úplně zavirovaný ntb :-(

[Pavla V.]

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Acer
->Temp folder emptied: 11644576 bytes
->Temporary Internet Files folder emptied: 214 bytes
->FireFox cache emptied: 36566675 bytes
->Google Chrome cache emptied: 11782539 bytes
->Flash cache emptied: 973 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Martin a Pája
->Temp folder emptied: 4933051 bytes
->Temporary Internet Files folder emptied: 3352198 bytes
->FireFox cache emptied: 156907892 bytes
->Google Chrome cache emptied: 55681685 bytes
->Flash cache emptied: 1471 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 528604 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43264965 bytes
RecycleBin emptied: 786573 bytes

Total Files Cleaned = 310,00 mb


[EMPTYFLASH]

User: Acer
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Martin a Pája
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6392.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP710A.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\Installer\MSI2DE.tmp- folder deleted successfully.
C:\Windows\Installer\MSI569B.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5DEC.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5EB.tmp- folder deleted successfully.
C:\Windows\Installer\MSI5F73.tmp- folder deleted successfully.
C:\Windows\Installer\MSI60EB.tmp- folder deleted successfully.
C:\Windows\Installer\MSI688A.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7086.tmp- folder deleted successfully.
C:\Windows\Installer\MSI722C.tmp-\HD-Frontend-Native.dll deleted successfully.
C:\Windows\Installer\MSI722C.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7385.tmp- folder deleted successfully.
C:\Windows\Installer\MSI74DD.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7635.tmp- folder deleted successfully.
C:\Windows\Installer\MSI79A0.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7DA6.tmp- folder deleted successfully.
C:\Windows\Installer\MSI7EFE.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8047.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8191.tmp- folder deleted successfully.
C:\Windows\Installer\MSI86D3.tmp- folder deleted successfully.
C:\Windows\Installer\MSI8E8.tmp- folder deleted successfully.
C:\Windows\Installer\MSI946B.tmp- folder deleted successfully.
C:\Windows\Installer\MSI971A.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9A85.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9BCE.tmp- folder deleted successfully.
C:\Windows\Installer\MSI9ECB.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA5DE.tmp- folder deleted successfully.
C:\Windows\Installer\MSIA977.tmp- folder deleted successfully.
C:\Windows\Installer\MSIADFB.tmp- folder deleted successfully.
C:\Windows\Installer\MSIAFA1.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB59B.tmp- folder deleted successfully.
C:\Windows\Installer\MSIB953.tmp- folder deleted successfully.
C:\Windows\Installer\MSIBD69.tmp- folder deleted successfully.
C:\Windows\Installer\MSIC19F.tmp- folder deleted successfully.
C:\Windows\Installer\MSIC5B5.tmp- folder deleted successfully.
C:\Windows\Installer\MSICC1C.tmp- folder deleted successfully.
C:\Windows\Installer\MSICDD2.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSICDD2.tmp- folder deleted successfully.
C:\Windows\Installer\MSICF49.tmp- folder deleted successfully.
C:\Windows\Installer\MSID765.tmp-\HD-LibraryHandler.dll deleted successfully.
C:\Windows\Installer\MSID765.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSID765.tmp- folder deleted successfully.
C:\Windows\Installer\MSIE3D4.tmp- folder deleted successfully.
C:\Windows\Installer\MSIE52D.tmp-\HD-ShortcutHandler.dll deleted successfully.
C:\Windows\Installer\MSIE52D.tmp- folder deleted successfully.
C:\Windows\Installer\MSIED0A.tmp- folder deleted successfully.
C:\Windows\Installer\MSIFFA2.tmp- folder deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 04182014_202648

Files\Folders moved on Reboot...
File move failed. C:\Users\Martin a Pája\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File move failed. C:\Users\Martin a Pája\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.piriform.com/ccleaner/download/slim a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc, krom toho, ze Avast hlasi havet.

[Pavla V.]

Tak všechno hotovo.
Akorát Combofix nějak zmizel už dřív sám...
PC se pořád sem tam sám vypne
Mozilla je pomalá, seká se. Nejde na ní nastavit domovská stránka.
Defragmenter ukazoval, že PC má teplotu 38 stupňů. Není to moc? Nepřehřívá se? (nerozumím tomu)
Avast pořád stejně - hlásí

[Márty84]

Fajn, dejte novy log z RSIT

Ta teplota je v poradku, ale koukneme na dalsi teploty. Pomoci programku speedfan http://www.stahuj.centrum.cz/utility_a_ ... /speedfan/
Opiste mi je, nebo dejte screen

Pocitac se vypne bez jakehokoliv varovani? Nebo hodi modrou obrazovku?

