Pavel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk
[-] Shortcut Disinfected : C:\Users\Pavel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Pavel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.bmp
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.gif
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpeg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.png
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.tif
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
[-] Key Deleted : HKCU\Software\V9
[-] Key Deleted : HKCU\Software\TNT2
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\V9
[-] Key Deleted : HKLM\SOFTWARE\IHProtect
[-] Key Deleted : HKLM\SOFTWARE\omniboxesSoftware
[-] Key Deleted : HKLM\SOFTWARE\PicexaSvc
[-] Key Deleted : HKLM\SOFTWARE\Picexa
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\TSv
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picexa
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\omniboxes.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5193 bytes] ##########
# Updated 11/01/2016 by Xplode
# Database : 2016-01-15.2 [Server]
# Operating system : Windows 8.1 (x86)
# Username : Pavel - PAVLŮV-KOMPÍK
# Running from : C:\Users\Pavel\Desktop\adwcleaner_5.029.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : PicexaService
[-] Service Deleted : swdumon
[-] Service Deleted : SSFK
[-] Service Deleted : WdMan
***** [ Folders ] *****
[-] Folder Deleted : C:\Program Files\WinZipper
[-] Folder Deleted : C:\Program Files\Picexa
[-] Folder Deleted : C:\Program Files\SFK
[-] Folder Deleted : C:\Program Files\MiniLite
[-] Folder Deleted : C:\ProgramData\MailUpdate
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
[-] Folder Deleted : C:\Users\Pavel\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\istartsurf
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\WinZipper
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\MailUpdate
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\Picexa Viewer
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\TSv
[-] Folder Deleted : C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
***** [ Files ] *****
[-] File Deleted : C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
[-] File Deleted : C:\Windows\system32\drivers\swdumon.sys
***** [ DLLs ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk
[-] Shortcut Disinfected : C:\Users\Pavel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk
[-] Shortcut Disinfected : C:\Users\Pavel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Pavel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.bmp
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.gif
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpeg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.jpg
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.png
[-] Key Deleted : HKLM\SOFTWARE\Classes\PicexaViewer.tif
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WdsManPro
[-] Key Deleted : HKCU\Software\V9
[-] Key Deleted : HKCU\Software\TNT2
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\undefined
[-] Key Deleted : HKLM\SOFTWARE\hdcode
[-] Key Deleted : HKLM\SOFTWARE\SupDp
[-] Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
[-] Key Deleted : HKLM\SOFTWARE\V9
[-] Key Deleted : HKLM\SOFTWARE\IHProtect
[-] Key Deleted : HKLM\SOFTWARE\omniboxesSoftware
[-] Key Deleted : HKLM\SOFTWARE\PicexaSvc
[-] Key Deleted : HKLM\SOFTWARE\Picexa
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\TSv
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Picexa
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command []
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\istartsurf.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\omniboxes.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.istartsurf.com
***** [ Web browsers ] *****
*************************
:: "Tracing" keys removed
:: Winsock settings cleared
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5193 bytes] ##########
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejde odinstalovat Yandex a Picexa
Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejde odinstalovat Yandex a Picexa
Logfile of random's system information tool 1.10 (written by random/random)
Run by Pavel at 2016-01-17 18:28:47
Microsoft Windows 8.1
System drive C: has 278 GB (91%) free of 305 GB
Total RAM: 2047 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:28:51, on 17. 1. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Pavel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\notepad.exe
C:\RSIT.exe
C:\Program Files\trend micro\Pavel.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BingSvc] C:\Users\Pavel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe
--
End of file - 4045 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-17 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08 1725056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-17 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12021464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-01-17 7021880]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13 1085656]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=C:\Users\Pavel\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-12 144008]
"cz.seznam.software.autoupdate"=C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2015-12-17 50385536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-01-17 13:15:55 ----D---- C:\AdwCleaner
2016-01-17 12:25:49 ----D---- C:\Program Files\trend micro
2016-01-17 12:25:48 ----D---- C:\rsit
2016-01-17 12:25:20 ----A---- C:\RSIT.exe
2016-01-17 11:43:48 ----D---- C:\Program Files\Common Files\Java
2016-01-17 11:43:29 ----D---- C:\Users\Pavel\AppData\Roaming\Sun
2016-01-17 10:46:01 ----A---- C:\Windows\system32\aswBoot.exe
2016-01-17 10:45:51 ----A---- C:\Windows\avastSS.scr
2016-01-12 19:18:46 ----A---- C:\Windows\system32\msmpeg2adec.dll
2016-01-12 19:18:44 ----A---- C:\Windows\system32\WMVDECOD.DLL
2016-01-12 19:18:42 ----A---- C:\Windows\system32\mfnetsrc.dll
2016-01-12 19:18:40 ----A---- C:\Windows\system32\mfcore.dll
2016-01-12 19:18:39 ----A---- C:\Windows\system32\mfnetcore.dll
2016-01-12 19:18:38 ----A---- C:\Windows\system32\WMADMOD.DLL
2016-01-12 19:18:37 ----A---- C:\Windows\system32\WMVENCOD.DLL
2016-01-12 19:18:35 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 19:18:34 ----A---- C:\Windows\system32\WMVSDECD.DLL
2016-01-12 19:18:34 ----A---- C:\Windows\system32\evr.dll
2016-01-12 19:18:33 ----A---- C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 19:18:32 ----A---- C:\Windows\system32\quartz.dll
2016-01-12 19:18:31 ----A---- C:\Windows\system32\mfsvr.dll
2016-01-12 19:18:30 ----A---- C:\Windows\system32\MP4SDECD.DLL
2016-01-12 19:18:30 ----A---- C:\Windows\system32\MP3DMOD.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\VIDRESZR.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\mfps.dll
2016-01-12 19:18:29 ----A---- C:\Windows\system32\devenum.dll
