Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

náhle spomalenie systému a vyhodenie blue screenu

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
jakkal
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 01 čer 2008 11:37

náhle spomalenie systému a vyhodenie blue screenu

#1 Příspěvek od jakkal »

Dobrý večer,

v poslednej dobe sa mi veľmi spomalil systém a dokonca mi začalo vyhadzovať blue screen. Posielam log z FRST. V prílohe posielam súbor Addition. Ďakujem za radu.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Spaulding (administrator) on DARKMOON on 28-01-2015 22:13:34
Running from C:\Users\Spaulding\Desktop
Loaded Profiles: UpdatusUser & Spaulding (Available profiles: UpdatusUser & Spaulding)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Firebird Project) C:\Program Files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(KROS a.s.) C:\Program Files (x86)\KROS\ALFA plus\!System\ALFAplus.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(TNS) C:\Users\Spaulding\AppData\Local\Apps\2.0\MMHQW1Y1.KWC\VDVRR9YQ.PYQ\odme..tion_e50b86a32720a37b_0002.0002_841a6bdf5cf377a9\Odmenovac.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Spaulding\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [976032 2011-09-17] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-09-17] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-10] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [Google Update] => C:\Users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [EPSON Stylus Photo RX585 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLE.EXE [213504 2007-03-30] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {10cb3697-5d74-11e1-81ae-dc0ea11c3558} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {239f81c0-ae51-11e2-bf12-dc0ea11c3558} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {4ce4ea13-52ba-11e3-aa88-74de2b969bfc} - F:\TMCCSetup_3.57.95.14.exe
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {7b1a698e-5e84-11e1-a67a-dc0ea11c3558} - E:\setup.exe
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {89b1e439-4d01-11e4-b93b-dc0ea11c3558} - F:\Startme.exe
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {c5c9428e-d421-11e3-84b4-dc0ea11c3558} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {d09e1fc0-97cb-11e1-a9a8-dc0ea11c3558} - G:\setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-10-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203072 2011-10-16] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ALFA plus - rýchle spustenie.lnk
ShortcutTarget: ALFA plus - rýchle spustenie.lnk -> C:\Program Files (x86)\KROS\ALFA plus\!System\ALFAplus.exe (KROS a.s.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Spaulding\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odmenovac.appref-ms ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2945635248-4128347931-1253345948-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2945635248-4128347931-1253345948-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
URLSearchHook: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> DefaultScope {627D0B63-BF2B-4FFA-8F06-0B7768EACA4C} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> {627D0B63-BF2B-4FFA-8F06-0B7768EACA4C} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Spaulding\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Spaulding\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Spaulding\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: facebook.com/fbDesktopPlugin -> C:\Users\Spaulding\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-22]
CHR Extension: (Hľadať v Google) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-22]
CHR Extension: (AdBlock) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-28]
CHR Extension: (Peňaženka Google) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-22]
CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\SPAULD~1\AppData\Local\Temp\ccex.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-17] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-27] (AVAST Software)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-08-02] (Acer Incorporated)
R2 FirebirdServerKROS_20400; C:\Program Files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [3764224 2011-10-11] (Firebird Project) [File not signed]
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2012-02-27] (Macrovision Europe Ltd.) [File not signed]
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [36456 2011-05-30] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [343032 2012-02-08] (Nitro PDF Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Wisaroc; C:\Windows\Wisaroc.exe [1686020 2014-09-10] (Remak) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-27] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-27] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-01-14] (The OpenVPN Project)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-27] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-02-24] () [File not signed]
S2 SVKP; C:\Windows\SysWOW64\SVKP.sys [2368 2012-04-08] (AntiCracking) [File not signed]
U3 a22vo1uw; C:\Windows\System32\Drivers\a22vo1uw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S2 Angelnt; \SystemRoot\System32\Drivers\ANGELNT.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 22:13 - 2015-01-28 22:14 - 00021148 _____ () C:\Users\Spaulding\Desktop\FRST.txt
2015-01-28 22:12 - 2015-01-28 22:13 - 00000000 ____D () C:\FRST
2015-01-28 22:10 - 2015-01-28 22:10 - 00112640 _____ (forum.viry.cz) C:\Users\Spaulding\Desktop\FRSTLauncher.exe
2015-01-28 22:07 - 2015-01-28 22:07 - 00112640 _____ (forum.viry.cz) C:\Users\Spaulding\Downloads\Nepotvrdené 934806.crdownload
2015-01-28 22:07 - 2015-01-28 22:07 - 00112640 _____ (forum.viry.cz) C:\Users\Spaulding\Downloads\Nepotvrdené 447690.crdownload
2015-01-28 22:03 - 2015-01-28 22:03 - 02130432 _____ (Farbar) C:\Users\Spaulding\Desktop\FRST64.exe
2015-01-28 21:56 - 2015-01-28 21:56 - 00000364 _____ () C:\Windows\PFRO.log
2015-01-28 02:31 - 2015-01-28 02:31 - 00262144 _____ () C:\Windows\Minidump\012815-62540-01.dmp
2015-01-28 02:31 - 2015-01-28 02:31 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 19:20 - 2015-01-28 13:54 - 00276480 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _012015_v1.xls
2015-01-25 15:51 - 2015-01-25 15:51 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 17:10 - 2015-01-24 17:10 - 00221138 _____ () C:\Users\Spaulding\Downloads\Databaza(chybajuce mesta).xlsx
2015-01-24 17:09 - 2015-01-26 09:18 - 00279040 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _012015_v1 (2).xls
2015-01-19 13:50 - 2015-01-19 16:11 - 00270848 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _012015 aktualne.xls
2015-01-19 13:41 - 2015-01-24 17:10 - 00288768 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _050115.xls
2015-01-19 13:29 - 2015-01-28 21:57 - 00001515 _____ () C:\Windows\setupact.log
2015-01-19 13:29 - 2015-01-19 13:29 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-18 17:09 - 2015-01-18 17:09 - 00000000 ____D () C:\Users\Spaulding\Desktop\mobilko
2015-01-15 16:35 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 16:35 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 16:35 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 16:35 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 16:35 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 16:35 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 16:35 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 15:47 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:47 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:47 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:47 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:47 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 15:47 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 01:56 - 2015-01-12 02:43 - 00000000 ____D () C:\Users\Spaulding\Desktop\tlacit
2015-01-11 22:49 - 2015-01-11 22:49 - 00062976 _____ () C:\Users\Spaulding\Downloads\sprinkerykepke_moje.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 22:07 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 22:07 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 22:04 - 2011-11-21 22:45 - 01303828 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 22:02 - 2014-03-17 10:28 - 00000000 ____D () C:\ProgramData\firebird
2015-01-28 22:01 - 2013-05-29 20:51 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 21:59 - 2012-02-22 18:00 - 00000000 ____D () C:\Users\Spaulding\AppData\Local\Deployment
2015-01-28 21:58 - 2012-05-02 20:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-28 21:58 - 2012-02-22 17:43 - 00141544 _____ () C:\Users\Spaulding\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-28 21:57 - 2013-05-29 20:51 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 21:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 21:57 - 2009-07-14 05:45 - 00485024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-28 21:50 - 2013-02-27 21:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 21:47 - 2012-02-24 02:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-28 21:45 - 2011-10-11 13:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-28 21:43 - 2010-11-21 08:16 - 00000000 ____D () C:\Windows\ShellNew
