notebook syna

Zpráva

tata22 · #1 Příspěvek od **tata22** » 13 črc 2015 17:03

Zdravím. Dcery NTB jsem s pomocí rádce vyčistil. Teď prosím o kontrolu i synova notebooku. Díky moc předem.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jan at 2015-07-13 17:59:55
Microsoft Windows 8.1
System drive C: has 705 GB (76%) free of 932 GB
Total RAM: 8122 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:00:03, on 13. 7. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Hry\Steam\Steam.exe
C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Hp\HP UT LEDM\bin\hppusg.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Hry\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files\trend micro\Jan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKCU\..\Run: [Pokki] "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Steam] "C:\Hry\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: ISCTSystray.lnk = C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @oem27.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: @oem25.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Smart Connect Technology Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13743 bytes

======Listing Processes======

wininit.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\igfxCUIService.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Hpservice.exe
"C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe 1087890853088
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Windows\System32\svchost.exe -k utcsvc
dashost.exe {3d13e18e-74e5-46c1-85c0ac798498f4fa}
"C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe"
C:\Windows\system32\HPSIsvc.exe
"C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
"C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe"
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss 7b45d4be-6a13-474c-85c2-f4a3ae467164 1
C:\Windows\system32\valWBFPolicyService.exe
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
taskhost.exe $(Arg0)
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-06f3bf75-455a-4b93-b989-8a3659d403c4 -SystemEventPortName:HostProcess-c75f1549-d501-4877-8c89-e59182417c6d -IoCancelEventPortName:HostProcess-0e161157-2787-46ad-b8ed-1f71dc92b9c2 -NonStateChangingEventPortName:HostProcess-564ec5c3-f787-4cbf-bd86-b5da9008162e -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:b6df67ae-9efb-41ba-8aaa-13e362f2262a -DeviceGroupId:

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\System32\WinLogon.exe -SpecialSession
-hiberboot
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPSP
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
"C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe" /hideui
taskhostex.exe
\??\C:\Windows\system32\conhost.exe 0x4
C:\Windows\Explorer.EXE
igfxHK.exe
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Windows\system32\igfxEM.exe" -Embedding
ClassicStartMenu.exe -startup
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe"
"C:\Program Files\Hewlett-Packard\SimplePass\opbhobroker.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
"C:\Users\Jan\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
"C:\Windows\system32\GWX\GWX.exe"
"C:\Hry\Steam\Steam.exe" -silent
"C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" /FORCE
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files (x86)\Hp\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
"C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"C:\Hry\Steam\bin\steamwebhelper.exe" -cefhost -cachedir "C:\Users\Jan\AppData\Local\Steam\htmlcache" -steampid 16652 -buildid 1433441724 -steamid "0" --disable-gpu-compositing --disable-gpu --enable-threaded-compositing --disable-pinch-virtual-viewport --process-per-tab --disable-spell-checking --enable-direct-write
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" /byrunkey
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-56564319-2427043407-375557301-1001104_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-56564319-2427043407-375557301-1001104 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
taskeng.exe {E01E8A41-DA87-44DA-BEE3-9863165137C8}
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\CCleaner\CCleaner64.exe" /monitor
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe106_ Global\UsGthrCtrlFltPipeMssGthrPipe106 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 572 576 584 65536 580
"C:\Users\Jan\Desktop\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\HPCeeScheduleForJan.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForJan (null)