2016-01-12 19:18:29 ----A---- C:\Windows\system32\COLORCNV.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\MPG4DECD.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\MP43DECD.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\mfvdsp.dll
2016-01-12 19:18:27 ----A---- C:\Windows\system32\WMADMOE.DLL
2016-01-12 19:18:27 ----A---- C:\Windows\system32\qdvd.dll
2016-01-12 19:18:26 ----A---- C:\Windows\system32\WMVXENCD.DLL
2016-01-12 19:18:26 ----A---- C:\Windows\system32\WMVSENCD.DLL
2016-01-12 19:18:25 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 19:18:25 ----A---- C:\Windows\system32\SysFxUI.dll
2016-01-12 19:18:25 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 19:17:57 ----A---- C:\Windows\system32\schannel.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\ncryptsslp.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\ncrypt.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\lsasrv.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\bcryptprimitives.dll
2016-01-12 19:17:56 ----A---- C:\Windows\system32\drivers\cng.sys
2016-01-12 19:17:48 ----A---- C:\Windows\system32\gdi32.dll
2016-01-12 19:17:48 ----A---- C:\Windows\system32\advapi32.dll
2016-01-12 19:17:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-01-12 19:17:46 ----A---- C:\Windows\system32\ntdll.dll
2016-01-12 19:17:43 ----A---- C:\Windows\system32\jscript9.dll
2016-01-12 19:17:41 ----A---- C:\Windows\system32\mshtml.dll
2016-01-12 19:17:39 ----A---- C:\Windows\system32\ieframe.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\wininet.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\vbscript.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\urlmon.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\msfeeds.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\jscript.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\inetcomm.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\ieapfltr.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\invagent.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\generaltel.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\devinv.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-01-12 19:14:58 ----A---- C:\Windows\system32\appraiser.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\aepic.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\aeinv.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\acmigration.dll
2016-01-12 19:14:36 ----A---- C:\Windows\system32\qedit.dll
2015-12-24 08:44:13 ----D---- C:\ProgramData\McAfee
2015-12-24 08:25:32 ----D---- C:\ProgramData\WWdMW
2015-12-24 08:24:14 ----A---- C:\Program Files\SSFK.exe
2015-12-20 10:30:18 ----D---- C:\Users\Pavel\AppData\Roaming\Seznam Browser
======List of files/folders modified in the last 1 month======
2016-01-17 18:24:04 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2016-01-17 18:02:00 ----D---- C:\Windows\system32\sru
2016-01-17 14:16:57 ----D---- C:\Windows\Prefetch
2016-01-17 13:35:57 ----D---- C:\Windows\Temp
2016-01-17 13:19:11 ----HD---- C:\ProgramData
2016-01-17 13:19:11 ----D---- C:\Windows\system32\Drivers
2016-01-17 13:19:05 ----RD---- C:\Program Files
2016-01-17 12:16:53 ----D---- C:\Windows\Tasks
2016-01-17 12:16:53 ----D---- C:\Windows\system32\Tasks
2016-01-17 12:13:48 ----D---- C:\Users\Pavel\AppData\Roaming\Yandex
2016-01-17 11:47:44 ----D---- C:\ProgramData\Oracle
2016-01-17 11:44:10 ----SHD---- C:\Windows\Installer
2016-01-17 11:44:10 ----D---- C:\Program Files\Java
2016-01-17 11:44:06 ----RD---- C:\Windows\System32
2016-01-17 11:43:48 ----D---- C:\Program Files\Common Files
2016-01-17 11:42:58 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2016-01-17 11:35:31 ----D---- C:\Users\Pavel\AppData\Roaming\Seznam.cz
2016-01-17 11:29:38 ----D---- C:\Windows\system32\catroot2
2016-01-17 10:48:11 ----D---- C:\Windows\system32\catroot
2016-01-17 10:46:41 ----D---- C:\Windows\system32\DriverStore
2016-01-17 10:46:41 ----D---- C:\Windows\inf
2016-01-17 10:46:00 ----D---- C:\Windows
2016-01-17 10:41:34 ----D---- C:\Windows\system32\config
2016-01-17 10:36:36 ----SHD---- C:\System Volume Information
2016-01-17 10:32:39 ----D---- C:\Windows\Microsoft.NET
2016-01-17 09:55:18 ----RD---- C:\Program Files\Skype
2016-01-13 18:56:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-01-13 18:50:50 ----D---- C:\Windows\WinSxS
2016-01-13 18:48:34 ----D---- C:\Program Files\Microsoft Silverlight
2016-01-12 21:25:34 ----SD---- C:\Windows\system32\CompatTel
2016-01-12 21:25:34 ----D---- C:\Windows\system32\appraiser
2016-01-12 21:25:34 ----D---- C:\Windows\apppatch
2016-01-12 21:24:37 ----D---- C:\Windows\CbsTemp
2016-01-12 21:23:08 ----D---- C:\Windows\system32\MRT
2016-01-12 21:20:38 ----A---- C:\Windows\system32\MRT.exe
2016-01-05 21:04:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-12-24 09:58:39 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2015-12-19 10:46:35 ----SD---- C:\Windows\system32\GWX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-01-17 49776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-01-17 209432]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-01-17 81728]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-01-17 794952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-01-17 436360]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-01-17 24016]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-01-17 81168]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-01-17 117712]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3125592]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2000-01-01 732888]
R3 WDC_SAM;@oem14.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-04-29 20256]
R3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
S1 MpKsl2154706d;MpKsl2154706d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl2154706d.sys [2015-01-28 29904]
S1 MpKsl253ff5c3;MpKsl253ff5c3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl253ff5c3.sys [2015-01-28 29904]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 37888]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-01-17 226440]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-01-08 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-01-08 1773696]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 33088]
R2 TeamViewer;TeamViewer 10; c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe [2014-12-15 4428048]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-13 269504]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 33088]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
-----------------EOF-----------------
Run by Pavel at 2016-01-17 18:28:47
Microsoft Windows 8.1
System drive C: has 278 GB (91%) free of 305 GB
Total RAM: 2047 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:28:51, on 17. 1. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Pavel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\notepad.exe
C:\RSIT.exe
C:\Program Files\trend micro\Pavel.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {D5FEC983-01DB-414A-9456-AF95AC9ED7B5} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BingSvc] C:\Users\Pavel\AppData\Local\Microsoft\BingSvc\BingSvc.exe
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe
