Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Prosím o kontrolu logu - ntb se zpomalil

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Prosím o kontrolu logu - ntb se zpomalil

#1 Příspěvek od heanka »

Dobrý den prosím o kontrolu logu. Notebook se zpomalil a dnes se sám od sebe vypl.
Děkuji za ochotu a čas.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-04-2015
Ran by Andrea (administrator) on ANELIS on 15-04-2015 00:59:43
Running from C:\Users\Andrea\Desktop
Loaded Profiles: UpdatusUser & Andrea (Available profiles: UpdatusUser & Andrea)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Wistron Corp.) C:\Program Files\Launch Manager\HotkeyApp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Andrea\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2012-04-27] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-04-17] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2012-04-17] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-09-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-09-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-09-19] (Lenovo)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-10] (Vimicro)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-09-19] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM-x32\...\Run: [{CDF13D74-E6AA-4006-818A-B360D6A3573C}] => C:\Program Files\Launch Manager\HotkeyApp.exe [415272 2012-03-01] (Wistron Corp.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-479690478-2106494838-3838648515-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [] => [X]
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [GoogleChromeAutoLaunch_233139F6EC4DEC81E5C5F2F1CB87FB15] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-479690478-2106494838-3838648515-1001] => :0
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=KMOH
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com/ig/redirectdomain ... &bmod=KMOH
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-479690478-2106494838-3838648515-1001 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... OH_csCZ515
SearchScopes: HKU\S-1-5-21-479690478-2106494838-3838648515-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... OH_csCZ515
SearchScopes: HKU\S-1-5-21-479690478-2106494838-3838648515-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30] (AVAST Software)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30] (AVAST Software)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30] (AVAST Software)
Toolbar: HKU\S-1-5-21-479690478-2106494838-3838648515-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {F680B28A-3AEE-4C88-93ED-45AE9215C128} https://adisepo.mfcr.cz/adistc/adis/idp ... tsignx.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 194.228.2.1 88.103.252.2 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-06-21] ( )
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-479690478-2106494838-3838648515-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrea\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-16] (Unity Technologies ApS)
FF Extension: Simple Youtube and Video Converter - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack [2015-03-30]
FF Extension: Savedeo video downloader - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default\Extensions\savedeo-video-downloader@fczbkk.com.xpi [2014-03-30]
FF Extension: Quick Translator - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-03-30]
FF Extension: Map with Google - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default\Extensions\{9F730E3B-E9A1-4AFD-A7FA-57B7124076EE}.xpi [2014-03-30]
FF Extension: Adblock Plus - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-08]
CHR Extension: (PhotoLive - Download Facebook Photos!) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjnpabklnaaifclgealaepelncljadk [2014-11-08]
CHR Extension: (AdBlock) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-20]
CHR Extension: (Pin It Button) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-11-26]
CHR Extension: (Torch Share) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof [2014-04-28]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-28]
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Andrea\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-03-02]
CHR HKLM-x32\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files (x86)\Amazon\ABB\AmazonChrome-lenovo-abb.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-03-24] (Adobe Systems) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957216 2012-03-21] (Broadcom Corporation.)
S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-06-21] (Nitro PDF Software)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [119848 2011-12-21] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1031392 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-20] (Broadcom Corporation.)
S4 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-11] (Lenovo)
S4 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-04-17] (Synaptics Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 00:59 - 2015-04-15 01:00 - 00028803 _____ () C:\Users\Andrea\Desktop\FRST.txt
2015-04-15 00:59 - 2015-04-15 00:59 - 00000000 ____D () C:\FRST
2015-04-15 00:57 - 2015-04-15 00:57 - 00112640 _____ (forum.viry.cz) C:\Users\Andrea\Desktop\FRSTLauncher.exe
2015-04-15 00:48 - 2015-04-15 00:50 - 02096640 _____ (Farbar) C:\Users\Andrea\Desktop\FRST64.exe
2015-04-14 23:35 - 2015-04-14 23:35 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-04-14 23:35 - 2015-04-14 23:35 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-04-14 23:35 - 2015-04-14 23:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-04-14 23:35 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-04-14 23:34 - 2015-04-14 23:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-14 23:33 - 2015-04-14 23:33 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Andrea\Downloads\spybot-2.4.exe
2015-04-14 23:28 - 2015-04-14 23:28 - 00004268 _____ () C:\Users\Andrea\Documents\cc_20150414_232833.reg
2015-04-14 21:09 - 2015-04-14 21:10 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{9D292A97-7F29-4DC5-8620-0BD0C6D633E8}
2015-04-14 09:09 - 2015-04-14 09:09 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{BD501804-4F26-46DB-8B53-CB9F27837967}
2015-04-13 20:42 - 2015-04-13 20:43 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{C0F5EA2F-FC37-409B-9969-C400F656FD4E}
2015-04-13 17:28 - 2015-04-14 22:55 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-04-13 08:42 - 2015-04-13 08:42 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{518CD301-1F38-4784-B929-82F5F735B19D}
2015-04-12 13:58 - 2015-04-12 13:58 - 00000110 ____H () C:\Users\Andrea\Desktop\11148432_10206718160219432_3042322642765165966_n.jpg.uid-zps
2015-04-12 00:05 - 2015-04-12 00:05 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{5C494E51-CD01-4143-91C4-39F46C315E77}
2015-04-11 13:04 - 2015-04-11 13:04 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
2015-04-10 22:42 - 2015-04-10 22:42 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{0F32EE8B-C35B-490C-86D7-E8FC6884E072}
2015-04-10 09:15 - 2015-04-10 09:15 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{E60F07A2-8B36-41F6-9A16-760D089043EA}
2015-04-09 12:59 - 2015-04-09 12:59 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{0271349B-91E9-4876-9894-FF5A692417FB}
2015-04-08 11:54 - 2015-04-08 11:54 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{732D554E-0C01-4025-BD17-EFCD8424C2A6}
2015-04-07 22:25 - 2015-04-07 22:25 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{77CA9A47-EBE1-4704-AD15-F2601A120997}
2015-04-07 09:38 - 2015-04-07 09:38 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{D8954893-5DAF-4589-A9CD-369259D59D13}
2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{44B87943-9C5C-4330-BC7B-7A00F230529E}
2015-04-06 11:24 - 2015-04-06 11:24 - 00032097 _____ () C:\Users\Andrea\Documents\eviška - vzor.jbb
2015-04-05 13:48 - 2015-04-05 13:49 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{60DC4DC1-CEBB-42EB-8EB0-AD487252EA8C}
2015-04-05 00:34 - 2015-04-05 00:35 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 00:34 - 2015-04-05 00:34 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-03 20:16 - 2015-04-03 20:16 - 00443304 _____ () C:\Users\Andrea\Downloads\GeewaDancingCrazeCs.exe
2015-04-03 20:16 - 2015-04-03 20:16 - 00443304 _____ () C:\Users\Andrea\Downloads\GeewaDancingCrazeCs (2).exe
2015-04-03 20:16 - 2015-04-03 20:16 - 00443304 _____ () C:\Users\Andrea\Downloads\GeewaDancingCrazeCs (1).exe