Udelejte sken s AVPTool http://forum.viry.cz/viewtopic.php?f=29&t=58179

[Pavla V.]

PC se vypne bez varování, bez modré obrazovky...

Log RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Acer at 2014-04-20 00:12:04
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 222 GB (76%) free of 292 GB
Total RAM: 3765 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:12:07, on 20.4.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16521)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Acer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [PoivY] "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
O4 - HKUS\S-1-5-21-1509574589-1064071742-3463816385-1003\..\Run: [PoivY] "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized (User 'Martin a Pája')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6980 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 37588704
\??\C:\Windows\system32\conhost.exe "-826019192192686213740501154645483647319223941-7525624441753092541-88729014
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1688
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
taskeng.exe {BED720AF-9E6B-4590-9FDC-90AF98AB1051}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\SysWOW64\RunDll32.exe "C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll",SetAndWaitBtMmHook
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\splwow64.exe 8192
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe14_ Global\UsGthrCtrlFltPipeMssGthrPipe14 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Users\Martin a Pája\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

=========Mozilla firefox=========

ProfilePath - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\9y9rwork.default

prefs.js - "browser.startup.homepage" - "http://www.centrum.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.182 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-04-17 581824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-04-17 436600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-02-22 168944]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-02-22 394224]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-02-22 418800]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PoivY"=C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe [2014-02-12 19849008]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-17 3873704]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-02-19 390144]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-04-20 00:12:04 ----D---- C:\rsit
2014-04-19 19:43:32 ----D---- C:\Program Files\Defraggler
2014-04-19 19:23:47 ----D---- C:\Windows\system32\%LOCALAPPDATA%
2014-04-17 18:10:48 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2014-04-17 18:10:43 ----A---- C:\Windows\avastSS.scr
2014-04-17 17:23:22 ----D---- C:\Program Files\trend micro
2014-04-17 15:24:43 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-17 15:23:37 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-04-16 23:54:27 ----SHD---- C:\$RECYCLE.BIN
2014-04-15 23:49:38 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-04-15 23:48:58 ----D---- C:\ProgramData\Malwarebytes
2014-04-15 08:22:34 ----A---- C:\Windows\system32\mshtml.dll
2014-04-15 08:22:32 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-04-15 08:22:25 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-04-15 08:22:25 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-15 08:22:25 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-15 08:22:25 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-15 08:22:24 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-15 08:22:21 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-15 08:22:19 ----A---- C:\Windows\SYSWOW64\user.exe
2014-04-15 08:22:18 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-04-15 08:22:17 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-04-15 08:22:17 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-04-15 08:22:17 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-04-15 08:22:17 ----A---- C:\Windows\system32\wow64cpu.dll
2014-04-15 08:22:17 ----A---- C:\Windows\system32\wow64.dll
2014-04-15 08:22:16 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-04-15 08:22:16 ----A---- C:\Windows\system32\wow64win.dll
2014-04-15 08:22:16 ----A---- C:\Windows\system32\kernel32.dll