--
End of file - 4045 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-17 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08 1725056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-17 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12021464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-01-17 7021880]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13 1085656]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-11-09 596528]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=C:\Users\Pavel\AppData\Local\Microsoft\BingSvc\BingSvc.exe [2015-11-12 144008]
"cz.seznam.software.autoupdate"=C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2015-12-17 50385536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-01-17 13:15:55 ----D---- C:\AdwCleaner
2016-01-17 12:25:49 ----D---- C:\Program Files\trend micro
2016-01-17 12:25:48 ----D---- C:\rsit
2016-01-17 12:25:20 ----A---- C:\RSIT.exe
2016-01-17 11:43:48 ----D---- C:\Program Files\Common Files\Java
2016-01-17 11:43:29 ----D---- C:\Users\Pavel\AppData\Roaming\Sun
2016-01-17 10:46:01 ----A---- C:\Windows\system32\aswBoot.exe
2016-01-17 10:45:51 ----A---- C:\Windows\avastSS.scr
2016-01-12 19:18:46 ----A---- C:\Windows\system32\msmpeg2adec.dll
2016-01-12 19:18:44 ----A---- C:\Windows\system32\WMVDECOD.DLL
2016-01-12 19:18:42 ----A---- C:\Windows\system32\mfnetsrc.dll
2016-01-12 19:18:40 ----A---- C:\Windows\system32\mfcore.dll
2016-01-12 19:18:39 ----A---- C:\Windows\system32\mfnetcore.dll
2016-01-12 19:18:38 ----A---- C:\Windows\system32\WMADMOD.DLL
2016-01-12 19:18:37 ----A---- C:\Windows\system32\WMVENCOD.DLL
2016-01-12 19:18:35 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 19:18:34 ----A---- C:\Windows\system32\WMVSDECD.DLL
2016-01-12 19:18:34 ----A---- C:\Windows\system32\evr.dll
2016-01-12 19:18:33 ----A---- C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 19:18:32 ----A---- C:\Windows\system32\quartz.dll
2016-01-12 19:18:31 ----A---- C:\Windows\system32\mfsvr.dll
2016-01-12 19:18:30 ----A---- C:\Windows\system32\MP4SDECD.DLL
2016-01-12 19:18:30 ----A---- C:\Windows\system32\MP3DMOD.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\VIDRESZR.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\mfps.dll
2016-01-12 19:18:29 ----A---- C:\Windows\system32\devenum.dll
2016-01-12 19:18:29 ----A---- C:\Windows\system32\COLORCNV.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\MPG4DECD.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\MP43DECD.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\mfvdsp.dll
2016-01-12 19:18:27 ----A---- C:\Windows\system32\WMADMOE.DLL
2016-01-12 19:18:27 ----A---- C:\Windows\system32\qdvd.dll
2016-01-12 19:18:26 ----A---- C:\Windows\system32\WMVXENCD.DLL
2016-01-12 19:18:26 ----A---- C:\Windows\system32\WMVSENCD.DLL
2016-01-12 19:18:25 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 19:18:25 ----A---- C:\Windows\system32\SysFxUI.dll
2016-01-12 19:18:25 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 19:17:57 ----A---- C:\Windows\system32\schannel.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\ncryptsslp.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\ncrypt.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\lsasrv.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\bcryptprimitives.dll
2016-01-12 19:17:56 ----A---- C:\Windows\system32\drivers\cng.sys
2016-01-12 19:17:48 ----A---- C:\Windows\system32\gdi32.dll
2016-01-12 19:17:48 ----A---- C:\Windows\system32\advapi32.dll
2016-01-12 19:17:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-01-12 19:17:46 ----A---- C:\Windows\system32\ntdll.dll
2016-01-12 19:17:43 ----A---- C:\Windows\system32\jscript9.dll
2016-01-12 19:17:41 ----A---- C:\Windows\system32\mshtml.dll
2016-01-12 19:17:39 ----A---- C:\Windows\system32\ieframe.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\wininet.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\vbscript.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\urlmon.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\msfeeds.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\jscript.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\inetcomm.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\ieapfltr.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\invagent.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\generaltel.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\devinv.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-01-12 19:14:58 ----A---- C:\Windows\system32\appraiser.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\aepic.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\aeinv.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\acmigration.dll
2016-01-12 19:14:36 ----A---- C:\Windows\system32\qedit.dll
2015-12-24 08:44:13 ----D---- C:\ProgramData\McAfee
2015-12-24 08:25:32 ----D---- C:\ProgramData\WWdMW
2015-12-24 08:24:14 ----A---- C:\Program Files\SSFK.exe
2015-12-20 10:30:18 ----D---- C:\Users\Pavel\AppData\Roaming\Seznam Browser
======List of files/folders modified in the last 1 month======
2016-01-17 18:24:04 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2016-01-17 18:02:00 ----D---- C:\Windows\system32\sru
2016-01-17 14:16:57 ----D---- C:\Windows\Prefetch
2016-01-17 13:35:57 ----D---- C:\Windows\Temp
2016-01-17 13:19:11 ----HD---- C:\ProgramData
2016-01-17 13:19:11 ----D---- C:\Windows\system32\Drivers
2016-01-17 13:19:05 ----RD---- C:\Program Files
2016-01-17 12:16:53 ----D---- C:\Windows\Tasks
2016-01-17 12:16:53 ----D---- C:\Windows\system32\Tasks
2016-01-17 12:13:48 ----D---- C:\Users\Pavel\AppData\Roaming\Yandex
2016-01-17 11:47:44 ----D---- C:\ProgramData\Oracle
2016-01-17 11:44:10 ----SHD---- C:\Windows\Installer
2016-01-17 11:44:10 ----D---- C:\Program Files\Java
2016-01-17 11:44:06 ----RD---- C:\Windows\System32
2016-01-17 11:43:48 ----D---- C:\Program Files\Common Files
2016-01-17 11:42:58 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2016-01-17 11:35:31 ----D---- C:\Users\Pavel\AppData\Roaming\Seznam.cz
2016-01-17 11:29:38 ----D---- C:\Windows\system32\catroot2
2016-01-17 10:48:11 ----D---- C:\Windows\system32\catroot
2016-01-17 10:46:41 ----D---- C:\Windows\system32\DriverStore
2016-01-17 10:46:41 ----D---- C:\Windows\inf
2016-01-17 10:46:00 ----D---- C:\Windows
2016-01-17 10:41:34 ----D---- C:\Windows\system32\config
2016-01-17 10:36:36 ----SHD---- C:\System Volume Information
2016-01-17 10:32:39 ----D---- C:\Windows\Microsoft.NET
2016-01-17 09:55:18 ----RD---- C:\Program Files\Skype
2016-01-13 18:56:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-01-13 18:50:50 ----D---- C:\Windows\WinSxS
2016-01-13 18:48:34 ----D---- C:\Program Files\Microsoft Silverlight
2016-01-12 21:25:34 ----SD---- C:\Windows\system32\CompatTel
2016-01-12 21:25:34 ----D---- C:\Windows\system32\appraiser
2016-01-12 21:25:34 ----D---- C:\Windows\apppatch
2016-01-12 21:24:37 ----D---- C:\Windows\CbsTemp
2016-01-12 21:23:08 ----D---- C:\Windows\system32\MRT
2016-01-12 21:20:38 ----A---- C:\Windows\system32\MRT.exe