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09 810176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-07 662672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28 303416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-04-09 487616]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09 688320]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-07 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
Evernote extension - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04 583520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}]
HP Network Check Helper - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28 286520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-04-09 444096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09 810176]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09 688320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2015-05-08 7642328]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-03-28 2198872]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-03-28 1225920]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-03-13 2811120]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2015-04-09 163520]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pokki"=C:\Users\Jan\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe [2015-05-23 10566656]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner64.exe [2015-06-01 8358680]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-03-25 31682144]
"Steam"=C:\Hry\Steam\steam.exe [2015-06-04 2892992]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2015-02-27 5583120]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-05-11 5515496]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"IJNetworkScannerSelectorEX"=C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [2011-01-15 452016]
""= []
"HPUsageTrackingLEDM"=C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [2009-08-04 30264]
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2014-08-01 49976]
"AccelerometerSysTrayApplet"=C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [2014-04-01 126240]
"HPMessageService"=C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [2015-02-17 654088]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ISCTSystray.lnk - C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-07-13 17:59:56 ----D---- C:\Program Files\trend micro
2015-07-13 17:59:55 ----D---- C:\rsit
2015-07-13 17:55:53 ----D---- C:\Windows\LastGood
2015-07-13 17:54:47 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2015-07-13 17:54:47 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2015-07-13 17:54:47 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2015-07-13 17:54:47 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2015-07-13 17:54:47 ----A---- C:\Windows\SYSWOW64\NvIFROpenGL.dll
2015-07-13 17:54:47 ----A---- C:\Windows\SYSWOW64\NvIFR.dll
2015-07-13 17:54:47 ----A---- C:\Windows\SYSWOW64\NvFBC.dll
2015-07-13 17:54:47 ----A---- C:\Windows\SYSWOW64\nvEncodeAPI.dll
2015-07-13 17:54:47 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2015-07-13 17:54:47 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2015-07-13 17:54:47 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\nvwgf2umx.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\nvopencl.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\nvoglv64.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\nvinitx.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\NvIFROpenGL.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\NvIFR64.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\NvFBC64.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\nvEncodeAPI64.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\nvdispgenco6435330.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\nvdispco6435330.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\nvd3dumx.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\nvcuvid.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\nvcuda.dll
2015-07-13 17:54:47 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2015-07-13 17:54:46 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2015-07-13 17:54:46 ----A---- C:\Windows\system32\nvcompiler.dll
2015-06-28 19:54:51 ----A---- C:\Windows\SYSWOW64\CmdLineExt03.dll
2015-06-21 17:08:28 ----D---- C:\Program Files\DAEMON Tools Lite
2015-06-21 16:53:01 ----D---- C:\ProgramData\boost_interprocess
2015-06-21 16:52:46 ----A---- C:\Windows\system32\nvdispgenco6435306.dll
2015-06-21 16:52:46 ----A---- C:\Windows\system32\nvdispco6435306.dll
2015-06-20 22:53:25 ----D---- C:\Users\Jan\AppData\Roaming\Opera Software
2015-06-20 22:52:33 ----D---- C:\Program Files (x86)\Opera
2015-06-20 22:51:49 ----D---- C:\Program Files (x86)\Disc Soft
2015-06-17 23:00:52 ----D---- C:\Program Files (x86)\Rockstar Games
2015-06-17 23:00:45 ----D---- C:\Program Files\Rockstar Games