2015-04-03 09:11 - 2015-04-03 09:11 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{568E1E55-025A-473E-8AE1-8A2F096FDE47}
2015-04-02 10:10 - 2015-04-02 10:10 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{64D18105-9A95-4984-BA8C-EAF74F4A9B23}
2015-04-01 21:01 - 2015-04-01 21:01 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6712.JPG.uid-zps
2015-04-01 21:01 - 2015-04-01 21:01 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6709.JPG.uid-zps
2015-04-01 21:00 - 2015-04-01 21:00 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6715.JPG.uid-zps
2015-04-01 20:22 - 2015-04-01 20:22 - 00000110 ____H () C:\Users\Andrea\Desktop\katka.jpg.uid-zps
2015-04-01 19:37 - 2015-04-01 19:37 - 00000859 _____ () C:\Users\Andrea\AppData\Local\recently-used.xbel
2015-04-01 11:32 - 2015-04-01 11:32 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{1347E3D2-B418-4CCE-8947-1FBE40EBACC4}
2015-03-31 22:42 - 2015-03-31 22:42 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{C31971C5-105D-43B8-84EE-935C22B5E816}
2015-03-31 17:00 - 2015-03-31 17:00 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6701.JPG.uid-zps
2015-03-31 17:00 - 2015-03-31 17:00 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6699.JPG.uid-zps
2015-03-31 08:39 - 2015-03-31 08:39 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{F6804729-95F6-46E7-A557-F221E2D16CC2}
2015-03-30 10:09 - 2015-03-30 10:09 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6693.JPG.uid-zps
2015-03-30 08:39 - 2015-03-30 08:39 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{1F23C2F5-A313-42EA-9A8C-8E8E71251B6D}
2015-03-29 23:46 - 2015-04-14 22:54 - 00000000 ____D () C:\Users\Andrea\Desktop\mix
2015-03-29 23:45 - 2015-04-02 19:12 - 00000000 ____D () C:\Users\Andrea\Desktop\Práce dětí
2015-03-29 20:33 - 2015-03-29 20:33 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{CC3C60E6-0CD0-45E0-B18A-DC43EEDF1F16}
2015-03-29 01:36 - 2015-03-29 01:36 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{5E957E26-F9A9-4B42-A908-2A14C819760E}
2015-03-28 10:27 - 2015-03-28 10:27 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{79B7F339-DD29-472A-A6B3-8E35AAC2AAE0}
2015-03-27 12:25 - 2015-03-27 12:26 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{F58ABFBA-956E-4B88-AEFC-82C575B2F2D2}
2015-03-27 12:19 - 2015-03-27 12:19 - 00005568 _____ () C:\Users\Andrea\Downloads\DPFDP5-8253055778-20150327-111740-5718887-potvrzeni.p7s
2015-03-26 22:30 - 2015-03-26 22:31 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{B21A719A-D65B-447A-8E0C-E94F53A8BF9C}
2015-03-26 20:31 - 2015-03-30 13:41 - 00000000 ____D () C:\Users\Andrea\Documents\DO FAUNAPARKU
2015-03-26 10:16 - 2015-03-26 10:16 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{328650A2-E5E8-4743-8777-498484384F02}
2015-03-25 09:17 - 2015-03-25 09:17 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{AA8E58A3-EB12-476B-B53B-E17D23E7B06F}
2015-03-25 08:49 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 08:49 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 08:49 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 08:49 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 08:49 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 08:49 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 08:49 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 08:49 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 13:06 - 2015-03-24 13:06 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{FFBA9D8D-C6E8-4EB0-9CDF-AE0212CC448E}
2015-03-24 00:45 - 2015-03-24 00:45 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{EC199F75-2A6C-4F00-9B95-E28749F7D920}
2015-03-23 10:24 - 2015-03-23 10:24 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{F0F51224-AEF2-41C4-9A95-0D3801A54190}
2015-03-23 01:33 - 2015-03-23 01:33 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{B576828C-A4E4-466D-96A2-58FADBCD2387}
2015-03-22 12:32 - 2015-03-22 12:32 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{A5C5D6EC-561B-4247-B5FB-18DF1F6049F9}
2015-03-21 22:54 - 2015-03-21 22:55 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{B9826450-C34F-4EBC-83D8-DBF19A4C314E}
2015-03-21 22:33 - 2015-03-21 22:33 - 00000110 ____H () C:\Users\Andrea\Desktop\stupne.jpg.uid-zps
2015-03-20 11:39 - 2015-03-20 11:39 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{27F532EC-B366-4694-89B7-839BC2B11EC6}
2015-03-19 23:39 - 2015-03-19 23:39 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{2548C9D5-6C3E-4EE6-AD76-4597B6008027}
2015-03-19 10:09 - 2015-03-19 10:09 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{34A215C0-6422-406C-B18A-9FCF17C1D962}
2015-03-18 08:30 - 2015-03-18 08:30 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{0B8C1B8F-420D-4C77-8698-BB9D662D1989}
2015-03-17 13:29 - 2015-03-17 13:29 - 00135551 _____ () C:\Users\Andrea\Downloads\Rokajl-Preciosa-10-0-23-mm-s-průtahem.html
2015-03-17 10:23 - 2015-03-17 10:23 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{A522316F-6D53-46AE-90A4-2278C3DEF007}
2015-03-16 22:21 - 2015-03-16 22:21 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{973956AB-9029-4B8C-98D3-55B4D34F6839}
2015-03-16 12:46 - 2015-03-16 12:46 - 00001653 _____ () C:\Users\Andrea\Downloads\DPFDP5-8411125778-20150316-114611-pracovni.xml
2015-03-16 10:20 - 2015-03-16 10:20 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{8DE1F3F3-BD77-4F2D-B1A2-16EB606B6911}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 00:44 - 2013-10-13 00:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-15 00:31 - 2014-06-22 19:06 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 00:05 - 2012-09-19 16:26 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-14 23:35 - 2013-02-13 13:30 - 31755264 ___SH () C:\Users\Andrea\Desktop\Thumbs.db
2015-04-14 23:27 - 2014-09-17 21:33 - 00000000 ____D () C:\Windows\Minidump
2015-04-14 23:27 - 2014-04-26 08:16 - 00000000 ____D () C:\Users\Andrea\AppData\Local\CrashDumps
2015-04-14 23:00 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-14 23:00 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-14 22:59 - 2012-09-19 15:51 - 02069416 ____N () C:\Windows\WindowsUpdate.log
2015-04-14 22:55 - 2014-04-26 16:07 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2015-04-14 22:52 - 2012-09-19 16:26 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-14 22:52 - 2012-09-19 16:25 - 00000000 ____D () C:\ProgramData\VeriFace
2015-04-14 22:51 - 2012-12-13 16:17 - 05062219 _____ () C:\FaceProv.log
2015-04-14 22:51 - 2012-09-19 16:29 - 00112090 _____ () C:\Windows\system32\fastboot.set
2015-04-14 22:51 - 2012-09-19 16:10 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-04-14 22:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-14 13:03 - 2012-09-19 16:10 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-04-12 18:07 - 2013-10-29 14:05 - 00000000 ____D () C:\Users\Andrea\Downloads\inspirace
2015-04-12 13:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-08 19:32 - 2015-02-27 22:25 - 01587200 ___SH () C:\Users\Andrea\Documents\Thumbs.db
2015-04-08 08:28 - 2012-12-13 21:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-06 11:09 - 2012-12-30 14:28 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\BeadTool
2015-04-03 08:14 - 2012-09-19 15:34 - 00669116 _____ () C:\Windows\system32\perfh005.dat
2015-04-03 08:14 - 2012-09-19 15:34 - 00141744 _____ () C:\Windows\system32\perfc005.dat
2015-04-03 08:14 - 2009-07-14 07:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 08:07 - 2012-09-19 16:26 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 18:58 - 2013-03-15 12:59 - 00000000 ____D () C:\Users\Andrea\Documents\KURZY
2015-04-01 19:47 - 2013-04-02 18:51 - 00000000 ____D () C:\Users\Andrea\.gimp-2.8
2015-03-31 17:13 - 2013-05-21 09:23 - 00000000 ___HD () C:\Users\Andrea\Desktop\.picasaoriginals
2015-03-30 14:27 - 2013-02-15 01:35 - 00000000 ____D () C:\Users\Andrea\Downloads\návody
2015-03-26 08:07 - 2014-12-10 10:15 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 08:07 - 2014-05-06 16:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-21 09:58 - 2013-02-12 13:47 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Skype
2015-03-20 08:55 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-17 10:00 - 2009-07-14 07:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-17 08:21 - 2013-03-10 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-16 10:50 - 2015-03-04 20:02 - 00000000 ____D () C:\Šperky březen 2015