2016-01-05 21:04:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-12-24 09:58:39 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2015-12-19 10:46:35 ----SD---- C:\Windows\system32\GWX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-01-17 49776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-01-17 209432]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-01-17 81728]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-01-17 794952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-01-17 436360]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-01-17 24016]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-01-17 81168]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-01-17 117712]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3125592]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2000-01-01 732888]
R3 WDC_SAM;@oem14.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-04-29 20256]
R3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
S1 MpKsl2154706d;MpKsl2154706d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl2154706d.sys [2015-01-28 29904]
S1 MpKsl253ff5c3;MpKsl253ff5c3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl253ff5c3.sys [2015-01-28 29904]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 37888]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-01-17 226440]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2016-01-08 1433216]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2016-01-08 1773696]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 33088]
R2 TeamViewer;TeamViewer 10; c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe [2014-12-15 4428048]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-13 269504]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 33088]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejde odinstalovat Yandex a Picexa
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\Users\Pavel\AppData\Local\Microsoft\BingSvc
C:\Program Files\Skype\Toolbars
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5FEC983-01DB-414A-9456-AF95AC9ED7B5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BingSvc"=-
:services
c2cautoupdatesvc
c2cpnrsvc
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejde odinstalovat Yandex a Picexa
Logfile of random's system information tool 1.10 (written by random/random)
Run by Pavel at 2016-01-17 19:46:22
Microsoft Windows 8.1
System drive C: has 281 GB (92%) free of 305 GB
Total RAM: 2047 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:46:31, on 17. 1. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\RSIT.exe
C:\Program Files\trend micro\Pavel.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe
--
End of file - 3427 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-17 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-17 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12021464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-01-17 7021880]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13 1085656]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2015-12-17 50385536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-01-17 19:28:04 ----D---- C:\_OTM
2016-01-17 13:15:55 ----D---- C:\AdwCleaner
2016-01-17 12:25:49 ----D---- C:\Program Files\trend micro
2016-01-17 12:25:48 ----D---- C:\rsit
2016-01-17 12:25:20 ----A---- C:\RSIT.exe
2016-01-17 11:43:48 ----D---- C:\Program Files\Common Files\Java
2016-01-17 11:43:29 ----D---- C:\Users\Pavel\AppData\Roaming\Sun
2016-01-17 10:46:01 ----A---- C:\Windows\system32\aswBoot.exe
2016-01-17 10:45:51 ----A---- C:\Windows\avastSS.scr
2016-01-12 19:18:46 ----A---- C:\Windows\system32\msmpeg2adec.dll
2016-01-12 19:18:44 ----A---- C:\Windows\system32\WMVDECOD.DLL
2016-01-12 19:18:42 ----A---- C:\Windows\system32\mfnetsrc.dll
2016-01-12 19:18:40 ----A---- C:\Windows\system32\mfcore.dll
2016-01-12 19:18:39 ----A---- C:\Windows\system32\mfnetcore.dll
2016-01-12 19:18:38 ----A---- C:\Windows\system32\WMADMOD.DLL
2016-01-12 19:18:37 ----A---- C:\Windows\system32\WMVENCOD.DLL
2016-01-12 19:18:35 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 19:18:34 ----A---- C:\Windows\system32\WMVSDECD.DLL
2016-01-12 19:18:34 ----A---- C:\Windows\system32\evr.dll
2016-01-12 19:18:33 ----A---- C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 19:18:32 ----A---- C:\Windows\system32\quartz.dll
2016-01-12 19:18:31 ----A---- C:\Windows\system32\mfsvr.dll
2016-01-12 19:18:30 ----A---- C:\Windows\system32\MP4SDECD.DLL
2016-01-12 19:18:30 ----A---- C:\Windows\system32\MP3DMOD.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\VIDRESZR.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\mfps.dll
2016-01-12 19:18:29 ----A---- C:\Windows\system32\devenum.dll
2016-01-12 19:18:29 ----A---- C:\Windows\system32\COLORCNV.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\MPG4DECD.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\MP43DECD.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\mfvdsp.dll
2016-01-12 19:18:27 ----A---- C:\Windows\system32\WMADMOE.DLL
2016-01-12 19:18:27 ----A---- C:\Windows\system32\qdvd.dll
2016-01-12 19:18:26 ----A---- C:\Windows\system32\WMVXENCD.DLL
2016-01-12 19:18:26 ----A---- C:\Windows\system32\WMVSENCD.DLL
2016-01-12 19:18:25 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 19:18:25 ----A---- C:\Windows\system32\SysFxUI.dll
2016-01-12 19:18:25 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 19:17:57 ----A---- C:\Windows\system32\schannel.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\ncryptsslp.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\ncrypt.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\lsasrv.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\bcryptprimitives.dll
2016-01-12 19:17:56 ----A---- C:\Windows\system32\drivers\cng.sys
2016-01-12 19:17:48 ----A---- C:\Windows\system32\gdi32.dll
2016-01-12 19:17:48 ----A---- C:\Windows\system32\advapi32.dll
2016-01-12 19:17:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-01-12 19:17:46 ----A---- C:\Windows\system32\ntdll.dll
2016-01-12 19:17:43 ----A---- C:\Windows\system32\jscript9.dll
2016-01-12 19:17:41 ----A---- C:\Windows\system32\mshtml.dll
2016-01-12 19:17:39 ----A---- C:\Windows\system32\ieframe.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\wininet.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\vbscript.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\urlmon.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\msfeeds.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\jscript.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\inetcomm.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\ieapfltr.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\invagent.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\generaltel.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\devinv.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-01-12 19:14:58 ----A---- C:\Windows\system32\appraiser.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\aepic.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\aeinv.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\acmigration.dll