2015-01-28 21:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-28 21:38 - 2009-07-14 03:34 - 00000387 _____ () C:\Windows\win.ini
2015-01-28 21:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-28 21:31 - 2012-02-22 18:01 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
2015-01-28 21:13 - 2012-04-12 11:03 - 00001058 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
2015-01-28 15:10 - 2012-07-15 13:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-28 14:12 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 02:29 - 2012-02-26 18:59 - 00000000 ____D () C:\Users\Spaulding\AppData\Roaming\Azureus
2015-01-28 01:35 - 2012-04-13 13:57 - 00000000 ____D () C:\Users\Spaulding\AppData\Roaming\PrimoPDF
2015-01-27 22:02 - 2013-11-03 22:04 - 00000000 ____D () C:\Users\Spaulding\AppData\Roaming\vlc
2015-01-27 20:18 - 2012-02-22 18:01 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
2015-01-27 15:13 - 2012-04-12 11:03 - 00001036 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
2015-01-27 08:23 - 2012-02-22 18:01 - 00002412 _____ () C:\Users\Spaulding\Desktop\Google Chrome.lnk
2015-01-25 15:51 - 2013-02-27 21:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 15:51 - 2013-02-27 21:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 15:51 - 2011-10-11 13:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 03:06 - 2012-08-17 13:45 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-18 17:11 - 2012-03-01 20:20 - 00000000 ____D () C:\Users\Spaulding\AppData\Local\CrashDumps
2015-01-15 19:35 - 2013-05-29 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-15 02:53 - 2013-08-15 21:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 02:45 - 2012-02-26 18:47 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job => C:\Users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job => C:\Users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job => C:\Users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job => C:\Users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Spaulding\Desktop" je 10746 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cabinet
C:\Program Files (x86)\Cabinet\Cabinet.exe -shrink [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\38A880~1.141\SSSCHE~1.EXE [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Spaulding^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\SPAULD~1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Spaulding (administrator) on DARKMOON on 28-01-2015 22:19:03
Running from C:\Users\Spaulding\Desktop
Loaded Profiles: UpdatusUser & Spaulding (Available profiles: UpdatusUser & Spaulding)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Firebird Project) C:\Program Files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(KROS a.s.) C:\Program Files (x86)\KROS\ALFA plus\!System\ALFAplus.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(TNS) C:\Users\Spaulding\AppData\Local\Apps\2.0\MMHQW1Y1.KWC\VDVRR9YQ.PYQ\odme..tion_e50b86a32720a37b_0002.0002_841a6bdf5cf377a9\Odmenovac.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Spaulding\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [976032 2011-09-17] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-09-17] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-10] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [Google Update] => C:\Users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [EPSON Stylus Photo RX585 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLE.EXE [213504 2007-03-30] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {10cb3697-5d74-11e1-81ae-dc0ea11c3558} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {239f81c0-ae51-11e2-bf12-dc0ea11c3558} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {4ce4ea13-52ba-11e3-aa88-74de2b969bfc} - F:\TMCCSetup_3.57.95.14.exe
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {7b1a698e-5e84-11e1-a67a-dc0ea11c3558} - E:\setup.exe
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {89b1e439-4d01-11e4-b93b-dc0ea11c3558} - F:\Startme.exe
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {c5c9428e-d421-11e3-84b4-dc0ea11c3558} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {d09e1fc0-97cb-11e1-a9a8-dc0ea11c3558} - G:\setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-10-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203072 2011-10-16] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ALFA plus - rýchle spustenie.lnk
ShortcutTarget: ALFA plus - rýchle spustenie.lnk -> C:\Program Files (x86)\KROS\ALFA plus\!System\ALFAplus.exe (KROS a.s.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Spaulding\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odmenovac.appref-ms ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2945635248-4128347931-1253345948-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2945635248-4128347931-1253345948-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
URLSearchHook: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> DefaultScope {627D0B63-BF2B-4FFA-8F06-0B7768EACA4C} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> {627D0B63-BF2B-4FFA-8F06-0B7768EACA4C} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Spaulding\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Spaulding\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Spaulding\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: facebook.com/fbDesktopPlugin -> C:\Users\Spaulding\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-22]
CHR Extension: (Hľadať v Google) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-22]
CHR Extension: (AdBlock) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-28]
CHR Extension: (Peňaženka Google) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-22]
CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\SPAULD~1\AppData\Local\Temp\ccex.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-17] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-27] (AVAST Software)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-08-02] (Acer Incorporated)
R2 FirebirdServerKROS_20400; C:\Program Files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [3764224 2011-10-11] (Firebird Project) [File not signed]
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2012-02-27] (Macrovision Europe Ltd.) [File not signed]
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [36456 2011-05-30] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [343032 2012-02-08] (Nitro PDF Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Wisaroc; C:\Windows\Wisaroc.exe [1686020 2014-09-10] (Remak) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-27] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-27] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-01-14] (The OpenVPN Project)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-27] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-02-24] () [File not signed]
S2 SVKP; C:\Windows\SysWOW64\SVKP.sys [2368 2012-04-08] (AntiCracking) [File not signed]
U3 a22vo1uw; C:\Windows\System32\Drivers\a22vo1uw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S2 Angelnt; \SystemRoot\System32\Drivers\ANGELNT.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 22:19 - 2015-01-28 22:19 - 00021161 _____ () C:\Users\Spaulding\Desktop\FRST.txt
2015-01-28 22:16 - 2015-01-28 22:16 - 00034107 _____ () C:\Users\Spaulding\Desktop\FRST3.txt
2015-01-28 22:12 - 2015-01-28 22:19 - 00000000 ____D () C:\FRST
2015-01-28 22:10 - 2015-01-28 22:10 - 00112640 _____ (forum.viry.cz) C:\Users\Spaulding\Desktop\FRSTLauncher.exe
2015-01-28 22:07 - 2015-01-28 22:07 - 00112640 _____ (forum.viry.cz) C:\Users\Spaulding\Downloads\Nepotvrdené 934806.crdownload
2015-01-28 22:07 - 2015-01-28 22:07 - 00112640 _____ (forum.viry.cz) C:\Users\Spaulding\Downloads\Nepotvrdené 447690.crdownload
2015-01-28 22:03 - 2015-01-28 22:03 - 02130432 _____ (Farbar) C:\Users\Spaulding\Desktop\FRST64.exe
2015-01-28 21:56 - 2015-01-28 21:56 - 00000364 _____ () C:\Windows\PFRO.log
2015-01-28 02:31 - 2015-01-28 02:31 - 00262144 _____ () C:\Windows\Minidump\012815-62540-01.dmp
2015-01-28 02:31 - 2015-01-28 02:31 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 19:20 - 2015-01-28 13:54 - 00276480 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _012015_v1.xls
2015-01-25 15:51 - 2015-01-25 15:51 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 17:10 - 2015-01-24 17:10 - 00221138 _____ () C:\Users\Spaulding\Downloads\Databaza(chybajuce mesta).xlsx
2015-01-24 17:09 - 2015-01-26 09:18 - 00279040 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _012015_v1 (2).xls
2015-01-19 13:50 - 2015-01-19 16:11 - 00270848 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _012015 aktualne.xls
2015-01-19 13:41 - 2015-01-24 17:10 - 00288768 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _050115.xls