==================== Files in the root of some directories =======

2014-04-20 17:53 - 2014-07-26 18:16 - 0005632 _____ () C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 19:37 - 2015-04-01 19:37 - 0000859 _____ () C:\Users\Andrea\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2436.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================

Light Image Resizer 4.0.4.3 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.0.4.3 - ObviousIdea)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Andrea\Desktop" je 10073 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DisableUnicastResponsesToMulticastBroadcast REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDTray.exe:*:Enabled:Spybot - Search & Destroy tray access"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater"
"C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe"="C:\\Program Files (x86)\\Spybot - Search & Destroy 2\\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Přílohy
Addition.zip
(7.99 KiB) Staženo 72 x

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - ntb se zpomalil

#2 Příspěvek od Márty84 »

Zdravim :)


:???: Co ten cracknuty office? :arcisit:

heanka píše:***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Andrea\Desktop" je 10073 MB.
:arrow: Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku :D



:arrow: Odinstalujte Spybota, program je zastaraly.

:arrow: Vypnete trvale Windows Defender.


:arrow: Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Prosím o kontrolu logu - ntb se zpomalil

#3 Příspěvek od heanka »

Už je fuč :110:

Smazáno, odinstalováno a přesunuto.

# AdwCleaner v4.201 - Log vytvořen 15/04/2015 v 10:29:38
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-08.1 [Server]
# Operační system : Windows 7 Home Premium Service Pack 1 (x64)
# Uživatelské jméno : Andrea - ANELIS
# Spuštěno z : C:\Users\Andrea\Desktop\adwcleaner_4.201.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****

[#] Složka Smazáno : C:\ProgramData\Browser Manager
Složka Smazáno : C:\ProgramData\Partner
Složka Smazáno : C:\ProgramData\ytd video downloader
Složka Smazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Složka Smazáno : C:\Program Files (x86)\GreenTree Applications
Složka Smazáno : C:\Windows\Util
Složka Smazáno : C:\Users\Andrea\AppData\Local\torch
Složka Smazáno : C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\torch
Složka Smazáno : C:\Users\Andrea\Documents\Updater
Složka Smazáno : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Soubor Smazáno : C:\Users\Public\Desktop\YTD Video Downloader.lnk
Soubor Smazáno : C:\Users\Andrea\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
Soubor Smazáno : C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
Soubor Smazáno : C:\Users\Andrea\Desktop\Torch.lnk
Soubor Smazáno : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
Soubor Smazáno : C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof
Klíč Smazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam
Klíč Smazáno : HKLM\SOFTWARE\Classes\Applications\Torch.exe
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\torch.exe
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Klíč Smazáno : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Klíč Smazáno : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Klíč Smazáno : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421}
Klíč Smazáno : HKCU\Software\APN PIP
Klíč Smazáno : HKCU\Software\PIP
Klíč Smazáno : HKCU\Software\torch
Klíč Smazáno : HKLM\SOFTWARE\PIP
Klíč Smazáno : HKLM\SOFTWARE\SearchquSRTB
Klíč Smazáno : HKLM\SOFTWARE\torch
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\torch
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v29.0.1 (cs)


-\\ Google Chrome v41.0.2272.118

[C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Smazáno [Extension] : kiplfnciaokpcennlkldkdaeaaomamof

*************************

AdwCleaner[R0].txt - [4252 bytů] - [15/04/2015 10:28:24]
AdwCleaner[S0].txt - [3654 bytů] - [15/04/2015 10:29:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3712 bytů] ##########

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - ntb se zpomalil

#4 Příspěvek od Márty84 »

heanka píše:Už je fuč :110:
Fakt? To jsem necekal, to teda chvalim :thumbsup:


:arrow: Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=29&t=137928 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Prosím o kontrolu logu - ntb se zpomalil

#5 Příspěvek od heanka »

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 15.4.2015
Čas skenování: 12:14:12
Protokol: MAM.txt
Správce: Ano

Verze: 2.01.4.1018
Databáze malwaru: v2015.04.15.03
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Andrea

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 735665
Uplynulý čas: 3 hod, 35 min, 18 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 2
Trojan.AutoKMS, C:\Windows\AutoKMS\AutoKMS.exe, , [d00f006cdeaca294f33e01fd4eb28080],
PUP.Optional.Bandoo, C:\DATA Z PLOCHY\fleA!ka king\Downloads\iLividSetup.exe, , [12cddc900a805dd901222a10649da858],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - ntb se zpomalil

#6 Příspěvek od Márty84 »

:arrow: Nalezy nechte odstranit, pak MBAM odinstalujte.


:arrow: Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)


:arrow: Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach :)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Prosím o kontrolu logu - ntb se zpomalil

#7 Příspěvek od heanka »

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium Edition SP1 [6.1 Build 7601] (x64)
Date : 2015/04/15 21:10:21

-- Controller Map ----------------------------------------------------------
+ Intel(R) 7 Series Chipset Family SATA AHCI Controller [ATA]
- ST9500325AS
- MATSHITA DVD-RAM UJ8D1

-- Disk List ---------------------------------------------------------------
(1) ST9500325AS : 500,1 GB [0/0/1, pd1] - st

----------------------------------------------------------------------------
(1) ST9500325AS
----------------------------------------------------------------------------
Model : ST9500325AS
Firmware : 0011LVM1
Serial Number : S2WMLCGZ
Disk Size : 500,1 GB (8,4/137,4/500,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : SATA/300
Power On Hours : 0 hod.
Power On Count : Neznámy údaj
Temparature : 56 C (132 F)
Health Status : Špatný
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 __0 __0 _34 000000000000 Počet chyb čtení
03 __0 __0 __0 000000000000 Čas na roztočení ploten
04 __0 __0 _20 000000000000 Počet spuštění/zastavení
05 __0 __0 _36 000000000000 Počet přemapovaných sektorů
07 __0 __0 _30 000000000000 Počet chybných hledání
09 __0 __0 __0 000000000000 Hodin v činnosti
0A __0 __0 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C __0 __0 _20 000000000000 Počet cyklů zapnutí zařízení
B8 __0 __0 _99 000000000000 Ukončovacích chyb
BB __0 __0 __0 000000000000 Ohlášeno neopravitelných chyb
BC __0 __0 __0 000000000000 Časový limit příkazu
BD __0 __0 __0 000000000000 Vysoká rychlost zápisu
BE __0 __0 _45 000000000000 Teplota toku vzduchu
BF __0 __0 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 __0 __0 __0 000000000000 Počet vypnutí disku
C1 __0 __0 __0 000000000000 Počet cyklů načítání/vymazání
C2 __0 __0 __0 000000000000 Teplota
C3 __0 __0 __0 000000000000 Počet oprav chybného čtení
C4 __0 __0 _30 000000000000 Počet udalostí s číslem realokování sektorů
C5 __0 __0 __0 000000000000 Počet podezřelých sektorů
C6 __0 __0 __0 000000000000 Počet neopravitelných sektorů
C7 __0 __0 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 5332 5332 574D 4C43 475A
020: 0000 4000 0004 3030 3131 4D31 4D31 5354 3935 3030
030: 3332 3541 5320 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0506 0506 0004 0048 0048
080: 01F0 0029 346B 7D09 6123 BC09 BC09 6123 203F 0042
090: 0042 8080 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 4000 4000 0000 5000 C500
110: 5224 1833 0000 0000 0000 0000 0000 0000 0000 401E
120: 401E 0000 0000 0000 0000 0000 0000 0000 0021 6030
130: 3A38 6030 3A38 2020 0002 0100 0100 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 001F 001F 0280 0004 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 3C00 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 103B 103B 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0002 0000 1010 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 A1A5