2016-01-12 19:14:36 ----A---- C:\Windows\system32\qedit.dll
2015-12-24 08:44:13 ----D---- C:\ProgramData\McAfee
2015-12-24 08:25:32 ----D---- C:\ProgramData\WWdMW
2015-12-24 08:24:14 ----A---- C:\Program Files\SSFK.exe
2015-12-20 10:30:18 ----D---- C:\Users\Pavel\AppData\Roaming\Seznam Browser
======List of files/folders modified in the last 1 month======
2016-01-17 19:44:10 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2016-01-17 19:38:02 ----D---- C:\Windows\Temp
2016-01-17 19:36:36 ----D---- C:\Windows\Prefetch
2016-01-17 19:28:05 ----RD---- C:\Program Files\Skype
2016-01-17 19:00:00 ----D---- C:\Windows\system32\sru
2016-01-17 13:19:11 ----HD---- C:\ProgramData
2016-01-17 13:19:11 ----D---- C:\Windows\system32\Drivers
2016-01-17 13:19:05 ----RD---- C:\Program Files
2016-01-17 12:16:53 ----D---- C:\Windows\Tasks
2016-01-17 12:16:53 ----D---- C:\Windows\system32\Tasks
2016-01-17 12:13:48 ----D---- C:\Users\Pavel\AppData\Roaming\Yandex
2016-01-17 11:47:44 ----D---- C:\ProgramData\Oracle
2016-01-17 11:44:10 ----SHD---- C:\Windows\Installer
2016-01-17 11:44:10 ----D---- C:\Program Files\Java
2016-01-17 11:44:06 ----RD---- C:\Windows\System32
2016-01-17 11:43:48 ----D---- C:\Program Files\Common Files
2016-01-17 11:42:58 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2016-01-17 11:35:31 ----D---- C:\Users\Pavel\AppData\Roaming\Seznam.cz
2016-01-17 11:29:38 ----D---- C:\Windows\system32\catroot2
2016-01-17 10:48:11 ----D---- C:\Windows\system32\catroot
2016-01-17 10:46:41 ----D---- C:\Windows\system32\DriverStore
2016-01-17 10:46:41 ----D---- C:\Windows\inf
2016-01-17 10:46:00 ----D---- C:\Windows
2016-01-17 10:41:34 ----D---- C:\Windows\system32\config
2016-01-17 10:36:36 ----SHD---- C:\System Volume Information
2016-01-17 10:32:39 ----D---- C:\Windows\Microsoft.NET
2016-01-13 18:56:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-01-13 18:50:50 ----D---- C:\Windows\WinSxS
2016-01-13 18:48:34 ----D---- C:\Program Files\Microsoft Silverlight
2016-01-12 21:25:34 ----SD---- C:\Windows\system32\CompatTel
2016-01-12 21:25:34 ----D---- C:\Windows\system32\appraiser
2016-01-12 21:25:34 ----D---- C:\Windows\apppatch
2016-01-12 21:24:37 ----D---- C:\Windows\CbsTemp
2016-01-12 21:23:08 ----D---- C:\Windows\system32\MRT
2016-01-12 21:20:38 ----A---- C:\Windows\system32\MRT.exe
2016-01-05 21:04:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-12-24 09:58:39 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2015-12-19 10:46:35 ----SD---- C:\Windows\system32\GWX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-01-17 49776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-01-17 209432]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-01-17 81728]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-01-17 794952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-01-17 436360]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-01-17 24016]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-01-17 81168]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-01-17 117712]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3125592]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2000-01-01 732888]
R3 WDC_SAM;@oem14.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-04-29 20256]
R3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
S1 MpKsl2154706d;MpKsl2154706d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl2154706d.sys [2015-01-28 29904]
S1 MpKsl253ff5c3;MpKsl253ff5c3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl253ff5c3.sys [2015-01-28 29904]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 37888]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-01-17 226440]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 33088]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S2 TeamViewer;TeamViewer 10; c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe [2014-12-15 4428048]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-13 269504]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 33088]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
-----------------EOF-----------------
Run by Pavel at 2016-01-17 19:46:22
Microsoft Windows 8.1
System drive C: has 281 GB (92%) free of 305 GB
Total RAM: 2047 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:46:31, on 17. 1. 2016
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18124)
Boot mode: Normal
Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhostex.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\Pavel\AppData\Local\Temp\TeamViewer\TeamViewer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\RSIT.exe
C:\Program Files\trend micro\Pavel.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe
--
End of file - 3427 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2016-01-17 460384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-17 172640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12021464]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-01-17 7021880]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13 1085656]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cz.seznam.software.autoupdate"=C:\Users\Pavel\AppData\Roaming\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Users\Pavel\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [2015-05-26 103080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2015-12-17 50385536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.yuy2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"vidc.yvyu"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"vidc.uyvy"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2016-01-17 19:28:04 ----D---- C:\_OTM
2016-01-17 13:15:55 ----D---- C:\AdwCleaner
2016-01-17 12:25:49 ----D---- C:\Program Files\trend micro
2016-01-17 12:25:48 ----D---- C:\rsit
2016-01-17 12:25:20 ----A---- C:\RSIT.exe
2016-01-17 11:43:48 ----D---- C:\Program Files\Common Files\Java
2016-01-17 11:43:29 ----D---- C:\Users\Pavel\AppData\Roaming\Sun
2016-01-17 10:46:01 ----A---- C:\Windows\system32\aswBoot.exe
2016-01-17 10:45:51 ----A---- C:\Windows\avastSS.scr
2016-01-12 19:18:46 ----A---- C:\Windows\system32\msmpeg2adec.dll
2016-01-12 19:18:44 ----A---- C:\Windows\system32\WMVDECOD.DLL
2016-01-12 19:18:42 ----A---- C:\Windows\system32\mfnetsrc.dll
2016-01-12 19:18:40 ----A---- C:\Windows\system32\mfcore.dll
2016-01-12 19:18:39 ----A---- C:\Windows\system32\mfnetcore.dll
2016-01-12 19:18:38 ----A---- C:\Windows\system32\WMADMOD.DLL
2016-01-12 19:18:37 ----A---- C:\Windows\system32\WMVENCOD.DLL
2016-01-12 19:18:35 ----A---- C:\Windows\system32\WMSPDMOD.DLL
2016-01-12 19:18:34 ----A---- C:\Windows\system32\WMVSDECD.DLL
2016-01-12 19:18:34 ----A---- C:\Windows\system32\evr.dll
2016-01-12 19:18:33 ----A---- C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-12 19:18:32 ----A---- C:\Windows\system32\quartz.dll
2016-01-12 19:18:31 ----A---- C:\Windows\system32\mfsvr.dll
2016-01-12 19:18:30 ----A---- C:\Windows\system32\MP4SDECD.DLL
2016-01-12 19:18:30 ----A---- C:\Windows\system32\MP3DMOD.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\VIDRESZR.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-12 19:18:29 ----A---- C:\Windows\system32\mfps.dll