======List of files/folders modified in the last 1 month======

2015-07-13 18:00:04 ----D---- C:\Windows\system32\sru
2015-07-13 17:59:56 ----RD---- C:\Program Files
2015-07-13 17:57:42 ----D---- C:\Windows\Temp
2015-07-13 17:57:42 ----D---- C:\Windows\debug
2015-07-13 17:57:42 ----D---- C:\Windows
2015-07-13 17:57:24 ----D---- C:\Windows\Prefetch
2015-07-13 17:57:20 ----D---- C:\Program Files\CCleaner
2015-07-13 17:57:00 ----D---- C:\Users\Jan\AppData\Roaming\Skype
2015-07-13 17:56:50 ----D---- C:\ProgramData\NVIDIA Corporation
2015-07-13 17:56:45 ----D---- C:\ProgramData\NVIDIA
2015-07-13 17:56:12 ----RD---- C:\Windows\System32
2015-07-13 17:56:12 ----D---- C:\Windows\SysWOW64
2015-07-13 17:55:54 ----D---- C:\Windows\system32\drivers
2015-07-13 17:55:48 ----D---- C:\Windows\Inf
2015-07-13 17:55:45 ----D---- C:\Windows\system32\DriverStore
2015-07-11 13:11:40 ----D---- C:\Windows\Microsoft.NET
2015-07-11 13:05:34 ----HD---- C:\Program Files\WindowsApps
2015-07-11 12:27:23 ----D---- C:\Users\Jan\AppData\Roaming\vlc
2015-07-11 11:49:04 ----D---- C:\Windows\system32\config
2015-07-10 17:48:38 ----D---- C:\Windows\AppReadiness
2015-07-10 16:54:24 ----RSD---- C:\Windows\assembly
2015-07-10 16:48:43 ----D---- C:\Windows\Tasks
2015-07-10 16:48:43 ----D---- C:\Windows\system32\Tasks
2015-07-09 20:49:55 ----D---- C:\Windows\CbsTemp
2015-07-09 20:49:54 ----D---- C:\Windows\WinSxS
2015-07-08 21:44:35 ----SHD---- C:\System Volume Information
2015-07-08 21:44:18 ----D---- C:\Hry
2015-07-06 23:24:13 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2015-06-28 19:50:13 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-06-26 11:56:02 ----D---- C:\Windows\system32\catroot2
2015-06-25 18:41:28 ----D---- C:\Windows\system32\FxsTmp
2015-06-21 19:01:46 ----D---- C:\Users\Jan\AppData\Roaming\NVIDIA
2015-06-21 16:59:45 ----D---- C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
2015-06-21 16:59:42 ----D---- C:\Windows\Logs
2015-06-21 16:58:44 ----SHD---- C:\Windows\Installer
2015-06-21 16:53:01 ----HD---- C:\ProgramData
2015-06-20 23:03:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-06-20 22:54:24 ----RD---- C:\Program Files (x86)
2015-06-20 22:51:49 ----D---- C:\Users\Jan\AppData\Roaming\RHEng
2015-06-18 16:16:36 ----D---- C:\Windows\system32\NDF
2015-06-17 11:10:27 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2015-06-17 11:10:27 ----A---- C:\Windows\system32\nvapi64.dll
2015-06-17 08:48:17 ----A---- C:\Windows\system32\nvvsvc.exe
2015-06-17 08:48:16 ----A---- C:\Windows\system32\nvsvcr.dll
2015-06-17 08:48:16 ----A---- C:\Windows\system32\nvshext.dll
2015-06-17 08:48:16 ----A---- C:\Windows\system32\nvmctray.dll
2015-06-17 08:48:16 ----A---- C:\Windows\system32\nv3dappshextr.dll
2015-06-17 08:48:16 ----A---- C:\Windows\system32\nv3dappshext.dll
2015-06-17 08:48:15 ----A---- C:\Windows\system32\nvsvc64.dll
2015-06-17 08:48:15 ----A---- C:\Windows\system32\nvcpl.dll
2015-06-14 20:43:44 ----D---- C:\Users\Jan\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-05-07 65736]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-05-07 272248]
R0 hpdskflt;@oem25.inf,%service_desc%;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2013-07-23 30520]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-11-08 632168]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-05-07 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-05-07 1047320]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-06-27 442264]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-05-07 29168]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-05-07 89944]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-05-07 137288]
R3 Accelerometer;@oem25.inf,%accelerometer_desc%;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2013-07-23 43320]
R3 bcbtums;@oem27.inf,%BCBTUMS.SvcDesc%;Bluetooth RAM Firmware Download USB Filter; C:\Windows\system32\drivers\bcbtums.sys [2013-11-13 170712]
R3 BCM43XX;@oem37.inf,%BCM43XX_Service_DispName%;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl63a.sys [2014-08-07 7532760]
R3 BthEnum;@bth.inf,%BthEnum.SVCDESC%;Služba Bluetooth Enumerator; C:\Windows\System32\drivers\BthEnum.sys [2014-10-29 53248]
R3 BthLEEnum;@bthleenum.inf,%BthLEEnum.SVCDESC%;Ovladač úspory energie technologie Bluetooth; C:\Windows\system32\DRIVERS\BthLEEnum.sys [2014-03-18 226304]
R3 BthPan;@bthpan.inf,%BthPan.DisplayName%;Bluetooth Device (Personal Area Network); C:\Windows\System32\drivers\bthpan.sys [2014-07-24 118272]
R3 BTHUSB;@bth.inf,%BTHUSB.SvcDesc%;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2014-10-29 81920]
R3 clwvd;@oem30.inf,%clwvd.DeviceDesc%;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2014-01-28 41704]
R3 dtlitescsibus;@oem42.inf,%DTLITESCSIBUS.DeviceDesc%;DAEMON Tools Lite Virtual SCSI Bus; C:\Windows\System32\drivers\dtlitescsibus.sys [2015-05-08 30352]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2015-05-08 3789824]
R3 ikbevent;Intel Upper keyboard Class Filter Driver; C:\Windows\system32\DRIVERS\ikbevent.sys [2013-08-13 21408]
R3 imsevent;Intel Upper Mouse Class Filter Driver; C:\Windows\system32\DRIVERS\imsevent.sys [2013-08-13 21920]
R3 INETMON;INETMON; \??\C:\Windows\System32\Drivers\INETMON.sys [2013-08-13 29088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2015-05-08 4237400]
R3 ISCT;@oem7.inf,%ISCT.DeviceDesc%;Intel(R) Smart Connect Technology Device Driver; C:\Windows\System32\drivers\ISCTD64.sys [2013-08-13 46568]
R3 iwdbus;@oem18.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2014-03-26 27032]
R3 MEIx64;@oem6.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-12-10 100312]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2015-06-17 11011216]
R3 nvvad_WaveExtensible;@oem21.inf,%nvvad_WaveExtensible.SvcDesc%;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-28 40392]
R3 RFCOMM;@tdibth.inf,%RFCOMM.DisplayName%;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\System32\drivers\rfcomm.sys [2015-01-30 167424]
R3 RTL8168;@oem41.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x64.sys [2015-05-08 871640]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-03-13 31472]
R3 SynTP;@oem5.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2014-03-13 541424]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2014-06-21 212736]
S3 BTHPORT;@bth.inf,%BTHPORT.SvcDesc%;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2014-10-29 1198080]
S3 btwampfl;@oem27.inf,%btwampfl.ServiceName%;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2014-02-03 166616]
S3 BtwSerialBus;@oem28.inf,%Bus.SVCDESC%;Broadcom Serial Bus Driver over UART Bus Enumerator; C:\Windows\System32\drivers\BtwSerialBus.sys [2013-09-09 150744]
S3 dg_ssudbus;@oem47.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 intaud_WaveExtensible;@oem17.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2014-03-26 38296]
S3 IntcDAud;@oem40.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2015-05-08 450520]
S3 mvusbews;@oem46.inf,%mvusbews.SvcDesc%;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2012-12-24 20480]
S3 RSUSBSTOR;@oem8.inf,%RSUSBSTOR.SvcDesc%;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2014-01-03 271064]
S3 RSUSBVSTOR;@oem9.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2014-01-03 331992]
S3 SmbDrv;SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [2014-03-13 30448]
S3 ssudmdm;@oem48.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\Windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]
S3 usbscan;@sti.inf,%usbscan.SvcDesc%;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2014-10-29 44544]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2014-10-29 38792]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-05-07 343336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 462184]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2014-10-29 38792]
R2 HP LaserJet Service;HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-06-24 136704]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2015-05-19 99128]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2012-09-27 126880]
R2 hpsrv;@oem25.inf,%hpservice_desc%;HP Service; C:\Windows\system32\Hpservice.exe [2013-07-23 43320]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840]
R2 HPWMISVC;HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [2015-02-17 608520]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-08 15720]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\Windows\system32\igfxCUIService.exe [2015-05-08 315376]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-08-27 747520]
R2 Intel(R) ME Service;Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-12-10 131544]
R2 ISCTAgent;Intel(R) Smart Connect Technology Agent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2013-12-04 200168]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-12-10 169432]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-12-10 390616]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-03-28 1615192]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-03-28 20539168]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2015-06-17 937616]
R2 omniserv; HP SimplePass Service; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [2015-01-30 103424]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2015-05-08 292568]
R2 SynTPEnhService;SynTPEnh Caller Service; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2014-03-13 190704]
R2 valWBFPolicyService;Validity WBF Policy Service; C:\Windows\system32\valWBFPolicyService.exe [2013-08-01 32768]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [2015-02-27 1272592]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2014-03-18 43696]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2013-11-01 1129760]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2015-06-04 837312]
S2 BcmBtRSupport;@oem27.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service; C:\Windows\system32\BtwRSupportService.exe [2013-11-13 2251992]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09 268976]
S3 aspnet_state;@%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2014-04-16 50864]
S3 BthHFSrv;@%SystemRoot%\System32\BthHFSrv.dll,-103; C:\Windows\System32\svchost.exe [2014-10-29 38792]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2015-05-08 279024]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-08-27 828376]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 14 črc 2015 09:25