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Prosím o kontrolu logu - ntb se zpomalil

#8 Příspěvek od heanka »

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-04-2015 04
Ran by Andrea (administrator) on ANELIS on 15-04-2015 21:15:34
Running from C:\Users\Andrea\Desktop
Loaded Profiles: UpdatusUser & Andrea (Available profiles: UpdatusUser & Andrea)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Software602 a.s.) C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Wistron Corp.) C:\Program Files\Launch Manager\WisLMSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(ZONER software) C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Wistron Corp.) C:\Program Files\Launch Manager\HotkeyApp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\Bluetooth Headset Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Andrea\Desktop\FRST-OlderVersion\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [368728 2012-04-27] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-04-17] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2012-04-17] (Synaptics)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8079408 2012-09-19] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6202416 2012-09-19] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [206176 2012-09-19] (Lenovo)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-30] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-21] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [548864 2011-12-10] (Vimicro)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2012-01-26] (Lenovo, Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-29] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-29] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-09-19] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-14] (CyberLink Corp.)
HKLM-x32\...\Run: [{CDF13D74-E6AA-4006-818A-B360D6A3573C}] => C:\Program Files\Launch Manager\HotkeyApp.exe [415272 2012-03-01] (Wistron Corp.)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-03-17] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-479690478-2106494838-3838648515-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [] => [X]
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [GoogleChromeAutoLaunch_233139F6EC4DEC81E5C5F2F1CB87FB15] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [260928 2012-05-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-05-01] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\Windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=KMOH
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com/ig/redirectdomain ... &bmod=KMOH
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-479690478-2106494838-3838648515-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=i ... OH_csCZ515
BHO: avast! Online Security -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30] (AVAST Software)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30] (AVAST Software)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30] (AVAST Software)
Toolbar: HKU\S-1-5-21-479690478-2106494838-3838648515-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {F680B28A-3AEE-4C88-93ED-45AE9215C128} https://adisepo.mfcr.cz/adistc/adis/idp ... tsignx.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 194.228.2.1 88.103.252.2 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll [2012-06-21] ( )
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2013-10-02] ( )
FF Plugin-x32: @software602.cz/602XML Filler -> C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-479690478-2106494838-3838648515-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Andrea\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-16] (Unity Technologies ApS)
FF Extension: Simple Youtube and Video Converter - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default\Extensions\jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack [2015-03-30]
FF Extension: Savedeo video downloader - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default\Extensions\savedeo-video-downloader@fczbkk.com.xpi [2014-03-30]
FF Extension: Quick Translator - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi [2014-03-30]
FF Extension: Map with Google - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default\Extensions\{9F730E3B-E9A1-4AFD-A7FA-57B7124076EE}.xpi [2014-03-30]
FF Extension: Adblock Plus - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-08]
CHR Extension: (PhotoLive - Download Facebook Photos!) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjnpabklnaaifclgealaepelncljadk [2014-11-08]
CHR Extension: (AdBlock) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-20]
CHR Extension: (Pin It Button) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-11-26]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2014-11-08]
CHR Extension: (Google Wallet) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 602XML Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957216 2012-03-21] (Broadcom Corporation.)
S4 DamageGuardSvc; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [572976 2012-03-26] (Lenovo (Beijing) Limited)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-06-21] (Nitro PDF Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [119848 2011-12-21] (Wistron Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-07-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1031392 2014-12-01] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-03-20] (Broadcom Corporation.)
S4 DamageGuard; C:\Windows\System32\DRIVERS\DamageGuardX64.sys [217392 2012-02-11] (Lenovo)
S4 dgFltr; C:\Windows\System32\drivers\dgFltrX64.sys [23648 2011-12-13] (Lenovo)
U0 gmkyoll; C:\Windows\System32\drivers\glupbt.sys [79064 2015-04-15] (Malwarebytes Corporation)
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-04-17] (Synaptics Incorporated)
U3 BcmSqlStartupSvc; No ImagePath
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 21:15 - 2015-04-15 21:16 - 00027458 _____ () C:\Users\Andrea\Desktop\FRST.txt
2015-04-15 21:14 - 2015-04-15 21:14 - 00000000 ____D () C:\Users\Andrea\Desktop\FRST-OlderVersion
2015-04-15 21:08 - 2015-04-15 21:09 - 00000000 ____D () C:\Users\Andrea\Desktop\CrystalDiskInfo5_0_0
2015-04-15 21:04 - 2015-04-15 21:06 - 01496172 _____ () C:\Users\Andrea\Desktop\CrystalDiskInfo5_0_0.zip
2015-04-15 20:45 - 2015-04-15 20:45 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\glupbt.sys
2015-04-15 15:57 - 2015-04-15 15:57 - 00001330 _____ () C:\Users\Andrea\Desktop\MAM.txt
2015-04-15 12:12 - 2015-04-15 21:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-15 12:12 - 2015-04-15 12:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-15 12:11 - 2015-04-15 12:12 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-15 10:34 - 2015-04-15 10:34 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zařízení Bluetooth
2015-04-15 10:31 - 2015-04-15 10:31 - 00003814 _____ () C:\Windows\PFRO.log
2015-04-15 10:28 - 2015-04-15 10:30 - 00000000 ____D () C:\AdwCleaner
2015-04-15 10:27 - 2015-04-15 10:27 - 02217984 _____ () C:\Users\Andrea\Desktop\adwcleaner_4.201.exe
2015-04-15 09:27 - 2015-04-15 09:28 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{455D4261-DD1D-4A89-A9AA-403D765F92BF}
2015-04-15 07:34 - 2015-04-15 10:35 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-04-15 07:29 - 2015-04-15 20:01 - 00000727 _____ () C:\Windows\setupact.log
2015-04-15 07:29 - 2015-04-15 07:29 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-15 01:03 - 2015-04-15 01:03 - 00008182 _____ () C:\Users\Andrea\Desktop\Addition.zip
2015-04-15 00:59 - 2015-04-15 21:15 - 00000000 ____D () C:\FRST
2015-04-15 00:48 - 2015-04-15 21:14 - 02097664 _____ (Farbar) C:\Users\Andrea\Desktop\FRST64.exe
2015-04-14 23:34 - 2015-04-15 10:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-14 23:33 - 2015-04-14 23:33 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Andrea\Downloads\spybot-2.4.exe
2015-04-14 23:28 - 2015-04-14 23:28 - 00004268 _____ () C:\Users\Andrea\Documents\cc_20150414_232833.reg
2015-04-14 21:09 - 2015-04-14 21:10 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{9D292A97-7F29-4DC5-8620-0BD0C6D633E8}
2015-04-14 09:09 - 2015-04-14 09:09 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{BD501804-4F26-46DB-8B53-CB9F27837967}
2015-04-13 20:42 - 2015-04-13 20:43 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{C0F5EA2F-FC37-409B-9969-C400F656FD4E}
2015-04-13 08:42 - 2015-04-13 08:42 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{518CD301-1F38-4784-B929-82F5F735B19D}
2015-04-12 13:58 - 2015-04-12 13:58 - 00000110 ____H () C:\Users\Andrea\Desktop\11148432_10206718160219432_3042322642765165966_n.jpg.uid-zps
2015-04-12 00:05 - 2015-04-12 00:05 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{5C494E51-CD01-4143-91C4-39F46C315E77}
2015-04-10 22:42 - 2015-04-10 22:42 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{0F32EE8B-C35B-490C-86D7-E8FC6884E072}
2015-04-10 09:15 - 2015-04-10 09:15 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{E60F07A2-8B36-41F6-9A16-760D089043EA}
2015-04-09 12:59 - 2015-04-09 12:59 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{0271349B-91E9-4876-9894-FF5A692417FB}
2015-04-08 11:54 - 2015-04-08 11:54 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{732D554E-0C01-4025-BD17-EFCD8424C2A6}
2015-04-07 22:25 - 2015-04-07 22:25 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{77CA9A47-EBE1-4704-AD15-F2601A120997}
2015-04-07 09:38 - 2015-04-07 09:38 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{D8954893-5DAF-4589-A9CD-369259D59D13}
2015-04-06 20:44 - 2015-04-06 20:44 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{44B87943-9C5C-4330-BC7B-7A00F230529E}
2015-04-06 11:24 - 2015-04-06 11:24 - 00032097 _____ () C:\Users\Andrea\Documents\eviška - vzor.jbb
2015-04-05 13:48 - 2015-04-05 13:49 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{60DC4DC1-CEBB-42EB-8EB0-AD487252EA8C}
2015-04-05 00:34 - 2015-04-05 00:35 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-05 00:34 - 2015-04-05 00:34 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-03 20:16 - 2015-04-03 20:16 - 00443304 _____ () C:\Users\Andrea\Downloads\GeewaDancingCrazeCs.exe
2015-04-03 20:16 - 2015-04-03 20:16 - 00443304 _____ () C:\Users\Andrea\Downloads\GeewaDancingCrazeCs (2).exe
2015-04-03 20:16 - 2015-04-03 20:16 - 00443304 _____ () C:\Users\Andrea\Downloads\GeewaDancingCrazeCs (1).exe
2015-04-03 09:11 - 2015-04-03 09:11 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{568E1E55-025A-473E-8AE1-8A2F096FDE47}
2015-04-02 10:10 - 2015-04-02 10:10 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{64D18105-9A95-4984-BA8C-EAF74F4A9B23}
2015-04-01 21:01 - 2015-04-01 21:01 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6712.JPG.uid-zps
2015-04-01 21:01 - 2015-04-01 21:01 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6709.JPG.uid-zps
2015-04-01 21:00 - 2015-04-01 21:00 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6715.JPG.uid-zps
2015-04-01 20:22 - 2015-04-01 20:22 - 00000110 ____H () C:\Users\Andrea\Desktop\katka.jpg.uid-zps
2015-04-01 19:37 - 2015-04-01 19:37 - 00000859 _____ () C:\Users\Andrea\AppData\Local\recently-used.xbel
2015-04-01 11:32 - 2015-04-01 11:32 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{1347E3D2-B418-4CCE-8947-1FBE40EBACC4}
2015-03-31 22:42 - 2015-03-31 22:42 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{C31971C5-105D-43B8-84EE-935C22B5E816}
2015-03-31 17:00 - 2015-03-31 17:00 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6701.JPG.uid-zps
2015-03-31 17:00 - 2015-03-31 17:00 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6699.JPG.uid-zps
2015-03-31 08:39 - 2015-03-31 08:39 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{F6804729-95F6-46E7-A557-F221E2D16CC2}
2015-03-30 10:09 - 2015-03-30 10:09 - 00000110 ____H () C:\Users\Andrea\Desktop\DSCN6693.JPG.uid-zps
2015-03-30 08:39 - 2015-03-30 08:39 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{1F23C2F5-A313-42EA-9A8C-8E8E71251B6D}
2015-03-29 20:33 - 2015-03-29 20:33 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{CC3C60E6-0CD0-45E0-B18A-DC43EEDF1F16}
2015-03-29 01:36 - 2015-03-29 01:36 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{5E957E26-F9A9-4B42-A908-2A14C819760E}
2015-03-28 10:27 - 2015-03-28 10:27 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{79B7F339-DD29-472A-A6B3-8E35AAC2AAE0}
2015-03-27 12:25 - 2015-03-27 12:26 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{F58ABFBA-956E-4B88-AEFC-82C575B2F2D2}
2015-03-27 12:19 - 2015-03-27 12:19 - 00005568 _____ () C:\Users\Andrea\Downloads\DPFDP5-8253055778-20150327-111740-5718887-potvrzeni.p7s
2015-03-26 22:30 - 2015-03-26 22:31 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{B21A719A-D65B-447A-8E0C-E94F53A8BF9C}
2015-03-26 20:31 - 2015-03-30 13:41 - 00000000 ____D () C:\Users\Andrea\Documents\DO FAUNAPARKU
2015-03-26 10:16 - 2015-03-26 10:16 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{328650A2-E5E8-4743-8777-498484384F02}
2015-03-25 09:17 - 2015-03-25 09:17 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{AA8E58A3-EB12-476B-B53B-E17D23E7B06F}
2015-03-25 08:49 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 08:49 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 08:49 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 08:49 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 08:49 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 08:49 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 08:49 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 08:49 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 13:06 - 2015-03-24 13:06 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{FFBA9D8D-C6E8-4EB0-9CDF-AE0212CC448E}
2015-03-24 00:45 - 2015-03-24 00:45 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{EC199F75-2A6C-4F00-9B95-E28749F7D920}
2015-03-23 10:24 - 2015-03-23 10:24 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{F0F51224-AEF2-41C4-9A95-0D3801A54190}
2015-03-23 01:33 - 2015-03-23 01:33 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{B576828C-A4E4-466D-96A2-58FADBCD2387}
2015-03-22 12:32 - 2015-03-22 12:32 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{A5C5D6EC-561B-4247-B5FB-18DF1F6049F9}
2015-03-21 22:54 - 2015-03-21 22:55 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{B9826450-C34F-4EBC-83D8-DBF19A4C314E}
2015-03-21 22:33 - 2015-03-21 22:33 - 00000110 ____H () C:\Users\Andrea\Desktop\stupne.jpg.uid-zps
2015-03-20 11:39 - 2015-03-20 11:39 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{27F532EC-B366-4694-89B7-839BC2B11EC6}
2015-03-19 23:39 - 2015-03-19 23:39 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{2548C9D5-6C3E-4EE6-AD76-4597B6008027}
2015-03-19 10:09 - 2015-03-19 10:09 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{34A215C0-6422-406C-B18A-9FCF17C1D962}
2015-03-18 08:30 - 2015-03-18 08:30 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{0B8C1B8F-420D-4C77-8698-BB9D662D1989}
2015-03-17 13:29 - 2015-03-17 13:29 - 00135551 _____ () C:\Users\Andrea\Downloads\Rokajl-Preciosa-10-0-23-mm-s-průtahem.html
2015-03-17 10:23 - 2015-03-17 10:23 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{A522316F-6D53-46AE-90A4-2278C3DEF007}
2015-03-16 22:21 - 2015-03-16 22:21 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{973956AB-9029-4B8C-98D3-55B4D34F6839}
2015-03-16 12:46 - 2015-03-16 12:46 - 00001653 _____ () C:\Users\Andrea\Downloads\DPFDP5-8411125778-20150316-114611-pracovni.xml
2015-03-16 10:20 - 2015-03-16 10:20 - 00000000 ____D () C:\Users\Andrea\AppData\Local\{8DE1F3F3-BD77-4F2D-B1A2-16EB606B6911}