2014-04-15 08:22:15 ----A---- C:\Windows\system32\ntvdm64.dll
2014-04-10 19:33:32 ----D---- C:\ProgramData\Intel
2014-04-10 19:28:16 ----A---- C:\Windows\system32\igfxtray.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\igfxsrvc.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\igfxpers.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\igfxext.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\hkcmd.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\GfxUI.exe
2014-04-10 19:28:16 ----A---- C:\Windows\system32\difx64.exe
2014-04-10 19:28:10 ----A---- C:\Windows\system32\igfxCoIn_v2993.dll
2014-04-10 19:28:09 ----A---- C:\Windows\SYSWOW64\iglhsip32.dll
2014-04-10 19:28:09 ----A---- C:\Windows\SYSWOW64\iglhcp32.dll
2014-04-10 19:28:09 ----A---- C:\Windows\system32\iglhsip64.dll
2014-04-10 19:28:09 ----A---- C:\Windows\system32\iglhcp64.dll
2014-04-10 19:28:09 ----A---- C:\Windows\system32\igfxTMM.dll
2014-04-10 19:28:08 ----A---- C:\Windows\SYSWOW64\igfxexps32.dll
2014-04-10 19:28:08 ----A---- C:\Windows\SYSWOW64\igfxdv32.dll
2014-04-10 19:28:08 ----A---- C:\Windows\SYSWOW64\igfxcmrt32.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\igfxpph.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\igfxexps.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\igfxdo.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\IGFXDEVLib.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\igfxdev.dll
2014-04-10 19:28:08 ----A---- C:\Windows\system32\igfxcmrt64.dll
2014-04-10 19:28:07 ----A---- C:\Windows\SYSWOW64\igfxcmjit32.dll
2014-04-10 19:28:07 ----A---- C:\Windows\system32\igfxcmjit64.dll
2014-04-10 19:28:07 ----A---- C:\Windows\system32\igdumd64.dll
2014-04-10 19:28:06 ----A---- C:\Windows\SYSWOW64\igd10umd32.dll
2014-04-10 19:28:06 ----A---- C:\Windows\system32\drivers\igdkmd64.sys
2014-04-10 19:28:05 ----A---- C:\Windows\system32\ig4icd64.dll
2014-04-10 19:28:05 ----A---- C:\Windows\system32\IccLibDll_x64.dll
2014-04-10 19:28:05 ----A---- C:\Windows\system32\gfxSrvc.dll
2014-04-10 19:28:05 ----A---- C:\Windows\system32\drivers\IntcDAud.sys
2014-04-10 19:28:04 ----A---- C:\Windows\system32\IntcDAuC.dll
2014-04-10 19:16:44 ----D---- C:\ProgramData\BlueStacksSetup
2014-03-30 17:39:08 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-03-30 17:39:08 ----A---- C:\Windows\system32\mstscax.dll
2014-03-27 13:12:38 ----D---- C:\FOTOKNIHY
2014-03-27 12:39:30 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-03-27 12:39:25 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-03-27 12:39:25 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-03-27 12:39:25 ----A---- C:\Windows\system32\tsgqec.dll
2014-03-27 12:39:25 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2014-03-27 12:39:24 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2014-03-27 12:39:24 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-03-27 12:39:24 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-03-27 12:39:24 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2014-03-27 12:39:24 ----A---- C:\Windows\system32\wksprtPS.dll
2014-03-27 12:39:24 ----A---- C:\Windows\system32\wksprt.exe
2014-03-27 12:39:24 ----A---- C:\Windows\system32\TSWbPrxy.exe
2014-03-27 12:39:24 ----A---- C:\Windows\system32\mstsc.exe
2014-03-27 12:39:24 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2014-03-27 12:39:23 ----A---- C:\Windows\SYSWOW64\rdvidcrl.dll
2014-03-27 12:39:23 ----A---- C:\Windows\system32\rdvidcrl.dll
2014-03-27 12:38:04 ----D---- C:\Program Files\Microsoft Silverlight
2014-03-27 12:38:04 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2014-03-27 12:37:03 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-03-27 12:37:00 ----A---- C:\Windows\system32\drivers\TsUsbGD.sys
2014-03-27 12:37:00 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2014-03-27 12:36:58 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll
2014-03-27 12:36:57 ----A---- C:\Windows\system32\rdpudd.dll
2014-03-27 12:36:57 ----A---- C:\Windows\system32\rdpendp_winip.dll
2014-03-27 12:36:57 ----A---- C:\Windows\system32\rdpcorets.dll
2014-03-27 12:33:45 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2014-03-27 12:33:45 ----A---- C:\Windows\system32\qdvd.dll
2014-03-27 12:33:43 ----A---- C:\Windows\SYSWOW64\TSWorkspace.dll
2014-03-27 12:33:43 ----A---- C:\Windows\system32\TSWorkspace.dll
2014-03-22 22:09:46 ----D---- C:\foto-knihy