Zdravim

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner [S?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

tata22 · #3 Příspěvek od **tata22** » 14 črc 2015 17:26

# AdwCleaner v4.208 - Log vytvořen 14/07/2015 v 18:22:04
# Aktualizováno 09/07/2015 by Xplode
# Databáze : 2015-07-11.1 [Server]
# Operační system : Windows 8.1 (x64)
# Uživatelské jméno : Jan - FLANAGAN
# Spuštěno z : C:\Users\Jan\Desktop\adwcleaner_4.208.exe
# Nastavení : Čištění

***** [ Služby ] *****

***** [ Soubory / Složky ] *****

Složka Smazáno : C:\Users\Jan\AppData\Local\pokki
Složka Smazáno : C:\Users\Jan\AppData\Roaming\RHEng

***** [ Naplánované úlohy ] *****

***** [ Zástupci ] *****

***** [ Registry ] *****

Klíč Smazáno : HKCU\Software\Classes\pokki
Hodnota Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Pokki]
Klíč Smazáno : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Klíč Smazáno : HKCU\Software\Classes\Directory\shell\pokki
Klíč Smazáno : HKCU\Software\Classes\Drive\shell\pokki
Klíč Smazáno : HKCU\Software\Classes\lnkfile\shell\pokki
Klíč Smazáno : HKLM\SOFTWARE\Classes\pc-mechanic
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
Klíč Smazáno : HKCU\Software\Pokki
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
Klíč Smazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0405-0000-0000000FF1CE}