2016-01-12 19:18:29 ----A---- C:\Windows\system32\devenum.dll
2016-01-12 19:18:29 ----A---- C:\Windows\system32\COLORCNV.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\MPG4DECD.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\MP43DECD.DLL
2016-01-12 19:18:28 ----A---- C:\Windows\system32\mfvdsp.dll
2016-01-12 19:18:27 ----A---- C:\Windows\system32\WMADMOE.DLL
2016-01-12 19:18:27 ----A---- C:\Windows\system32\qdvd.dll
2016-01-12 19:18:26 ----A---- C:\Windows\system32\WMVXENCD.DLL
2016-01-12 19:18:26 ----A---- C:\Windows\system32\WMVSENCD.DLL
2016-01-12 19:18:25 ----A---- C:\Windows\system32\WMSPDMOE.DLL
2016-01-12 19:18:25 ----A---- C:\Windows\system32\SysFxUI.dll
2016-01-12 19:18:25 ----A---- C:\Windows\system32\MFWMAAEC.DLL
2016-01-12 19:17:57 ----A---- C:\Windows\system32\schannel.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\ncryptsslp.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\ncrypt.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\lsasrv.dll
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2016-01-12 19:17:57 ----A---- C:\Windows\system32\bcryptprimitives.dll
2016-01-12 19:17:56 ----A---- C:\Windows\system32\drivers\cng.sys
2016-01-12 19:17:48 ----A---- C:\Windows\system32\gdi32.dll
2016-01-12 19:17:48 ----A---- C:\Windows\system32\advapi32.dll
2016-01-12 19:17:47 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-01-12 19:17:46 ----A---- C:\Windows\system32\ntdll.dll
2016-01-12 19:17:43 ----A---- C:\Windows\system32\jscript9.dll
2016-01-12 19:17:41 ----A---- C:\Windows\system32\mshtml.dll
2016-01-12 19:17:39 ----A---- C:\Windows\system32\ieframe.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\wininet.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\vbscript.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\urlmon.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\msfeeds.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\jscript.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\inetcomm.dll
2016-01-12 19:17:38 ----A---- C:\Windows\system32\ieapfltr.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\invagent.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\generaltel.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\devinv.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\CompatTelRunner.exe
2016-01-12 19:14:58 ----A---- C:\Windows\system32\appraiser.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\aepic.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\aeinv.dll
2016-01-12 19:14:58 ----A---- C:\Windows\system32\acmigration.dll
2016-01-12 19:14:36 ----A---- C:\Windows\system32\qedit.dll
2015-12-24 08:44:13 ----D---- C:\ProgramData\McAfee
2015-12-24 08:25:32 ----D---- C:\ProgramData\WWdMW
2015-12-24 08:24:14 ----A---- C:\Program Files\SSFK.exe
2015-12-20 10:30:18 ----D---- C:\Users\Pavel\AppData\Roaming\Seznam Browser
======List of files/folders modified in the last 1 month======
2016-01-17 19:44:10 ----D---- C:\Users\Pavel\AppData\Roaming\Skype
2016-01-17 19:38:02 ----D---- C:\Windows\Temp
2016-01-17 19:36:36 ----D---- C:\Windows\Prefetch
2016-01-17 19:28:05 ----RD---- C:\Program Files\Skype
2016-01-17 19:00:00 ----D---- C:\Windows\system32\sru
2016-01-17 13:19:11 ----HD---- C:\ProgramData
2016-01-17 13:19:11 ----D---- C:\Windows\system32\Drivers
2016-01-17 13:19:05 ----RD---- C:\Program Files
2016-01-17 12:16:53 ----D---- C:\Windows\Tasks
2016-01-17 12:16:53 ----D---- C:\Windows\system32\Tasks
2016-01-17 12:13:48 ----D---- C:\Users\Pavel\AppData\Roaming\Yandex
2016-01-17 11:47:44 ----D---- C:\ProgramData\Oracle
2016-01-17 11:44:10 ----SHD---- C:\Windows\Installer
2016-01-17 11:44:10 ----D---- C:\Program Files\Java
2016-01-17 11:44:06 ----RD---- C:\Windows\System32
2016-01-17 11:43:48 ----D---- C:\Program Files\Common Files
2016-01-17 11:42:58 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2016-01-17 11:35:31 ----D---- C:\Users\Pavel\AppData\Roaming\Seznam.cz
2016-01-17 11:29:38 ----D---- C:\Windows\system32\catroot2
2016-01-17 10:48:11 ----D---- C:\Windows\system32\catroot
2016-01-17 10:46:41 ----D---- C:\Windows\system32\DriverStore
2016-01-17 10:46:41 ----D---- C:\Windows\inf
2016-01-17 10:46:00 ----D---- C:\Windows
2016-01-17 10:41:34 ----D---- C:\Windows\system32\config
2016-01-17 10:36:36 ----SHD---- C:\System Volume Information
2016-01-17 10:32:39 ----D---- C:\Windows\Microsoft.NET
2016-01-13 18:56:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-01-13 18:50:50 ----D---- C:\Windows\WinSxS
2016-01-13 18:48:34 ----D---- C:\Program Files\Microsoft Silverlight
2016-01-12 21:25:34 ----SD---- C:\Windows\system32\CompatTel
2016-01-12 21:25:34 ----D---- C:\Windows\system32\appraiser
2016-01-12 21:25:34 ----D---- C:\Windows\apppatch
2016-01-12 21:24:37 ----D---- C:\Windows\CbsTemp
2016-01-12 21:23:08 ----D---- C:\Windows\system32\MRT
2016-01-12 21:20:38 ----A---- C:\Windows\system32\MRT.exe
2016-01-05 21:04:40 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-12-24 09:58:39 ----D---- C:\Users\Pavel\AppData\Roaming\vlc
2015-12-19 10:46:35 ----SD---- C:\Windows\system32\GWX
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-01-17 49776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-01-17 209432]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2016-01-17 81728]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-01-17 794952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-01-17 436360]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-01-17 24016]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-01-17 81168]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2016-01-17 117712]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-11-16 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-11-16 290304]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 3125592]
R3 RTL8168;@oem4.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2000-01-01 732888]
R3 WDC_SAM;@oem14.inf,%WDC_SAM_ServiceName%;WD SCSI Pass Thru driver; C:\Windows\System32\drivers\wdcsam.sys [2015-04-29 20256]
R3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-10-29 190976]
S1 MpKsl2154706d;MpKsl2154706d; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl2154706d.sys [2015-01-28 29904]
S1 MpKsl253ff5c3;MpKsl253ff5c3; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Default\MpKsl253ff5c3.sys [2015-01-28 29904]
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 37888]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-01-17 226440]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 33088]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-07-09 327296]
S2 TeamViewer;TeamViewer 10; c:\users\pavel\appdata\local\temp\teamviewer\TeamViewer_Service.exe [2014-12-15 4428048]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-13 269504]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 33088]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejde odinstalovat Yandex a Picexa
Smazáno. Znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejde odinstalovat Yandex a Picexa
Je tam pořád.