2015-01-19 13:29 - 2015-01-28 21:57 - 00001515 _____ () C:\Windows\setupact.log
2015-01-19 13:29 - 2015-01-19 13:29 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-18 17:09 - 2015-01-18 17:09 - 00000000 ____D () C:\Users\Spaulding\Desktop\mobilko
2015-01-15 16:35 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 16:35 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 16:35 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 16:35 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 16:35 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 16:35 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 16:35 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 15:47 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:47 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:47 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:47 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:47 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 15:47 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 01:56 - 2015-01-12 02:43 - 00000000 ____D () C:\Users\Spaulding\Desktop\tlacit
2015-01-11 22:49 - 2015-01-11 22:49 - 00062976 _____ () C:\Users\Spaulding\Downloads\sprinkerykepke_moje.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 22:07 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 22:07 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 22:04 - 2011-11-21 22:45 - 01303828 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 22:02 - 2014-03-17 10:28 - 00000000 ____D () C:\ProgramData\firebird
2015-01-28 22:01 - 2013-05-29 20:51 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 21:59 - 2012-02-22 18:00 - 00000000 ____D () C:\Users\Spaulding\AppData\Local\Deployment
2015-01-28 21:58 - 2012-05-02 20:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-28 21:58 - 2012-02-22 17:43 - 00141544 _____ () C:\Users\Spaulding\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-28 21:57 - 2013-05-29 20:51 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 21:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 21:57 - 2009-07-14 05:45 - 00485024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-28 21:50 - 2013-02-27 21:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 21:47 - 2012-02-24 02:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-28 21:45 - 2011-10-11 13:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-28 21:43 - 2010-11-21 08:16 - 00000000 ____D () C:\Windows\ShellNew
2015-01-28 21:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-28 21:38 - 2009-07-14 03:34 - 00000387 _____ () C:\Windows\win.ini
2015-01-28 21:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-28 21:31 - 2012-02-22 18:01 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
2015-01-28 21:13 - 2012-04-12 11:03 - 00001058 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
2015-01-28 15:10 - 2012-07-15 13:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-28 14:12 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 02:29 - 2012-02-26 18:59 - 00000000 ____D () C:\Users\Spaulding\AppData\Roaming\Azureus
2015-01-28 01:35 - 2012-04-13 13:57 - 00000000 ____D () C:\Users\Spaulding\AppData\Roaming\PrimoPDF
2015-01-27 22:02 - 2013-11-03 22:04 - 00000000 ____D () C:\Users\Spaulding\AppData\Roaming\vlc
2015-01-27 20:18 - 2012-02-22 18:01 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
2015-01-27 15:13 - 2012-04-12 11:03 - 00001036 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
2015-01-27 08:23 - 2012-02-22 18:01 - 00002412 _____ () C:\Users\Spaulding\Desktop\Google Chrome.lnk
2015-01-25 15:51 - 2013-02-27 21:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 15:51 - 2013-02-27 21:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 15:51 - 2011-10-11 13:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 03:06 - 2012-08-17 13:45 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-18 17:11 - 2012-03-01 20:20 - 00000000 ____D () C:\Users\Spaulding\AppData\Local\CrashDumps
2015-01-15 19:35 - 2013-05-29 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-15 02:53 - 2013-08-15 21:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 02:45 - 2012-02-26 18:47 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job => C:\Users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job => C:\Users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job => C:\Users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job => C:\Users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Spaulding\Desktop" je 10746 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cabinet
C:\Program Files (x86)\Cabinet\Cabinet.exe -shrink [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\38A880~1.141\SSSCHE~1.EXE [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Spaulding^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\SPAULD~1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-01-2015
Ran by Spaulding (administrator) on DARKMOON on 28-01-2015 22:22:37
Running from C:\Users\Spaulding\Desktop
Loaded Profiles: UpdatusUser & Spaulding (Available profiles: UpdatusUser & Spaulding)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Firebird Project) C:\Program Files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(KROS a.s.) C:\Program Files (x86)\KROS\ALFA plus\!System\ALFAplus.exe
(WinZip Computing, S.L.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(TNS) C:\Users\Spaulding\AppData\Local\Apps\2.0\MMHQW1Y1.KWC\VDVRR9YQ.PYQ\odme..tion_e50b86a32720a37b_0002.0002_841a6bdf5cf377a9\Odmenovac.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Spaulding\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [976032 2011-09-17] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-09-17] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Power Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-08-10] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [Google Update] => C:\Users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [EPSON Stylus Photo RX585 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICLE.EXE [213504 2007-03-30] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1942720 2015-01-23] (Valve Corporation)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-06-14] (InstallShield Software Corporation)
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {10cb3697-5d74-11e1-81ae-dc0ea11c3558} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {239f81c0-ae51-11e2-bf12-dc0ea11c3558} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {4ce4ea13-52ba-11e3-aa88-74de2b969bfc} - F:\TMCCSetup_3.57.95.14.exe
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {7b1a698e-5e84-11e1-a67a-dc0ea11c3558} - E:\setup.exe
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {89b1e439-4d01-11e4-b93b-dc0ea11c3558} - F:\Startme.exe
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {c5c9428e-d421-11e3-84b4-dc0ea11c3558} - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A01B06 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\...\MountPoints2: {d09e1fc0-97cb-11e1-a9a8-dc0ea11c3558} - G:\setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [241984 2011-10-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [203072 2011-10-16] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ALFA plus - rýchle spustenie.lnk
ShortcutTarget: ALFA plus - rýchle spustenie.lnk -> C:\Program Files (x86)\KROS\ALFA plus\!System\ALFAplus.exe (KROS a.s.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files (x86)\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Spaulding\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Odmenovac.appref-ms ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [Správa překryvné ikony digitálních podpisů AutoCADu ] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-2945635248-4128347931-1253345948-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-2945635248-4128347931-1253345948-1001] => http=127.0.0.1:8877;https=127.0.0.1:8877
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
HKU\S-1-5-21-2945635248-4128347931-1253345948-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
URLSearchHook: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> DefaultScope {627D0B63-BF2B-4FFA-8F06-0B7768EACA4C} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> {627D0B63-BF2B-4FFA-8F06-0B7768EACA4C} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-2945635248-4128347931-1253345948-1001 -> No Name - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
DPF: HKLM-x32 {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Spaulding\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Spaulding\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Spaulding\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2945635248-4128347931-1253345948-1001: facebook.com/fbDesktopPlugin -> C:\Users\Spaulding\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
Přílohy
Addition.rar
(8.31 KiB) Staženo 94 x
Nahoru
jakkal
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 01 čer 2008 11:37