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 21:15 - 2013-02-12 13:47 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\Skype
2015-04-15 21:05 - 2012-09-19 16:26 - 00000952 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 20:53 - 2012-09-19 15:51 - 01063521 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 20:45 - 2014-04-26 16:07 - 00000000 ____D () C:\Windows\AutoKMS
2015-04-15 20:35 - 2013-03-10 17:47 - 00000000 ____D () C:\Users\Andrea\Documents\Youcam
2015-04-15 20:31 - 2014-06-22 19:06 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 17:58 - 2012-12-13 16:17 - 05071897 _____ () C:\FaceProv.log
2015-04-15 17:58 - 2012-09-19 16:25 - 00000000 ____D () C:\ProgramData\VeriFace
2015-04-15 16:31 - 2014-06-22 19:06 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 16:31 - 2014-06-22 19:06 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-15 16:31 - 2014-06-22 19:06 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 13:03 - 2012-09-19 16:10 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-04-15 12:05 - 2012-09-19 16:26 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 10:40 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 10:40 - 2009-07-14 06:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 10:35 - 2014-04-26 16:07 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2015-04-15 10:34 - 2012-09-19 16:29 - 00202340 _____ () C:\Windows\system32\fastboot.set
2015-04-15 10:33 - 2009-07-14 06:45 - 00465080 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-15 10:32 - 2012-09-19 16:10 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-04-15 10:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 10:25 - 2012-12-13 16:21 - 00120736 _____ () C:\Users\Andrea\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 10:22 - 2014-01-20 18:10 - 00000000 ____D () C:\DATA Z PLOCHY
2015-04-15 10:22 - 2012-09-19 16:28 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-15 10:18 - 2013-10-13 00:55 - 00000085 _____ () C:\Windows\wininit.ini
2015-04-15 10:18 - 2013-10-13 00:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-15 10:00 - 2013-02-13 13:30 - 31767552 ___SH () C:\Users\Andrea\Desktop\Thumbs.db
2015-04-14 23:27 - 2014-09-17 21:33 - 00000000 ____D () C:\Windows\Minidump
2015-04-14 23:27 - 2014-04-26 08:16 - 00000000 ____D () C:\Users\Andrea\AppData\Local\CrashDumps
2015-04-12 18:07 - 2013-10-29 14:05 - 00000000 ____D () C:\Users\Andrea\Downloads\inspirace
2015-04-12 13:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-08 19:32 - 2015-02-27 22:25 - 01587200 ___SH () C:\Users\Andrea\Documents\Thumbs.db
2015-04-08 08:28 - 2012-12-13 21:56 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-06 11:09 - 2012-12-30 14:28 - 00000000 ____D () C:\Users\Andrea\AppData\Roaming\BeadTool
2015-04-03 08:14 - 2012-09-19 15:34 - 00669116 _____ () C:\Windows\system32\perfh005.dat
2015-04-03 08:14 - 2012-09-19 15:34 - 00141744 _____ () C:\Windows\system32\perfc005.dat
2015-04-03 08:14 - 2009-07-14 07:13 - 01584554 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 08:07 - 2012-09-19 16:26 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-02 18:58 - 2013-03-15 12:59 - 00000000 ____D () C:\Users\Andrea\Documents\KURZY
2015-04-01 19:47 - 2013-04-02 18:51 - 00000000 ____D () C:\Users\Andrea\.gimp-2.8
2015-03-31 17:13 - 2013-05-21 09:23 - 00000000 ___HD () C:\Users\Andrea\Desktop\.picasaoriginals
2015-03-30 14:27 - 2013-02-15 01:35 - 00000000 ____D () C:\Users\Andrea\Downloads\návody
2015-03-26 08:07 - 2014-12-10 10:15 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-26 08:07 - 2014-05-06 16:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-20 08:55 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-17 10:00 - 2009-07-14 07:08 - 00032542 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-17 08:21 - 2013-03-10 18:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-16 10:50 - 2015-03-04 20:02 - 00000000 ____D () C:\Šperky březen 2015