- Přílohy
-
- Bez názvu.rar
- (154.04 KiB) Staženo 50 x
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejde odinstalovat Yandex a Picexa
Udělejte ještě tyto skeny:
1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
1. Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
Do okna vlozte skript nize
autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
Nasledne kliknete na Run Script
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem.
a
2. Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejde odinstalovat Yandex a Picexa
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Pavel on ne 17. 01. 2016 at 21:10:03,31.
Microsoft Windows 8.1 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pavel\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17. 1. 2016 21:11:18 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\Program Files\Common Files\Symantec Shared deleted successfully
C:\Users\Pavel\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Pavel\AppData\Local\EmieSiteList deleted successfully
C:\Users\Pavel\AppData\Local\EmieUserList deleted successfully
C:\Users\Pavel\AppData\Local\Skype deleted successfully
C:\Users\Pavel\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{91397D20-1446-11D4-8AF4-0040CA1127B6} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-887117582-2240712051-91899171-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{91397D20-1446-11D4-8AF4-0040CA1127B6} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/?clid=6826");
user_pref("browser.search.defaultenginename", "Seznam");
user_pref("browser.search.selectedEngine", "Seznam");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", false);
Added to C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\5WdsManPro5 deleted
C:\PROGRA~2\MWMiniProM deleted
C:\PROGRA~2\eWinManProe deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
"C:\Users\Pavel\AppData\Roaming\Yandex\ui" deleted
"C:\Users\Pavel\AppData\Roaming\Yandex" deleted
==== Orphaned Tasks deleted from Registry ======================
avast Emergency Update deleted
Imperia Online D1 deleted
Imperia Online N deleted
Imperia Online W1 deleted
Imperia Online W2 deleted
Imperia Online W3 deleted
Imperia Online W4 deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Startpages ======================
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Preferences
"homepage": "http://www.seznam.cz/?clid=6826",
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Preferences
"homepage": "http://www.seznam.cz/?clid=6826",
"startup_urls": [ "http://www.seznam.cz/?clid=6826" ]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\fi]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\ma]
@="http://www.mapy.cz/?sourceid=quicksearch_6826&query=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\se]
@="http://search.seznam.cz/?sourceid=quicksearch_6826&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\vi]
@="http://videa.seznam.cz/?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\zb]
@="http://www.zbozi.cz/?sourceid=quicksearch_6826&q=%s"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="https://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\29ACE006699C01D631560CF655D3F05F - http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
HKCU\SearchScopes\9E908B16D81540337E9A954EF3248A28 - http://videa.seznam.cz/?q={searchTerms}
HKCU\SearchScopes\BF1A4CC10C959351D713BF9C8D27A1F7 - http://www.bing.com/search?q={searchTer ... ORM=IESR02
HKCU\SearchScopes\F4E9ACFFD7739019355B4C917EA37DE3 - http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
HKCU\SearchScopes\FD1019F2930E229692553F3C4A8BDC5C - http://www.firmy.cz/phr/{searchTerms}
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{031883CE-2DE9-41F7-9539-5CDEE0F44C9E} - http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.seznam.cz/?q={searchTerms ... arch_12454
HKCU\SearchScopes\{0857AC30-F31E-4410-A25D-B4867CCDD372} - http://www.novinky.cz/hledej?w={searchT ... arch_12454
HKCU\SearchScopes\{16926CBA-299D-48CA-B178-829D1C17552C} - http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
HKCU\SearchScopes\{52A3BFF1-ECF4-4EFB-9C92-C043B5AFC59A} - http://tv.seznam.cz/hledej?w={searchTer ... arch_12454
HKCU\SearchScopes\{840A8410-C30C-4F96-91B6-71D41923BDF5} - http://encyklopedie.seznam.cz/search?q= ... arch_12454
HKCU\SearchScopes\{86BDA303-30D3-4AD6-B9BC-46718A18555A} - http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
HKCU\SearchScopes\{D52EF4E5-AA7B-4BBB-8BAC-FD2C12878CBD} - http://www.firmy.cz/?q={searchTerms}&so ... arch_12454
HKCU\SearchScopes\{D94331B1-8551-41D1-8977-67811C80845D} - http://www.mapy.cz/?query={searchTerms} ... arch_12454
==== Reset Google Chrome ======================
C:\Users\Pavel\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\User Data\Default\Preferences_20150809182408.backup was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\User Data\Default\Preferences_20150823140018.backup was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Preferences_20150809182408.backup was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Preferences_20150823140019.backup was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences_20150809182407.backup was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences_20150823140018.backup was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\Metro\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\Metro\User Data\Default\Preferences_20150809182407.backup was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\Metro\User Data\Default\Preferences_20150823140018.backup was reset successfully
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Preferences_20150809182409.backup was reset successfully
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Preferences_20150823140020.backup was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\User Data\Default\Web Data_20150823140019.backup was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Web Data was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Web Data_20150823140019.backup was reset successfully
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Web Data_20150823140020.backup was reset successfully
==== Empty IE Cache ======================
C:\Users\Pavel\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Pavel\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Pavel\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Pavel\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Pavel\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pavel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Pavel\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ne 17. 01. 2016 at 21:38:34,03 ======================
Tool run by Pavel on ne 17. 01. 2016 at 21:10:03,31.