Re: náhle spomalenie systému a vyhodenie blue screenu

#2 Příspěvek od jakkal »

pokračovanie logu:

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-22]
CHR Extension: (Hľadať v Google) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-22]
CHR Extension: (AdBlock) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-28]
CHR Extension: (Peňaženka Google) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR Extension: (Gmail) - C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-22]
CHR HKLM-x32\...\Chrome\Extension: [ojpijjmpahflnipadmlpgbjmagmjchkk] - C:\Users\SPAULD~1\AppData\Local\Temp\ccex.crx [Not Found]
StartMenuInternet: Google Chrome - C:\Users\Spaulding\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [105120 2011-09-17] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-27] (AVAST Software)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-08-02] (Acer Incorporated)
R2 FirebirdServerKROS_20400; C:\Program Files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [3764224 2011-10-11] (Firebird Project) [File not signed]
S3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1030600 2012-02-27] (Macrovision Europe Ltd.) [File not signed]
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [36456 2011-05-30] (Acer Incorporated)
R2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [343032 2012-02-08] (Nitro PDF Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 Wisaroc; C:\Windows\Wisaroc.exe [1686020 2014-09-10] (Remak) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-27] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21136 2012-10-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-27] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-27] (AVAST Software)
S3 aswTap; C:\Windows\System32\DRIVERS\aswTap.sys [44640 2014-01-14] (The OpenVPN Project)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-27] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2012-02-24] () [File not signed]
S2 SVKP; C:\Windows\SysWOW64\SVKP.sys [2368 2012-04-08] (AntiCracking) [File not signed]
U3 a22vo1uw; C:\Windows\System32\Drivers\a22vo1uw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero size file/folder)
S2 Angelnt; \SystemRoot\System32\Drivers\ANGELNT.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 22:22 - 2015-01-28 22:23 - 00021218 _____ () C:\Users\Spaulding\Desktop\FRST.txt
2015-01-28 22:16 - 2015-01-28 22:21 - 00068321 _____ () C:\Users\Spaulding\Desktop\FRST3.txt
2015-01-28 22:12 - 2015-01-28 22:22 - 00000000 ____D () C:\FRST
2015-01-28 22:10 - 2015-01-28 22:10 - 00112640 _____ (forum.viry.cz) C:\Users\Spaulding\Desktop\FRSTLauncher.exe
2015-01-28 22:07 - 2015-01-28 22:07 - 00112640 _____ (forum.viry.cz) C:\Users\Spaulding\Downloads\Nepotvrdené 934806.crdownload
2015-01-28 22:07 - 2015-01-28 22:07 - 00112640 _____ (forum.viry.cz) C:\Users\Spaulding\Downloads\Nepotvrdené 447690.crdownload
2015-01-28 22:03 - 2015-01-28 22:03 - 02130432 _____ (Farbar) C:\Users\Spaulding\Desktop\FRST64.exe
2015-01-28 21:56 - 2015-01-28 21:56 - 00000364 _____ () C:\Windows\PFRO.log
2015-01-28 02:31 - 2015-01-28 02:31 - 00262144 _____ () C:\Windows\Minidump\012815-62540-01.dmp
2015-01-28 02:31 - 2015-01-28 02:31 - 00000000 ____D () C:\Windows\Minidump
2015-01-26 19:20 - 2015-01-28 13:54 - 00276480 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _012015_v1.xls
2015-01-25 15:51 - 2015-01-25 15:51 - 04070576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-01-24 17:10 - 2015-01-24 17:10 - 00221138 _____ () C:\Users\Spaulding\Downloads\Databaza(chybajuce mesta).xlsx
2015-01-24 17:09 - 2015-01-26 09:18 - 00279040 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _012015_v1 (2).xls
2015-01-19 13:50 - 2015-01-19 16:11 - 00270848 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _012015 aktualne.xls
2015-01-19 13:41 - 2015-01-24 17:10 - 00288768 _____ () C:\Users\Spaulding\Desktop\FIREMNE POZICKARNE _050115.xls
2015-01-19 13:29 - 2015-01-28 21:57 - 00001515 _____ () C:\Windows\setupact.log
2015-01-19 13:29 - 2015-01-19 13:29 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-18 17:09 - 2015-01-18 17:09 - 00000000 ____D () C:\Users\Spaulding\Desktop\mobilko
2015-01-15 16:35 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 16:35 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-15 16:35 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-15 16:35 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-15 16:35 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-15 16:35 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-15 16:35 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 15:47 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 15:47 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 15:47 - 2014-12-11 18:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 15:47 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 15:47 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 15:47 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 01:56 - 2015-01-12 02:43 - 00000000 ____D () C:\Users\Spaulding\Desktop\tlacit
2015-01-11 22:49 - 2015-01-11 22:49 - 00062976 _____ () C:\Users\Spaulding\Downloads\sprinkerykepke_moje.xls