======List of files/folders modified in the last 1 month======

2014-04-20 00:12:07 ----D---- C:\Windows\Prefetch
2014-04-19 23:08:19 ----D---- C:\Windows\system32\config
2014-04-19 22:58:02 ----D---- C:\Windows\Temp
2014-04-19 22:56:45 ----SHD---- C:\System Volume Information
2014-04-19 21:32:46 ----D---- C:\Program Files (x86)\Paratext 7
2014-04-19 21:32:46 ----D---- C:\My Paratext Projects
2014-04-19 19:43:32 ----RD---- C:\Program Files
2014-04-19 19:38:17 ----D---- C:\Windows\Panther
2014-04-19 19:38:17 ----D---- C:\Windows\inf
2014-04-19 19:38:13 ----D---- C:\Windows\Logs
2014-04-19 19:38:13 ----D---- C:\Windows\debug
2014-04-19 19:38:13 ----D---- C:\Windows
2014-04-19 19:25:41 ----A---- C:\Windows\SYSWOW64\log.txt
2014-04-19 19:23:47 ----D---- C:\Windows\System32
2014-04-18 20:28:12 ----SHD---- C:\Windows\Installer
2014-04-18 20:28:11 ----D---- C:\Windows\Tasks
2014-04-17 20:04:17 ----D---- C:\Windows\system32\drivers
2014-04-17 18:10:53 ----D---- C:\Windows\system32\Tasks
2014-04-17 18:10:44 ----A---- C:\Windows\system32\aswBoot.exe
2014-04-17 15:24:43 ----D---- C:\ProgramData
2014-04-17 11:18:20 ----D---- C:\Windows\Microsoft.NET
2014-04-17 11:07:11 ----RSD---- C:\Windows\assembly
2014-04-17 11:07:00 ----RD---- C:\Program Files (x86)
2014-04-17 09:14:56 ----D---- C:\Windows\rescache
2014-04-16 23:54:15 ----A---- C:\Windows\system.ini
2014-04-16 23:54:07 ----D---- C:\Windows\system32\drivers\etc
2014-04-16 23:52:28 ----D---- C:\Windows\system32\catroot2
2014-04-16 22:03:19 ----D---- C:\Windows\SYSWOW64\drivers
2014-04-16 22:03:19 ----D---- C:\Windows\SysWOW64
2014-04-16 22:03:19 ----D---- C:\Windows\AppPatch
2014-04-16 22:03:16 ----D---- C:\Program Files (x86)\Common Files
2014-04-15 08:30:20 ----D---- C:\Windows\winsxs
2014-04-15 08:28:34 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-04-15 08:28:34 ----D---- C:\Windows\system32\DriverStore
2014-04-15 08:28:34 ----D---- C:\Windows\system32\cs-CZ
2014-04-15 08:27:39 ----D---- C:\ProgramData\Microsoft Help
2014-04-15 08:27:14 ----D---- C:\Windows\system32\MRT
2014-04-15 08:24:17 ----A---- C:\Windows\system32\MRT.exe
2014-04-15 08:21:47 ----D---- C:\Windows\system32\catroot
2014-04-13 10:22:09 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-04-10 19:31:03 ----D---- C:\Program Files (x86)\Intel
2014-04-03 20:56:44 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-03-27 14:37:24 ----D---- C:\Windows\SYSWOW64\wbem
2014-03-27 14:37:24 ----D---- C:\Windows\SYSWOW64\en-US
2014-03-27 14:37:24 ----D---- C:\Windows\system32\wbem
2014-03-27 14:37:24 ----D---- C:\Windows\system32\drivers\en-US
2014-03-27 14:37:23 ----D---- C:\Windows\system32\en-US
2014-03-27 14:37:23 ----D---- C:\Windows\PolicyDefinitions
2014-03-27 12:39:18 ----SD---- C:\ProgramData\Microsoft
2014-03-27 12:36:41 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2014-03-23 15:45:46 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-23 10:14:45 ----D---- C:\Windows\system32\wdi
2014-03-22 22:12:16 ----A---- C:\Windows\SYSWOW64\FOTOKNIHY_FOTOKNIHY_uninstaller.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2014-04-17 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-04-17 208416]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2014-04-17 93568]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2014-04-17 1039096]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2014-04-17 423240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2014-04-17 29208]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2014-04-17 79184]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2014-04-17 85328]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2014-03-06 3058168]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-02-19 12312928]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athurx.sys [2009-12-31 1783296]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwampfl;Bluetooth AMP USB Filter; C:\Windows\system32\drivers\btwampfl.sys [2010-06-26 342056]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2010-06-26 102952]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\DRIVERS\btwavdt.sys [2010-06-26 135720]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2010-06-26 39464]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2010-06-26 21544]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-10-02 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-04-17 50344]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-25 952096]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 268824]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-01 111616]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-19 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2014-03-08 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

[Pavla V.]

obrázek teploty... to asi nevypadá dobře, co

[Márty84]

V logu nevidim nic, co by melo brzdit firefox. Zkuste mozillu preinstalovat. Pokud nechcete prijit treba o zalozky, zazalohujte si ji pomoci mozbackup http://www.stahuj.centrum.cz/utility_a_ ... mozbackup/


Ty teploty jsou merene v klidu, nebo pri zatezi? Ale nerekl bych, ze jsou nejak extra vysoke.


Az se pc zase neocekavane vypne, postupujte podle navodu kolegy.

Exportujeme protokol událostí Systém

• Klikněte pravým tlačítkem myši na tento počítač-spravovat
• Dále se proklikejte následovně: Systémové nástroje-Prohlížeč událostí-Protokoly systému windows-Systém
• Klikněte pravým tlačítkem myši na Systém a dejte volbu Uložit všechny události jako..
• Uložte soubor někam na disk a nahrajte na http://www.leteckaposta.cz a vložte mi sem odkaz

[Pavla V.]