==================== Files in the root of some directories =======

2014-04-20 17:53 - 2014-07-26 18:16 - 0005632 _____ () C:\Users\Andrea\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-01 19:37 - 2015-04-01 19:37 - 0000859 _____ () C:\Users\Andrea\AppData\Local\recently-used.xbel

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.2436.dll


Some content of TEMP:
====================
C:\Users\Andrea\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Andrea\AppData\Local\Temp\Quarantine.exe
C:\Users\Andrea\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================

Light Image Resizer 4.0.4.3 (HKLM-x32\...\{EBE030DD-D404-4D92-85E9-8C3624820808}_is1) (Version: 4.0.4.3 - ObviousIdea)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Andrea\Desktop" je 46 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DisableUnicastResponsesToMulticastBroadcast REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - ntb se zpomalil

#9 Příspěvek od Márty84 »

Neco je s diskem. Takze nez zacnem mazat...

:arrow: Udelejte kontrolu programem HD Tune
Stahnete http://www.slunecnice.cz/sw/hd-tune/ , nainstalujte a spustte jako spravce (pokud vam pri instalaci nabidne nejaky doplnek, odmitnete ho!)
V tom okne kliknete na posledni zalozku - Error Scan (pokud bude zatrzeny quick scan, tak zatrzitko zruste) a kliknete na Start.
Kontrola bude nejakou dobu trvat. Dejte vedet, jestli tam bylo nejake cervene policko.
Taky se podivejte na zalozku Health a opiste mi (vyfotte), co se tam pise. Melo by tam byt OK http://www.google.cz/imgres?um=1&hl=cs& ... s:20,i:143
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Prosím o kontrolu logu - ntb se zpomalil

#10 Příspěvek od heanka »

Nejde mi HD Tune spustit háže to hlášku , že přestal pracovat, buďto hned nebo po pár vteřinách.
Přílohy
Beze jména.jpg
Beze jména.jpg (191.28 KiB) Zobrazeno 1959 x

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - ntb se zpomalil

#11 Příspěvek od Márty84 »

:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-03-17] (Malwarebytes Corporation)
HKU\S-1-5-21-479690478-2106494838-3838648515-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [] => [X]
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [GoogleChromeAutoLaunch_233139F6EC4DEC81E5C5F2F1CB87FB15] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

Toolbar: HKU\S-1-5-21-479690478-2106494838-3838648515-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

U0 gmkyoll; C:\Windows\System32\drivers\glupbt.sys [79064 2015-04-15] (Malwarebytes Corporation)
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

2015-04-15 20:45 - 2015-04-15 20:45 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\glupbt.sys
2015-04-15 12:12 - 2015-04-15 21:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-15 12:12 - 2015-04-15 12:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-15 12:11 - 2015-04-15 12:12 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-15 07:34 - 2015-04-15 10:35 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-04-14 23:34 - 2015-04-15 10:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-14 23:33 - 2015-04-14 23:33 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Andrea\Downloads\spybot-2.4.exe
2015-04-15 20:45 - 2014-04-26 16:07 - 00000000 ____D () C:\Windows\AutoKMS
2015-04-15 10:18 - 2013-10-13 00:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Prosím o kontrolu logu - ntb se zpomalil

#12 Příspěvek od heanka »

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-04-2015 04
Ran by Andrea at 2015-04-16 18:32:40 Run:1
Running from C:\Users\Andrea\Desktop
Loaded Profiles: UpdatusUser & Andrea (Available profiles: UpdatusUser & Andrea)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-03-17] (Malwarebytes Corporation)
HKU\S-1-5-21-479690478-2106494838-3838648515-1000\...\Run: [Power2GoExpress] => NA
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [] => [X]
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2013-12-13] ()
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [831488 2013-12-13] (ZONER software)
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\...\Run: [GoogleChromeAutoLaunch_233139F6EC4DEC81E5C5F2F1CB87FB15] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

Toolbar: HKU\S-1-5-21-479690478-2106494838-3838648515-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

U0 gmkyoll; C:\Windows\System32\drivers\glupbt.sys [79064 2015-04-15] (Malwarebytes Corporation)
U2 CLKMSVC10_3A60B698; No ImagePath
U2 CLKMSVC10_C3B3B687; No ImagePath
U2 DriverService; No ImagePath
S3 FreshIO; \??\C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [X]
U2 iATAgentService; No ImagePath
U2 idealife Update Service; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 Oasis2Service; No ImagePath
U2 PCCarerService; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U2 RtLedService; No ImagePath
U2 SeaPort; No ImagePath
U2 SoftwareService; No ImagePath
U3 SQLWriter; No ImagePath