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-28 22:07 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-28 22:07 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-28 22:04 - 2011-11-21 22:45 - 01303828 _____ () C:\Windows\WindowsUpdate.log
2015-01-28 22:02 - 2014-03-17 10:28 - 00000000 ____D () C:\ProgramData\firebird
2015-01-28 22:01 - 2013-05-29 20:51 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-28 21:59 - 2012-02-22 18:00 - 00000000 ____D () C:\Users\Spaulding\AppData\Local\Deployment
2015-01-28 21:58 - 2012-05-02 20:55 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-28 21:58 - 2012-02-22 17:43 - 00141544 _____ () C:\Users\Spaulding\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-28 21:57 - 2013-05-29 20:51 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-28 21:57 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-28 21:57 - 2009-07-14 05:45 - 00485024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-28 21:50 - 2013-02-27 21:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-28 21:47 - 2012-02-24 02:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-28 21:45 - 2011-10-11 13:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-01-28 21:43 - 2010-11-21 08:16 - 00000000 ____D () C:\Windows\ShellNew
2015-01-28 21:43 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-01-28 21:38 - 2009-07-14 03:34 - 00000387 _____ () C:\Windows\win.ini
2015-01-28 21:36 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-28 21:31 - 2012-02-22 18:01 - 00000962 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
2015-01-28 21:13 - 2012-04-12 11:03 - 00001058 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
2015-01-28 15:10 - 2012-07-15 13:18 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-28 14:12 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-28 02:29 - 2012-02-26 18:59 - 00000000 ____D () C:\Users\Spaulding\AppData\Roaming\Azureus
2015-01-28 01:35 - 2012-04-13 13:57 - 00000000 ____D () C:\Users\Spaulding\AppData\Roaming\PrimoPDF
2015-01-27 22:02 - 2013-11-03 22:04 - 00000000 ____D () C:\Users\Spaulding\AppData\Roaming\vlc
2015-01-27 20:18 - 2012-02-22 18:01 - 00000910 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
2015-01-27 15:13 - 2012-04-12 11:03 - 00001036 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
2015-01-27 08:23 - 2012-02-22 18:01 - 00002412 _____ () C:\Users\Spaulding\Desktop\Google Chrome.lnk
2015-01-25 15:51 - 2013-02-27 21:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 15:51 - 2013-02-27 21:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 15:51 - 2011-10-11 13:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-20 03:06 - 2012-08-17 13:45 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-18 17:11 - 2012-03-01 20:20 - 00000000 ____D () C:\Users\Spaulding\AppData\Local\CrashDumps
2015-01-15 19:35 - 2013-05-29 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-15 02:53 - 2013-08-15 21:30 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 02:45 - 2012-02-26 18:47 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-11 16:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job => C:\Users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job => C:\Users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job => C:\Users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job => C:\Users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Spaulding\Desktop" je 10746 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cabinet
C:\Program Files (x86)\Cabinet\Cabinet.exe -shrink [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update
"C:\Users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk
C:\PROGRA~1\MCAFEE~1\38A880~1.141\SSSCHE~1.EXE [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Spaulding^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk
C:\Users\SPAULD~1\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================


s pozdravom Michal
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: náhle spomalenie systému a vyhodenie blue screenu

#3 Příspěvek od Roli »

Zdravím, použij, WhoCrashed

po spuštění klikni v levo nahoře na Analyze,

aplikace po chvilce ve svém okně níže pod Crash Dump Analysis vytvoří zprávu o příčině pádu, kterou mi sem nakopíruj.


V Plánovači úloh zakaž Facebook Update a Google Update oboje tam bude několikrát.


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
jakkal
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 01 čer 2008 11:37

Re: náhle spomalenie systému a vyhodenie blue screenu

#4 Příspěvek od jakkal »

Zdravim,

tu je log z Crash dumpu:

Crash dump directory: C:\Windows\Minidump

Crash dumps are enabled on your computer.