AVP nic nenašel.
Jinak ty teploty bych řekla spíš v klidu...
Mozillu přeinstaluju.
Kdyby byl problém, tak vložím odkaz na ten protokol.
Díky.

[Márty84]

OK

Zkusime se jeste podivat na nektery ten hlaseny soubor.

Stahnete SystemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte ho na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do okna zkopirujte tento skript

Kód: Vybrat vše

:filefind
*KBDURDU.DLL*

kliknete na Look a chvili pockejte
Mel by na vas vyskocit log s nazvem Systemlook
Ten mi sem zkopirujte

[Pavla V.]

Níž je výsledek.
Jinak Mozillu jsem přeinstalovala, jak se s ní pracuje uvidím... ale pořád nejde nastavit domovská stránka. To předtím nebylo.
Taky Google Chrom nešel spustit, i když správce úloh ho ukazoval s hvězdičkou. Taky jsem ho přeinstalovala, ukazuje se mi hláška, když ho spustím, že nelze načíst osobní nastavení. Nemohlo se to stát nějakými zásahy těch programů (combofix?)

SystemLook 30.07.11 by jpshortstuff
Log created at 16:56 on 21/04/2014 by Acer
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*KBDURDU.DLL*"
C:\Windows\System32\KBDURDU.DLL --a---- 6144 bytes [23:25 13/07/2009] [01:11 14/07/2009] FD1E73941ACF224C035B93A49B8CD22B
C:\Windows\SysWOW64\KBDURDU.DLL --a---- 6144 bytes [23:25 13/07/2009] [01:11 14/07/2009] FD1E73941ACF224C035B93A49B8CD22B

-= EOF =-

[Márty84]

Zopakujte prosim systemlook, ale stahnete si tento http://jpshortstuff.247fixes.com/SystemLook_x64.exe


CF ani jiny program nesmazal nic, co by tohle zpusobilo. Mazem to porad a nikdo jiny problem nema, cili problem je nekde v pc.


Zopakujte krok s ADWCleanerem

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Clean
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

[Pavla V.]

Tak mám dojem, že to způsobil TFC (nebo možná OTC, ale spíš ten druhý)
protože teď jsem prováděla tu doporučenou čistku podle seznamu na druhém PC (téma vedle) a TFC nahlásil nějakou chybu, PC jsem musela restartovat, poprvé naskočilo jen černo, podruhé naskočilo.
Vlastně jsem si uvědomila, že jakou chybu to hlásilo i na to tomto PC, akorát jsem to v noci prostě odklikla a zapomněla. A na druhém PC teď google zahlásil stejnou hlášku a pak už nešel spustit. Nechci přeinstalovávat hned, zmizely by záložky, stále by to hládilo tu chybu o nastavení. Ten PC používáí můj drahý a jsou to jeho záložky, takže problém
Zkusila jsem dát bod obnovení (nabídka byla jen co vytvořil OTL) - ale teď mám bod obnovení skoro hotový a chce to OTL otebřít, tak nevím - mám to odkliknout, aby se spustil?

"Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat"

[Pavla V.]

SystemLook 30.07.11 by jpshortstuff
Log created at 17:28 on 21/04/2014 by Acer
Administrator - Elevation successful

========== filefind ==========

Searching for "*KBDURDU.DLL*"
C:\Windows\System32\KBDURDU.DLL --a---- 6656 bytes [23:37 13/07/2009] [01:28 14/07/2009] 433B6D6BE96F7F36E0E20682EB5A2CAF
C:\Windows\SysWOW64\KBDURDU.DLL --a---- 6144 bytes [23:25 13/07/2009] [01:11 14/07/2009] FD1E73941ACF224C035B93A49B8CD22B

-= EOF =-

[Márty84]

TFC ani OTC ale nemazou nic, co se tyka prohlizecu

OTL nepotrebujete, takze ho nechte klidne odebrat


Ten soubor, co prvne hlasil Avast uz tam neni. Vy jste ty jeho nalezy nechala odstranit?

[Pavla V.]

ne, nedávala jsem odstranit nic, co avast našel!
ale ty soubory co avast našel, nenašlo nic jiného, nejde se k nim jinak dostat
nemůže to být nějaký pozůstatek po obnově systému do továrky (možná blbej nápad)

jinak, na tom PC vedle, obnovení systému se prý úplně nepovedlo, nespecifikovaná chyba 0xc0000022.
ale google je zachráněnej, uf, funguje, bez hlášky, záložky OK.