***** [ Prohlížeče ] *****

-\\ Internet Explorer v11.0.9600.17840

*************************

AdwCleaner[R0].txt - [1680 bytů] - [14/07/2015 18:20:20]
AdwCleaner[S0].txt - [1458 bytů] - [14/07/2015 18:22:04]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1516 bytů] ##########

#4 Příspěvek od **Márty84** » 14 črc 2015 18:42

Fajn, tak jeste ten MBAM a podle vysledku se zaridime dale

tata22 · #5 Příspěvek od **tata22** » 14 črc 2015 19:02

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 14. 7. 2015
Čas skenování: 18:30
Protokol: scan Malware.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.07.14.04
Databáze rootkitů: v2015.07.14.01
Licence: Zkušební verze
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Ochrana programu: Vypnuto

OS: Windows 8.1
CPU: x64
Souborový systém: NTFS
Uživatel: Jan

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 610750
Uplynulý čas: 1 hod, 21 min, 29 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#6 Příspěvek od **Márty84** » 14 črc 2015 19:05

MBAM muzete odinstalovat.

Je s tim pc nejaky konkretni problem, nebo jde ciste jen o prevenci?

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

tata22 · #7 Příspěvek od **tata22** » 14 črc 2015 19:19

Problém žádný není, děkuji

tata22 · #8 Příspěvek od **tata22** » 14 črc 2015 19:28

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Jan (administrator) on FLANAGAN on 14-07-2015 20:24:50
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan (Available Profiles: Jan)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(HP) C:\Program Files (x86)\Hp\HPLaserJetService\HPLaserJetService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(forum.viry.cz) C:\Users\Jan\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2015-05-08] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2198872 2014-03-28] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2811120 2014-03-13] (Synaptics Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49976 2014-08-01] (Hewlett-Packard)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [Steam] => C:\Hry\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\MountPoints2: {b49dcfad-f64a-11e4-8265-38b1dbeb8b3c} - "G:\AutoRun.exe"
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\MountPoints2: {f3f62597-f737-11e4-8266-38b1dbeb8b3c} - "F:\SISetup.exe"
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\MountPoints2: {f976fdbc-1072-11e5-8279-38b1dbeb8b3c} - "F:\setup.exe" /autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-08-05]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-07] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-56564319-2427043407-375557301-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {18673761-17B0-41C6-8A72-01F09BCF239B} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKLM-x32 -> {18673761-17B0-41C6-8A72-01F09BCF239B} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-56564319-2427043407-375557301-1001 -> {18673761-17B0-41C6-8A72-01F09BCF239B} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... earchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-07] (Avast Software s.r.o.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-04-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-07] (Avast Software s.r.o.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6587545E-51EC-40D8-A316-EF0CF78E848E}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A85BE442-0DEB-4681-A03F-5B1B6AD4644D}: [DhcpNameServer] 195.113.0.2 195.113.44.11