On Wed 28. 1. 2015 1:29:41 GMT your computer crashed
crash dump file: C:\Windows\Minidump\012815-62540-01.dmp
This was probably caused by the following module: tcpip.sys (0xFFFFF88001A73B04)
Bugcheck code: 0xD1 (0x22, 0x2, 0x0, 0xFFFFF88001A73B04)
Error: DRIVER_IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\tcpip.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: TCP/IP Driver
Bug check description: This indicates that a kernel-mode driver attempted to access pageable memory at a process IRQL that was too high.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system that cannot be identified at this time.



a tu z AdwCleanera:

# AdwCleaner v4.109 - Report created 29/01/2015 at 20:16:55
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Spaulding - DARKMOON
# Running from : C:\Users\Spaulding\Downloads\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\Spaulding\AppData\Local\Conduit
Folder Deleted : C:\Users\Spaulding\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Spaulding\AppData\Roaming\OpenCandy
File Deleted : C:\END
File Deleted : C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\Spaulding\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8877;hxxps=127.0.0.1:8877
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2495 octets] - [29/01/2015 20:07:06]
AdwCleaner[S0].txt - [2415 octets] - [29/01/2015 20:16:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2475 octets] ##########
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: náhle spomalenie systému a vyhodenie blue screenu

#5 Příspěvek od Roli »

Co se týče té modré smrti nejdříve zkontroluj zda máš všechny aktualizace systému.

ZDE je návod na Opravu systému, proveď ji a pak dej vědět jak to dopadlo a dočistíme PC.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
jakkal
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 01 čer 2008 11:37

Re: náhle spomalenie systému a vyhodenie blue screenu

#6 Příspěvek od jakkal »

Zdravim,
pozeral som aktualizacie cez Windows update a ukazuje mi, že je všetko aktualizované a žiadne nové aktualizácie niesu k dispozícii.
A čo sa týka tej obnovy systému, pozeral som si ten príspevok, ale moc som v ňom nenašiel nič čo by sa týkalo mňa. Boli tam len veci o úplnom výpadku systému.
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: náhle spomalenie systému a vyhodenie blue screenu

#7 Příspěvek od Roli »

jakkal píše:A čo sa týka tej obnovy systému, pozeral som si ten príspevok, ale moc som v ňom nenašiel nič čo by sa týkalo mňa. Boli tam len veci o úplnom výpadku systému.
Ten návod je univerzální, systém si to projede a co bude poškozeno pokusí se opravit.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
jakkal
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 01 čer 2008 11:37

Re: náhle spomalenie systému a vyhodenie blue screenu

#8 Příspěvek od jakkal »

Zdravím,

ozývam sa trocha neskôr, lebo som bol odcestovaný. Tu je log z ComboFixu:


ComboFix 15-02-16.01 - Spaulding . 02. 2015 11:12:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.5996.3954 [GMT 1:00]
Running from: c:\users\Spaulding\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinZip\Icon_1.ico
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-01-24 to 2015-02-24 )))))))))))))))))))))))))))))))
.
.
2015-02-24 10:21 . 2015-02-24 10:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-24 10:21 . 2015-02-24 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-24 10:01 . 2015-02-24 10:01 -------- d-----w- c:\users\Spaulding\AppData\Local\IsolatedStorage
2015-02-24 10:01 . 2015-02-24 10:04 -------- d-----w- c:\users\Spaulding\AppData\Local\Akamai
2015-02-24 10:00 . 2015-02-24 10:03 -------- d-----w- c:\program files (x86)\NortonInstaller
2015-02-24 10:00 . 2015-02-24 10:02 -------- dc-h--w- c:\programdata\~0
2015-02-24 10:00 . 2015-02-24 10:00 -------- d-----w- c:\users\Spaulding\AppData\Roaming\ImperiaOnline
2015-02-24 09:49 . 2015-02-24 09:49 -------- d-----w- c:\program files (x86)\Autodesk
2015-02-23 19:38 . 2015-02-23 19:38 -------- d-----w- c:\users\Spaulding\AppData\Local\Steam
2015-02-23 11:42 . 2015-02-24 10:05 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F416845-B5CF-4CAE-8861-B793623AF35A}\offreg.dll
2015-02-22 20:34 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5F416845-B5CF-4CAE-8861-B793623AF35A}\mpengine.dll
2015-02-15 22:24 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-15 22:24 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-15 22:24 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-15 22:24 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 07:59 . 2015-01-10 06:48 22016 ----a-w- c:\windows\system32\credssp.dll
2015-02-11 07:58 . 2015-01-15 08:09 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-02-11 07:57 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-01-29 19:06 . 2015-01-29 19:16 -------- d-----w- C:\AdwCleaner
2015-01-29 19:01 . 2015-01-29 19:01 -------- d-----w- c:\program files\WhoCrashed
2015-01-28 22:55 . 2015-01-28 22:55 615936 ----a-w- c:\windows\AutoKMS.exe
2015-01-28 22:43 . 2015-01-28 22:43 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2015-01-28 22:42 . 2015-01-28 22:42 -------- d-----w- c:\windows\PCHEALTH
2015-01-28 22:42 . 2015-01-28 22:42 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2015-01-28 22:38 . 2015-01-28 22:38 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2015-01-28 22:37 . 2015-01-28 22:37 -------- d-----w- c:\program files\Microsoft Office
2015-01-28 22:36 . 2015-01-28 22:36 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2015-01-28 22:35 . 2015-01-28 22:35 -------- d-----r- C:\MSOCache
2015-01-28 21:12 . 2015-01-28 21:22 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-14 23:27 . 2012-02-26 17:47 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 11:50 . 2013-02-27 20:02 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 11:50 . 2011-10-11 12:20 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-22 23:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 14:47 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 14:47 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 14:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 14:47 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 14:47 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 14:47 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-02-18 2874048]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-10 3890208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
c:\users\Spaulding\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Odmenovac.appref-ms [2013-6-20 282]
Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ALFA plus - rýchle spustenie.lnk - c:\program files (x86)\KROS\ALFA plus\!System\ALFAplus.exe /StartUp [2014-3-12 3369272]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2008-9-10 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS;c:\windows\SYSNATIVE\Drivers\ANGELNT.SYS [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys;c:\windows\SYSNATIVE\SVKP.sys [x]
R2 Wisaroc;Wisaroc;c:\windows\Wisaroc.exe;c:\windows\Wisaroc.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 FirebirdServerKROS_20400;Firebird Server - KROS_20400;c:\program files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe;c:\program files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 11:50]
.
2015-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
- c:\users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 13:08]
.
2015-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
- c:\users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 13:08]
.
2015-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 19:51]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 19:51]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
- c:\users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 22:04]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
- c:\users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-27 10:27 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-08-02 1831016]
"AutoKMS"="c:\windows\AutoKMS.exe" [2015-01-28 615936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://packardbell.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 147.175.16.10 147.175.34.4
TCP: Interfaces\{A2A5A9CB-A983-47C6-B619-60550FEF4735}\07C6163747B6F667: NameServer = 195.28.64.99,195.80.171.4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Spaulding\AppData\Local\Akamai\netsession_win.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... nts/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-24 11:24:11
ComboFix-quarantined-files.txt 2015-02-24 10:24
.
Pre-Run: 43 704 594 432 bytes free
Post-Run: 43 368 169 472 bytes free
.
- - End Of File - - F2690F5D7864D94BD018C1706D034125