2015-04-15 20:45 - 2015-04-15 20:45 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\glupbt.sys
2015-04-15 12:12 - 2015-04-15 21:04 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-15 12:12 - 2015-04-15 12:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-15 12:11 - 2015-04-15 12:12 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Andrea\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-15 07:34 - 2015-04-15 10:35 - 00002896 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-04-14 23:34 - 2015-04-15 10:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-04-14 23:33 - 2015-04-14 23:33 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Andrea\Downloads\spybot-2.4.exe
2015-04-15 20:45 - 2014-04-26 16:07 - 00000000 ____D () C:\Windows\AutoKMS
2015-04-15 10:18 - 2013-10-13 00:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value not found.
HKU\S-1-5-21-479690478-2106494838-3838648515-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Power2GoExpress => Value not found.
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaSuite.exe => value deleted successfully.
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Service 16 => value deleted successfully.
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Windows\CurrentVersion\Run\\PC Suite Tray => value deleted successfully.
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => value deleted successfully.
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_233139F6EC4DEC81E5C5F2F1CB87FB15 => value deleted successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
HKU\S-1-5-21-479690478-2106494838-3838648515-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
gmkyoll => Service not found.
CLKMSVC10_3A60B698 => Service deleted successfully.
CLKMSVC10_C3B3B687 => Service deleted successfully.
DriverService => Service deleted successfully.
FreshIO => Service deleted successfully.
iATAgentService => Service deleted successfully.
idealife Update Service => Service deleted successfully.
IGRS => Service deleted successfully.
IviRegMgr => Service deleted successfully.
Oasis2Service => Service deleted successfully.
PCCarerService => Service deleted successfully.
ReadyComm.DirectRouter => Service deleted successfully.
RichVideo => Service deleted successfully.
RtLedService => Service deleted successfully.
SeaPort => Service deleted successfully.
SoftwareService => Service deleted successfully.
SQLWriter => Service deleted successfully.
"C:\Windows\system32\Drivers\glupbt.sys" => File/Directory not found.
C:\Program Files (x86)\Malwarebytes Anti-Malware => Moved successfully.
C:\ProgramData\Malwarebytes => Moved successfully.
C:\Users\Andrea\Downloads\mbam-setup-2.1.4.1018.exe => Moved successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy 2 => Moved successfully.
C:\Users\Andrea\Downloads\spybot-2.4.exe => Moved successfully.
C:\Windows\AutoKMS => Moved successfully.
C:\ProgramData\Spybot - Search & Destroy => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => Moved successfully.
C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 589.7 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:35:08 ====

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - ntb se zpomalil

#13 Příspěvek od Márty84 »

Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

heanka
Návštěvník
Návštěvník
Příspěvky: 53
Registrován: 14 zář 2005 20:01

Re: Prosím o kontrolu logu - ntb se zpomalil

#14 Příspěvek od heanka »

HD Tune běžel pár minut


Logfile of random's system information tool 1.10 (written by random/random)
Run by Andrea at 2015-04-16 21:56:59
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 177 GB (41%) free of 431 GB
Total RAM: 3941 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:57:28, on 16.4.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Andrea.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
O4 - HKLM\..\Run: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [{CDF13D74-E6AA-4006-818A-B360D6A3573C}] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_233139F6EC4DEC81E5C5F2F1CB87FB15] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-479690478-2106494838-3838648515-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-479690478-2106494838-3838648515-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {F680B28A-3AEE-4C88-93ED-45AE9215C128} (CryptSignX Control) - https://adisepo.mfcr.cz/adistc/adis/idp ... tsignx.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool2 (NitroDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15014 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 29911648
\??\C:\Windows\system32\conhost.exe "1096057625-69891758591077377019091664041640345369-19120086671818074822323020901
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
taskeng.exe {B69071D0-4B8C-41FD-A693-74702B3E081D}
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe"
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Launch Manager\WisLMSvc.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe"
"C:\Program Files (x86)\Lenovo\Energy Management\utility.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" -EMBEDDING
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
"C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe"
taskeng.exe {3F88EE1C-C80F-467C-A42D-DC18C5FE83A1}
"C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart
"C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"C:\Program Files (x86)\USB Camera2\VM332_STI.EXE"
"C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe"
"C:\Program Files\Launch Manager\HotkeyApp.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3320.0.1150699986\569991751" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,18,40 --gpu-vendor-id=0x8086 --gpu-device-id=0x0116 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2712 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group11 pct:1b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/QUIC/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_34/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3320 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3320.1.235855944\1478753365" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group11 pct:1b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/QUIC/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_34/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3320 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3320.2.1126844961\1813703309" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group11 pct:1b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/QUIC/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_34/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3320 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3320.3.166664332\851502712" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group11 pct:1b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/PasswordGeneration/Disabled/QUIC/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_34/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --extension-process --enable-webrtc-hw-h264-encoding --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3320 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3320.4.789669171\923159503" /prefetch:673131151
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\SysWOW64\RunDll32.exe" "C:\Program Files\Lenovo\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
"C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\sppsvc.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 6332
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group11 pct:1b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/PP_Ethersuggest_A1_Stable_R8/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_34/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3320 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3320.8.419962402\360912253" /prefetch:673131151
taskeng.exe {6D588E77-758E-4D25-8842-7919864B78F7}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/CTRequiredForEVTrial/RequirementEnforced/ChromeSuggestions/Default/DomRel-Enable/enable/EmbeddedSearch/Group11 pct:1b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/NewProfileManagement/Enabled/OmniboxBundledExperimentV1/PP_Ethersuggest_A1_Stable_R8/PasswordGeneration/Disabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/QUIC/Enabled/RememberCertificateErrorDecisions/Default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_34/UMA-Uniformity-Trial-10-Percent/group_09/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/default/UwSInterstitialStatus/On/VoiceTrigger/Install/WebRTC-IPv6Default/Enabled/" --disable-client-side-phishing-detection --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --font-cache-shared-mem-suffix=3320 --enable-pinch-virtual-viewport --enable-delegated-renderer --num-raster-threads=2 --channel="3320.9.578221262\5863218" /prefetch:673131151

C:\Windows\system32\rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "0x9bc_0x1920_0x567cdc06"
"C:\Users\Andrea\Downloads\RSITx64 (1).exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files (x86)\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 17.0.0.169 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL


C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\pwmqnon5.default\extensions\
jid0-SQnwtgW1b8BsMB5PLV5WScEDWOjw@jetpack

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30 245592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24 430592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-02 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-02 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-08-30 245592]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll [2009-08-24 430592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-08-30 201784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-03-30 170264]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-03-30 398616]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-03-30 439064]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2012-04-27 368728]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2012-01-10 12445288]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-11-15 1156712]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-04-17 2899216]
"SynLenovoGestureMgr"=C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [2012-04-17 410896]
"Energy Management"=C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [2012-09-19 8079408]
"EnergyUtility"=C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [2012-09-19 6202416]
"Lenovo EE Boot Optimizer"=C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [2012-09-19 206176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_233139F6EC4DEC81E5C5F2F1CB87FB15"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2015-03-30 809288]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-11-30 284440]
"Dolby Advanced Audio v2"=C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2011-12-21 507744]
"USB3MON"=C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-01-26 291608]
"332BigDog"=C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [2011-12-10 548864]
"Lenovo Registration"=C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [2012-01-26 4351712]
"YouCam Mirage"=C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2011-01-29 136488]
"YouCam Tray"=C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [2011-01-29 228448]
"UpdateP2GShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2010-07-27 222504]
"VeriFaceManager"=C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [2012-09-19 329056]
"UpdatePRCShortCut"=C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [2009-05-14 222504]
"{CDF13D74-E6AA-4006-818A-B360D6A3573C}"=C:\Program Files\Launch Manager\HotkeyApp.exe [2012-03-01 415272]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-08-30 4858968]
"EEventManager"=C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2009-12-03 976320]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-03-26 434688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\Program Files\Lenovo\Bluetooth Software\BtwProximityCP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-04-16 10:57:37 ----D---- C:\Program Files (x86)\HD Tune
2015-04-15 10:28:19 ----D---- C:\AdwCleaner
2015-04-15 00:59:00 ----D---- C:\FRST
2015-04-05 00:34:52 ----SD---- C:\Windows\SYSWOW64\GWX
2015-04-05 00:34:52 ----SD---- C:\Windows\system32\GWX
2015-03-25 08:49:29 ----A---- C:\Windows\system32\acmigration.dll
2015-03-25 08:49:28 ----A---- C:\Windows\system32\invagent.dll
2015-03-25 08:49:28 ----A---- C:\Windows\system32\generaltel.dll
2015-03-25 08:49:28 ----A---- C:\Windows\system32\appraiser.dll
2015-03-25 08:49:28 ----A---- C:\Windows\system32\aeinv.dll
2015-03-25 08:49:27 ----A---- C:\Windows\system32\devinv.dll
2015-03-25 08:49:26 ----A---- C:\Windows\system32\aepdu.dll
2015-03-25 08:49:25 ----A---- C:\Windows\system32\aepic.dll