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-07]
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2015-05-12]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: HP SimplePass - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2015-05-08]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-07]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-07] (Avast Software s.r.o.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2013-11-13] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2015-05-08] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-03-28] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20539168 2014-03-28] (NVIDIA Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [103424 2015-01-30] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2015-05-08] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [190704 2014-03-13] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [32768 2013-08-01] (Validity Sensors, Inc.) [File not signed]
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-07-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-07] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-07] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-07] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-07] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-07] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-07] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-11-13] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7532760 2014-08-07] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S3 BtwSerialBus; C:\Windows\System32\drivers\BtwSerialBus.sys [150744 2013-09-09] (Broadcom Corporation.)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30352 2015-05-08] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [40392 2014-03-28] (NVIDIA Corporation)
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [466136 2014-01-15] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-03-13] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-03-13] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 20:24 - 2015-07-14 20:25 - 00021362 _____ C:\Users\Jan\Desktop\FRST.txt
2015-07-14 20:23 - 2015-07-14 20:24 - 00000000 ____D C:\FRST
2015-07-14 20:22 - 2015-07-14 20:22 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Desktop\FRSTLauncher.exe
2015-07-14 20:21 - 2015-07-14 20:21 - 02133504 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2015-07-14 20:00 - 2015-07-14 20:00 - 00001151 _____ C:\Users\Jan\Desktop\scan Malware.txt
2015-07-14 18:27 - 2015-07-14 18:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-14 18:20 - 2015-07-14 18:22 - 00000000 ____D C:\AdwCleaner
2015-07-14 18:17 - 2015-07-14 18:17 - 02248704 _____ C:\Users\Jan\Desktop\adwcleaner_4.208.exe
2015-07-13 21:03 - 2015-07-14 18:23 - 00001277 _____ C:\Windows\setupact.log
2015-07-13 21:03 - 2015-07-13 21:03 - 00000000 _____ C:\Windows\setuperr.log
2015-07-13 17:59 - 2015-07-13 18:00 - 00000000 ____D C:\rsit
2015-07-13 17:59 - 2015-07-13 18:00 - 00000000 ____D C:\Program Files\trend micro
2015-07-13 17:59 - 2015-07-13 17:59 - 01222144 _____ C:\Users\Jan\Desktop\RSITx64.exe
2015-07-13 17:55 - 2015-07-13 17:56 - 00000000 ____D C:\Windows\LastGood.Tmp
2015-07-13 17:54 - 2015-06-17 11:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 17724600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 15224784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 12855416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-13 17:54 - 2015-06-17 11:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 00408392 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 00407296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-13 17:54 - 2015-06-17 11:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-08 21:51 - 2015-07-08 21:51 - 00003064 _____ C:\Windows\System32\Tasks\{A2547085-B759-4189-87A8-46FC2EE872CE}
2015-07-08 21:50 - 2015-07-08 21:50 - 00000969 _____ C:\Users\Jan\Desktop\Mafia.lnk
2015-07-08 21:44 - 2015-07-08 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mafia
2015-07-08 21:42 - 2015-07-08 21:43 - 00000000 ____D C:\Users\Jan\Desktop\Mafia-1-CZ-Plna-verze
2015-06-28 19:57 - 2015-06-28 19:57 - 00001028 _____ C:\Users\Jan\Desktop\Locomotion.lnk
2015-06-28 19:56 - 2015-06-28 19:56 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Locomotion
2015-06-28 19:54 - 2015-06-28 19:54 - 00043520 _____ C:\Windows\SysWOW64\CmdLineExt03.dll
2015-06-28 19:53 - 2015-06-28 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Locomotion
2015-06-28 17:43 - 2015-06-28 17:43 - 00003100 _____ C:\Windows\System32\Tasks\{006DC39B-A2D4-4B3B-BCC6-71BB278C4622}
2015-06-21 20:13 - 2015-06-21 20:13 - 00000303 _____ C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Domácí skupina.lnk
2015-06-21 19:01 - 2015-06-21 19:01 - 00000675 _____ C:\Users\Jan\Desktop\Mafia II.lnk
2015-06-21 19:01 - 2015-06-21 19:01 - 00000000 ____D C:\Users\Jan\AppData\Local\2K Games
2015-06-21 17:08 - 2015-06-21 17:09 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-06-21 17:08 - 2015-06-21 17:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-06-21 16:53 - 2015-07-13 17:54 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-06-21 16:52 - 2015-05-28 09:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-21 16:52 - 2015-05-28 09:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-20 22:53 - 2015-06-20 22:54 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Opera Software
2015-06-20 22:53 - 2015-06-20 22:54 - 00000000 ____D C:\Users\Jan\AppData\Local\Opera Software
2015-06-20 22:52 - 2015-06-20 22:54 - 00000000 ____D C:\Program Files (x86)\Opera