ďakujem
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: náhle spomalenie systému a vyhodenie blue screenu

#9 Příspěvek od Roli »

jakkal píše:Zdravím,

ozývam sa trocha neskôr, lebo som bol odcestovaný.
Ahoj,

s tím problém nemám, ale co ten nelegální software od Microsoftu ?
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
jakkal
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 01 čer 2008 11:37

Re: náhle spomalenie systému a vyhodenie blue screenu

#10 Příspěvek od jakkal »

Zdravím,

ospravedlňujem sa, ale na pôvodnom software mi vypršala licencia a dorábal som diplomovku, tak to bolo také riešenie z núdze. Už som daný software odstránil z PC. Posielam nový log:

ComboFix 15-02-16.01 - Spaulding . 02. 2015 21:28:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.5996.3361 [GMT 1:00]
Running from: c:\users\Spaulding\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-01-24 to 2015-02-24 )))))))))))))))))))))))))))))))
.
.
2015-02-24 20:37 . 2015-02-24 20:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-24 20:37 . 2015-02-24 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-24 20:17 . 2015-02-24 20:17 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C759A984-9AE6-4DFE-A80D-F02B6512A1B1}\offreg.dll
2015-02-24 11:07 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C759A984-9AE6-4DFE-A80D-F02B6512A1B1}\mpengine.dll
2015-02-24 10:01 . 2015-02-24 10:01 -------- d-----w- c:\users\Spaulding\AppData\Local\IsolatedStorage
2015-02-24 10:01 . 2015-02-24 10:04 -------- d-----w- c:\users\Spaulding\AppData\Local\Akamai
2015-02-24 10:00 . 2015-02-24 10:00 -------- d-----w- c:\users\Spaulding\AppData\Roaming\ImperiaOnline
2015-02-24 09:49 . 2015-02-24 09:49 -------- d-----w- c:\program files (x86)\Autodesk
2015-02-23 19:38 . 2015-02-23 19:38 -------- d-----w- c:\users\Spaulding\AppData\Local\Steam
2015-02-15 22:24 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-15 22:24 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-15 22:24 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-15 22:24 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 07:59 . 2015-01-10 06:48 22016 ----a-w- c:\windows\system32\credssp.dll
2015-02-11 07:58 . 2015-01-15 08:09 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-02-11 07:57 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-01-29 19:06 . 2015-01-29 19:16 -------- d-----w- C:\AdwCleaner
2015-01-29 19:01 . 2015-01-29 19:01 -------- d-----w- c:\program files\WhoCrashed
2015-01-28 22:55 . 2015-01-28 22:55 615936 ----a-w- c:\windows\AutoKMS.exe
2015-01-28 21:12 . 2015-01-28 21:22 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-14 23:27 . 2012-02-26 17:47 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 11:50 . 2013-02-27 20:02 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 11:50 . 2011-10-11 12:20 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-22 23:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 14:47 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 14:47 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 14:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 14:47 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 14:47 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 14:47 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2015-02-18 2874048]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-10 3890208]
.
c:\users\Spaulding\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Odmenovac.appref-ms [2013-6-20 282]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ALFA plus - rýchle spustenie.lnk - c:\program files (x86)\KROS\ALFA plus\!System\ALFAplus.exe /StartUp [2014-3-12 3369272]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2008-9-10 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS;c:\windows\SYSNATIVE\Drivers\ANGELNT.SYS [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys;c:\windows\SYSNATIVE\SVKP.sys [x]
R2 Wisaroc;Wisaroc;c:\windows\Wisaroc.exe;c:\windows\Wisaroc.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 FirebirdServerKROS_20400;Firebird Server - KROS_20400;c:\program files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe;c:\program files (x86)\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 11:50]
.
2015-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
- c:\users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 13:08]
.
2015-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
- c:\users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 13:08]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 19:51]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 19:51]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
- c:\users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 22:04]
.
2015-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
- c:\users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-27 10:27 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-08-02 1831016]
"AutoKMS"="c:\windows\AutoKMS.exe" [2015-01-28 615936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://packardbell.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A2A5A9CB-A983-47C6-B619-60550FEF4735}\07C6163747B6F667: NameServer = 195.28.64.99,195.80.171.4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... nts/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-02-24 21:40:06
ComboFix-quarantined-files.txt 2015-02-24 20:40
ComboFix2.txt 2015-02-24 10:24
.
Pre-Run: 47 113 957 376 bytes free
Post-Run: 46 827 941 888 bytes free
.
- - End Of File - - 17B705AEE4A3C76A970E8E46B3F4FB26
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: náhle spomalenie systému a vyhodenie blue screenu