======List of files/folders modified in the last 1 month======

2015-04-16 21:57:27 ----D---- C:\Windows\Prefetch
2015-04-16 21:57:21 ----D---- C:\Program Files\trend micro
2015-04-16 21:51:39 ----D---- C:\Windows\Temp
2015-04-16 21:49:57 ----A---- C:\Windows\SYSWOW64\log.txt
2015-04-16 21:47:45 ----D---- C:\Windows\system32\config
2015-04-16 21:47:13 ----D---- C:\ProgramData\VeriFace
2015-04-16 20:50:19 ----D---- C:\Windows\SysWOW64
2015-04-16 20:50:15 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-04-16 20:35:13 ----D---- C:\Users\Andrea\AppData\Roaming\Skype
2015-04-16 19:31:28 ----D---- C:\Windows\Tasks
2015-04-16 18:33:50 ----D---- C:\Windows\system32\drivers\etc
2015-04-16 18:33:48 ----SHD---- C:\System Volume Information
2015-04-16 18:33:47 ----HD---- C:\ProgramData
2015-04-16 18:33:45 ----RD---- C:\Program Files (x86)
2015-04-16 18:33:45 ----D---- C:\Windows\system32\Tasks
2015-04-16 18:33:45 ----AD---- C:\Windows
2015-04-16 02:25:46 ----D---- C:\Windows\Microsoft.NET
2015-04-16 02:08:36 ----D---- C:\Windows\system32\drivers
2015-04-16 00:48:42 ----SHD---- C:\Windows\Installer
2015-04-16 00:48:42 ----SHD---- C:\Config.Msi
2015-04-15 23:03:53 ----D---- C:\Windows\inf
2015-04-15 23:03:53 ----AD---- C:\Windows\System32
2015-04-15 23:03:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-04-15 10:22:53 ----D---- C:\DATA Z PLOCHY
2015-04-15 10:22:16 ----D---- C:\Program Files (x86)\Adobe
2015-04-15 10:20:07 ----D---- C:\Program Files (x86)\Common Files
2015-04-15 10:18:25 ----A---- C:\Windows\wininit.ini
2015-04-15 10:18:23 ----SD---- C:\ProgramData\Microsoft
2015-04-14 23:27:02 ----D---- C:\Windows\Minidump
2015-04-14 23:27:02 ----D---- C:\Windows\debug
2015-04-12 13:15:13 ----D---- C:\Windows\system32\NDF
2015-04-07 07:04:50 ----D---- C:\Windows\system32\catroot2
2015-04-06 11:09:24 ----D---- C:\Users\Andrea\AppData\Roaming\BeadTool
2015-04-05 00:35:18 ----D---- C:\Windows\winsxs
2015-04-05 00:35:10 ----D---- C:\Windows\Logs
2015-03-26 08:07:02 ----SD---- C:\Windows\system32\CompatTel
2015-03-26 08:07:01 ----D---- C:\Windows\system32\wbem
2015-03-26 08:07:01 ----D---- C:\Windows\system32\appraiser
2015-03-26 08:07:01 ----D---- C:\Windows\AppPatch
2015-03-22 09:08:07 ----D---- C:\Windows\system32\wdi
2015-03-17 08:21:42 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2012-07-04 19600]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-08-30 65336]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-08-30 204880]
R0 fbfmon;fbfmon; C:\Windows\system32\drivers\fbfmon.sys [2012-09-19 57952]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-11-30 568600]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-01-26 16152]
R0 LHDmgr;LHDmgr; C:\Windows\System32\DRIVERS\LhdX64.sys [2012-09-19 39008]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-05-01 28992]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-08-30 72016]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-12-01 1031392]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-08-30 378944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-08-30 64288]
R1 BPntDrv;BPntDrv; C:\Windows\system32\drivers\BPntDrv.sys [2012-09-19 13408]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-08-30 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-08-30 80816]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\Windows\system32\DRIVERS\AcpiVpc.sys [2012-09-19 30816]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2012-04-20 97880]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2012-03-20 163368]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2011-07-02 4745280]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-10-10 80384]
R3 btwampfl;btwampfl Bluetooth filter driver; \??\C:\Windows\system32\drivers\btwampfl.sys [2012-03-21 594472]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2012-03-05 184872]
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys [2012-03-05 210984]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2011-09-17 39976]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2012-03-05 21544]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2011-01-29 31088]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-03-26 14748416]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2012-01-10 4731112]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-01-26 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-01-26 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-11-15 111216]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SmbDrvIntel;SmbDrvIntel; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-04-17 27408]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-04-17 428304]
R3 vm332avs;Lenovo Camera2; C:\Windows\System32\Drivers\vm332avs.sys [2011-12-15 958800]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2013-01-23 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2013-01-23 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\Windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 127488]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\Windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 18944]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\Windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 161280]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2013-01-23 9216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2013-08-29 33280]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2013-01-23 9216]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 DamageGuard;DamageGuard; C:\Windows\system32\DRIVERS\DamageGuardX64.sys [2012-02-11 217392]
S4 dgFltr;dgFltr; C:\Windows\system32\drivers\dgFltrX64.sys [2011-12-13 23648]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-08-30 46808]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2012-03-21 957216]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-09 607456]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2011-12-16 128280]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-12-16 277784]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-20 935208]
R2 NitroDriverReadSpool2;NitroPDFDriverCreatorReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [2012-06-21 216072]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\Windows\SysWOW64\NLSSRV32.EXE [2012-06-21 69640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-05-01 889664]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-01 2458944]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 363800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-04-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18 107912]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-01-02 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16 268464]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-11 50864]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-30 276248]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-18 107912]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-12-13 194032]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2015-02-20 114688]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-05-06 1663880]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 50942144]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2015-02-09 119408]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2013-04-18 737616]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-15 1255736]
S4 DamageGuardSvc;Lenovo Instant Reset Service; C:\Program Files\Lenovo\Instant Reset\DamageGuardSvc.exe [2012-03-26 572976]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------
Přílohy
hd1.JPG
hd1.JPG (63.76 KiB) Zobrazeno 1932 x

Márty84
VIP
VIP
Příspěvky: 21679
Registrován: 05 pro 2009 20:08
Bydliště: Ostrava

Re: Prosím o kontrolu logu - ntb se zpomalil

#15 Příspěvek od Márty84 »

:!: Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
:arrow: Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
AdobeARMservice
Nero BackItUp Scheduler 4.0
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz

Možnost podpořit naše fórum https://platba.viry.cz/payment/

Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).

Zamčeno