2015-06-20 22:51 - 2015-06-20 22:51 - 00000000 ____D C:\Program Files (x86)\Disc Soft
2015-06-18 22:50 - 2015-06-18 22:50 - 00000910 _____ C:\Users\Jan\Desktop\Dokumenty.lnk
2015-06-18 22:49 - 2015-06-18 22:49 - 00000706 _____ C:\Users\Jan\Desktop\OneDrive.lnk
2015-06-18 00:06 - 2015-06-18 00:06 - 00000000 ____D C:\Users\Jan\AppData\Local\A
2015-06-17 23:01 - 2015-06-17 23:01 - 00000000 ____D C:\Users\Jan\Documents\Rockstar Games
2015-06-17 23:01 - 2015-06-17 23:01 - 00000000 ____D C:\Users\Jan\AppData\Local\Rockstar Games
2015-06-17 23:00 - 2015-06-17 23:01 - 00000000 ____D C:\Program Files\Rockstar Games
2015-06-17 23:00 - 2015-06-17 23:01 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2015-06-17 22:56 - 2015-06-17 22:56 - 00001858 _____ C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2015-06-17 22:56 - 2015-06-17 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-14 20:25 - 2015-05-07 22:09 - 00003592 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-56564319-2427043407-375557301-1001
2015-07-14 20:02 - 2015-06-11 21:47 - 01650476 _____ C:\Windows\WindowsUpdate.log
2015-07-14 20:00 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\sru
2015-07-14 19:51 - 2015-05-08 22:11 - 00003802 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-14 19:51 - 2015-05-08 22:11 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-14 18:27 - 2015-05-07 22:08 - 00000000 ____D C:\Users\Jan\OneDrive
2015-07-14 18:25 - 2015-05-07 22:04 - 00000000 ____D C:\Users\Jan\Documents\Youcam
2015-07-14 18:24 - 2015-05-08 13:16 - 00000000 ____D C:\Users\Jan\AppData\Local\CrashDumps
2015-07-14 18:23 - 2015-05-08 08:27 - 00000342 _____ C:\Windows\Tasks\HPCeeScheduleForJan.job
2015-07-14 18:23 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-14 18:22 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-07-14 18:17 - 2015-05-07 22:11 - 00003962 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9B92D444-ADC9-4BDB-915A-F6973F09A29A}
2015-07-14 18:16 - 2014-05-09 23:52 - 00769430 _____ C:\Windows\system32\perfh005.dat
2015-07-14 18:16 - 2014-05-09 23:52 - 00167026 _____ C:\Windows\system32\perfc005.dat
2015-07-14 18:16 - 2014-03-18 11:53 - 01886526 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-14 18:14 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\AppReadiness
2015-07-13 21:05 - 2015-05-07 22:15 - 00000000 ____D C:\Users\Jan\AppData\Local\ClassicShell
2015-07-13 17:57 - 2015-05-22 19:11 - 00000000 ____D C:\Users\Jan\AppData\Roaming\Skype
2015-07-13 17:57 - 2015-05-08 08:29 - 00000000 ____D C:\Program Files\CCleaner
2015-07-13 17:56 - 2014-08-05 02:45 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-13 17:56 - 2014-08-05 02:45 - 00000000 ____D C:\ProgramData\NVIDIA
2015-07-11 12:27 - 2015-05-09 00:12 - 00000000 ____D C:\Users\Jan\AppData\Roaming\vlc
2015-07-10 16:48 - 2015-05-08 08:27 - 00003152 _____ C:\Windows\System32\Tasks\HPCeeScheduleForJan
2015-07-10 16:48 - 2015-05-08 08:07 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-07-09 20:49 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2015-07-08 21:44 - 2015-05-08 15:08 - 00000000 ____D C:\Hry
2015-07-08 20:56 - 2015-05-08 13:26 - 00000000 ____D C:\Users\Jan\Documents\Pošta
2015-07-06 23:24 - 2015-05-08 02:43 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-06 23:24 - 2015-05-08 02:43 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-28 19:50 - 2014-05-09 14:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-27 18:14 - 2015-05-07 22:27 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswsp.sys
2015-06-25 21:49 - 2015-05-09 00:12 - 00000000 ____D C:\Users\Jan\Documents\Škola
2015-06-25 18:41 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-21 19:01 - 2015-05-10 11:33 - 00000000 ____D C:\Users\Jan\AppData\Roaming\NVIDIA
2015-06-21 16:59 - 2015-05-08 21:30 - 00000000 ____D C:\Users\Jan\AppData\Roaming\DAEMON Tools Lite
2015-06-19 03:19 - 2015-05-07 22:01 - 00000000 ____D C:\Users\Jan
2015-06-19 01:13 - 2015-05-07 22:43 - 00000000 ____D C:\Users\Jan\Documents\Přírodovědecká fakulta
2015-06-18 22:49 - 2015-05-07 22:27 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-18 16:16 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\NDF
2015-06-17 11:10 - 2014-08-05 02:45 - 03395648 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-06-17 11:10 - 2014-08-05 02:45 - 02997544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-06-17 11:10 - 2014-08-05 02:45 - 00030966 _____ C:\Windows\system32\nvinfo.pb
2015-06-17 08:48 - 2014-08-05 02:45 - 06873232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-06-17 08:48 - 2014-08-05 02:45 - 03492168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-06-17 08:48 - 2014-08-05 02:45 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-06-17 08:48 - 2014-08-05 02:45 - 01059472 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-06-17 08:48 - 2014-08-05 02:45 - 00937616 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-06-17 08:48 - 2014-08-05 02:45 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-06-17 08:48 - 2014-08-05 02:45 - 00074896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-06-17 08:48 - 2014-08-05 02:45 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-06-16 12:59 - 2015-05-07 23:18 - 00747008 ___SH C:\Users\Jan\Desktop\Thumbs.db
2015-06-14 23:13 - 2015-05-08 14:35 - 00128704 _____ C:\Users\Jan\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-14 20:43 - 2015-05-09 00:12 - 00000000 ____D C:\Users\Jan\AppData\Roaming\dvdcss
2015-06-14 11:18 - 2015-05-08 13:26 - 00000000 ____D C:\Users\Jan\Documents\Charlie