#11 Příspěvek od Roli »

jakkal píše:Zdravím,

ospravedlňujem sa, ale na pôvodnom software mi vypršala licencia a dorábal som diplomovku, tak to bolo také riešenie z núdze. Už som daný software odstránil z PC
Bezva, tak že pokračujem v úklidu :)


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\windows\AutoKMS.exe

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:

Obrázek

Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job

:commands
[purity]
[emptytemp]
[start explorer]
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
jakkal
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 01 čer 2008 11:37

Re: náhle spomalenie systému a vyhodenie blue screenu

#12 Příspěvek od jakkal »

Zravim,

posielam logy:
OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job moved successfully.
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

Combo

ComboFix 15-02-16.01 - Spaulding . 02. 2015 12:27:12.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.5996.4056 [GMT 1:00]
Running from: c:\users\Spaulding\Desktop\ComboFix.exe
Command switches used :: c:\users\Spaulding\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\AutoKMS.exe"
.
.
((((((((((((((((((((((((( Files Created from 2015-01-26 to 2015-02-26 )))))))))))))))))))))))))))))))
.
.
2015-02-26 11:35 . 2015-02-26 11:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2015-02-26 11:35 . 2015-02-26 11:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-25 19:46 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-25 19:46 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-25 19:46 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-25 19:46 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-24 11:07 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C759A984-9AE6-4DFE-A80D-F02B6512A1B1}\mpengine.dll
2015-02-24 10:01 . 2015-02-24 10:01 -------- d-----w- c:\users\Spaulding\AppData\Local\IsolatedStorage
2015-02-24 10:01 . 2015-02-24 10:04 -------- d-----w- c:\users\Spaulding\AppData\Local\Akamai
2015-02-24 10:00 . 2015-02-24 10:00 -------- d-----w- c:\users\Spaulding\AppData\Roaming\ImperiaOnline
2015-02-24 09:49 . 2015-02-24 09:49 -------- d-----w- c:\program files (x86)\Autodesk
2015-02-23 19:38 . 2015-02-23 19:38 -------- d-----w- c:\users\Spaulding\AppData\Local\Steam
2015-02-15 22:24 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-15 22:24 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-15 22:24 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-15 22:24 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-11 07:59 . 2015-01-10 06:48 22016 ----a-w- c:\windows\system32\credssp.dll
2015-02-11 07:58 . 2015-01-15 08:09 1461760 ----a-w- c:\windows\system32\lsasrv.dll
2015-02-11 07:57 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-01-29 19:06 . 2015-01-29 19:16 -------- d-----w- C:\AdwCleaner
2015-01-29 19:01 . 2015-01-29 19:01 -------- d-----w- c:\program files\WhoCrashed
2015-01-28 22:55 . 2015-01-28 22:55 615936 ----a-w- c:\windows\AutoKMS.exe
2015-01-28 21:12 . 2015-01-28 21:22 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-14 23:27 . 2012-02-26 17:47 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 11:50 . 2013-02-27 20:02 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 11:50 . 2011-10-11 12:20 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-22 23:41 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 03:06 . 2015-01-14 14:47 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 14:47 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-11 17:47 . 2015-01-14 14:47 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 04:17 . 2015-01-14 14:47 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-14 14:47 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-14 14:47 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-14 221184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-10 3890208]
.
c:\users\Spaulding\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Odmenovac.appref-ms [2013-6-20 282]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2008-9-10 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 Angelnt;Angelnt;c:\windows\System32\Drivers\ANGELNT.SYS;c:\windows\SYSNATIVE\Drivers\ANGELNT.SYS [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys;c:\windows\SYSNATIVE\SVKP.sys [x]
R2 Wisaroc;Wisaroc;c:\windows\Wisaroc.exe;c:\windows\Wisaroc.exe [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 11:50]
.
2015-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
- c:\users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 13:08]
.
2015-01-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
- c:\users\Spaulding\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 13:08]
.
2015-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 19:51]
.
2015-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-29 19:51]
.
2015-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001Core.job
- c:\users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 22:04]
.
2015-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2945635248-4128347931-1253345948-1001UA.job
- c:\users\Spaulding\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-22 22:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-27 10:27 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-01-15 15:59 776520 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Power Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2011-08-02 1831016]
"AutoKMS"="c:\windows\AutoKMS.exe" [2015-01-28 615936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://packardbell.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:8877;https=127.0.0.1:8877
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A2A5A9CB-A983-47C6-B619-60550FEF4735}\07C6163747B6F667: NameServer = 195.28.64.99,195.80.171.4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{FA77A43D-F6ED-4924-87B5-517C061388C6}\WeatherBugSetup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... nts/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/sma ... A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
Completion time: 2015-02-26 12:38:05
ComboFix-quarantined-files.txt 2015-02-26 11:38
ComboFix2.txt 2015-02-24 20:40
ComboFix3.txt 2015-02-24 10:24
.
Pre-Run: 46 906 179 584 bytes free
Post-Run: 46 620 004 352 bytes free
.
- - End Of File - - 2C9A2806476157120F73768FB94680AC
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: náhle spomalenie systému a vyhodenie blue screenu

#13 Příspěvek od Roli »

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Ještě jednou spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
c:\windows\AutoKMS.exe

:commands
[purity]
[emptytemp]
[start explorer]
klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
jakkal
Návštěvník
Návštěvník
Příspěvky: 67
Registrován: 01 čer 2008 11:37

Re: náhle spomalenie systému a vyhodenie blue screenu

#14 Příspěvek od jakkal »

Zdravím, tu je log:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\*.tmp not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
c:\windows\AutoKMS.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Spaulding
->Temp folder emptied: 4542 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 350852631 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2871 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 60659 bytes

Total Files Cleaned = 335,00 mb
Nahoru
Uživatelský avatar
Roli
VIP
VIP
Příspěvky: 13399
Registrován: 26 lis 2006 13:37
Bydliště: ČR

Re: náhle spomalenie systému a vyhodenie blue screenu

#15 Příspěvek od Roli »

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Pak dej vědět jak se PC chová.
| Rsit | Mbam | AVPTool | Cure It |

O víkendu odpočívám :all_coholic:
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“