Microsoft Windows 8.1 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pavel\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17. 1. 2016 21:11:18 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Empty Folders Check ======================
C:\Program Files\Common Files\Symantec Shared deleted successfully
C:\Users\Pavel\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Pavel\AppData\Local\EmieSiteList deleted successfully
C:\Users\Pavel\AppData\Local\EmieUserList deleted successfully
C:\Users\Pavel\AppData\Local\Skype deleted successfully
C:\Users\Pavel\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{91397D20-1446-11D4-8AF4-0040CA1127B6} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-887117582-2240712051-91899171-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{91397D20-1446-11D4-8AF4-0040CA1127B6} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.seznam.cz/?clid=6826");
user_pref("browser.search.defaultenginename", "Seznam");
user_pref("browser.search.selectedEngine", "Seznam");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", false);
Added to C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\PROGRA~2\5WdsManPro5 deleted
C:\PROGRA~2\MWMiniProM deleted
C:\PROGRA~2\eWinManProe deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
"C:\Users\Pavel\AppData\Roaming\Yandex\ui" deleted
"C:\Users\Pavel\AppData\Roaming\Yandex" deleted
==== Orphaned Tasks deleted from Registry ======================
avast Emergency Update deleted
Imperia Online D1 deleted
Imperia Online N deleted
Imperia Online W1 deleted
Imperia Online W2 deleted
Imperia Online W3 deleted
Imperia Online W4 deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions ======================
==== Firefox Plugins ======================
==== Chromium Startpages ======================
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Preferences
"homepage": "http://www.seznam.cz/?clid=6826",
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Preferences
"homepage": "http://www.seznam.cz/?clid=6826",
"startup_urls": [ "http://www.seznam.cz/?clid=6826" ]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.seznam.cz/"
"Search Page"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\fi]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\ma]
@="http://www.mapy.cz/?sourceid=quicksearch_6826&query=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\se]
@="http://search.seznam.cz/?sourceid=quicksearch_6826&q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\vi]
@="http://videa.seznam.cz/?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\zb]
@="http://www.zbozi.cz/?sourceid=quicksearch_6826&q=%s"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="https://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\29ACE006699C01D631560CF655D3F05F - http://www.mapy.cz/?sourceid=quicksearc ... earchTerms}
HKCU\SearchScopes\9E908B16D81540337E9A954EF3248A28 - http://videa.seznam.cz/?q={searchTerms}
HKCU\SearchScopes\BF1A4CC10C959351D713BF9C8D27A1F7 - http://www.bing.com/search?q={searchTer ... ORM=IESR02
HKCU\SearchScopes\F4E9ACFFD7739019355B4C917EA37DE3 - http://www.zbozi.cz/?sourceid=quicksear ... earchTerms}
HKCU\SearchScopes\FD1019F2930E229692553F3C4A8BDC5C - http://www.firmy.cz/phr/{searchTerms}
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{031883CE-2DE9-41F7-9539-5CDEE0F44C9E} - http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12454
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://search.seznam.cz/?q={searchTerms ... arch_12454
HKCU\SearchScopes\{0857AC30-F31E-4410-A25D-B4867CCDD372} - http://www.novinky.cz/hledej?w={searchT ... arch_12454
HKCU\SearchScopes\{16926CBA-299D-48CA-B178-829D1C17552C} - http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
HKCU\SearchScopes\{52A3BFF1-ECF4-4EFB-9C92-C043B5AFC59A} - http://tv.seznam.cz/hledej?w={searchTer ... arch_12454
HKCU\SearchScopes\{840A8410-C30C-4F96-91B6-71D41923BDF5} - http://encyklopedie.seznam.cz/search?q= ... arch_12454
HKCU\SearchScopes\{86BDA303-30D3-4AD6-B9BC-46718A18555A} - http://slovnik.seznam.cz/?q={searchTerm ... arch_12454
HKCU\SearchScopes\{D52EF4E5-AA7B-4BBB-8BAC-FD2C12878CBD} - http://www.firmy.cz/?q={searchTerms}&so ... arch_12454
HKCU\SearchScopes\{D94331B1-8551-41D1-8977-67811C80845D} - http://www.mapy.cz/?query={searchTerms} ... arch_12454
==== Reset Google Chrome ======================
C:\Users\Pavel\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\User Data\Default\Preferences_20150809182408.backup was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\User Data\Default\Preferences_20150823140018.backup was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Preferences_20150809182408.backup was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Preferences_20150823140019.backup was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences_20150809182407.backup was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Preferences_20150823140018.backup was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\Metro\User Data\Default\Preferences was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\Metro\User Data\Default\Preferences_20150809182407.backup was reset successfully
C:\Users\Pavel\AppData\Local\Google\Chrome\Metro\User Data\Default\Preferences_20150823140018.backup was reset successfully
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Preferences_20150809182409.backup was reset successfully
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Preferences_20150823140020.backup was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\User Data\Default\Web Data_20150823140019.backup was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Web Data was reset successfully
C:\Users\Pavel\AppData\Local\Chromium\Metro\User Data\Default\Web Data_20150823140019.backup was reset successfully
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Pavel\AppData\Roaming\Opera Software\Opera Stable\Web Data_20150823140020.backup was reset successfully
==== Empty IE Cache ======================
C:\Users\Pavel\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Pavel\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Pavel\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Pavel\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Pavel\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Pavel\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Pavel\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on ne 17. 01. 2016 at 21:38:34,03 ======================
Re: Nejde odinstalovat Yandex a Picexa
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x86
Ran by Pavel (Administrator) on ne 17. 01. 2016 at 22:08:34,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Windows\System32\Tasks\SlimDrivers Startup (Task)
Deleted the following from C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js
user_pref(extensions.yasearch@yandex.ru.defender.homepage.protected, hxxp://www.seznam.cz/?clid=6826);
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 17. 01. 2016 at 22:09:51,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8.1 x86
Ran by Pavel (Administrator) on ne 17. 01. 2016 at 22:08:34,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 2
Successfully deleted: C:\users\Public\Documents\downloaded installers (Folder)
Successfully deleted: C:\Windows\System32\Tasks\SlimDrivers Startup (Task)
Deleted the following from C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\prefs.js
user_pref(extensions.yasearch@yandex.ru.defender.homepage.protected, hxxp://www.seznam.cz/?clid=6826);
Registry: 1
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 17. 01. 2016 at 22:09:51,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejde odinstalovat Yandex a Picexa
OK. Změnilo se něco nyní?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Nejde odinstalovat Yandex a Picexa
Teď už je to ok, už i ccleaner normálně čistí tak to bude OK.
Děkuji moc za pomoc.
Děkuji moc za pomoc.
-
Rudy
- Site Admin
- Příspěvky: 119673
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Nejde odinstalovat Yandex a Picexa
Rádo se stalo! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?