==================== Files in the root of some directories =======

2015-05-22 20:12 - 2015-05-22 20:12 - 0003584 _____ () C:\Users\Jan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jan\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-10 16:54

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows) (Fixed) (Total:910.16 GB) (Free:689.68 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.33 GB) (Free:2.02 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Available physical RAM: 5540.75 MB
Total physical RAM: 8122.15 MB
Percentage of memory in use: 31%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: 662236EB)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\Jan\OneDrive:ms-properties

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jan\Desktop" je 1753 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

tata22 · #9 Příspěvek od **tata22** » 14 črc 2015 19:31

ještě zazipovaný adition..

#10 Příspěvek od **Márty84** » 14 črc 2015 19:43

tata22 píše:***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jan\Desktop" je 1753 MB.

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49976 2014-08-01] (Hewlett-Packard)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [Steam] => C:\Hry\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-56564319-2427043407-375557301-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {18673761-17B0-41C6-8A72-01F09BCF239B} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {18673761-17B0-41C6-8A72-01F09BCF239B} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-56564319-2427043407-375557301-1001 -> {18673761-17B0-41C6-8A72-01F09BCF239B} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}

R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]

2015-07-14 20:00 - 2015-07-14 20:00 - 00001151 _____ C:\Users\Jan\Desktop\scan Malware.txt
2015-07-14 18:27 - 2015-07-14 18:27 - 00000000 ____D C:\ProgramData\Malwarebytes

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

tata22 · #11 Příspěvek od **tata22** » 14 črc 2015 19:58

Fix result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Jan at 2015-07-14 20:51:42 Run:1
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan (Available Profiles: Jan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49976 2014-08-01] (Hewlett-Packard)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [Steam] => C:\Hry\Steam\steam.exe [2892992 2015-06-04] (Valve Corporation)
HKU\S-1-5-21-56564319-2427043407-375557301-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-56564319-2427043407-375557301-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {18673761-17B0-41C6-8A72-01F09BCF239B} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKLM-x32 -> {18673761-17B0-41C6-8A72-01F09BCF239B} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-56564319-2427043407-375557301-1001 -> {18673761-17B0-41C6-8A72-01F09BCF239B} URL = http://www.amazon.co.uk/s/ref=azs_osd_i ... -keywords={searchTerms}

R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-02-18 315488]

2015-07-14 20:00 - 2015-07-14 20:00 - 00001151 _____ C:\Users\Jan\Desktop\scan Malware.txt
2015-07-14 18:27 - 2015-07-14 18:27 - 00000000 ____D C:\ProgramData\Malwarebytes

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value removed successfully
HKU\S-1-5-21-56564319-2427043407-375557301-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
HKU\S-1-5-21-56564319-2427043407-375557301-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => value removed successfully
HKU\S-1-5-21-56564319-2427043407-375557301-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => value removed successfully
HKU\S-1-5-21-56564319-2427043407-375557301-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-56564319-2427043407-375557301-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18673761-17B0-41C6-8A72-01F09BCF239B}" => key removed successfully
HKCR\CLSID\{18673761-17B0-41C6-8A72-01F09BCF239B} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{18673761-17B0-41C6-8A72-01F09BCF239B}" => key removed successfully
HKCR\Wow6432Node\CLSID\{18673761-17B0-41C6-8A72-01F09BCF239B} => key not found.
"HKU\S-1-5-21-56564319-2427043407-375557301-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{18673761-17B0-41C6-8A72-01F09BCF239B}" => key removed successfully
HKCR\CLSID\{18673761-17B0-41C6-8A72-01F09BCF239B} => key not found.
MBAMSwissArmy => Unable to stop service.
MBAMSwissArmy => Service removed successfully
McAPExe => Service removed successfully
McMPFSvc => Service removed successfully
McNaiAnn => Service removed successfully
mfecore => Service removed successfully
MSK80Service => Service removed successfully
SkypeUpdate => Service removed successfully
C:\Users\Jan\Desktop\scan Malware.txt => moved successfully.
C:\ProgramData\Malwarebytes => moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 56.5 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 20:52:06 ====

#12 Příspěvek od **Márty84** » 15 črc 2015 03:35

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak to s pc vypada. Pokud vse pobezi jak ma, mame hotovo

tata22 · #13 Příspěvek od **tata22** » 15 črc 2015 16:22

Notebook vypadá velmi dobře a funguje rychle a spolehlivě. Děkuji velmi pěkně za pomoc

#14 Příspěvek od **Márty84** » 15 črc 2015 18:40

To jsem rad

Nemate zac!

Mejte se a treba zase nekdy

VIRY.CZ

notebook syna

notebook syna

Re: notebook syna

Re: notebook syna

Re: notebook syna

Re: notebook syna

Re: notebook syna

Re: notebook syna

Re: notebook syna

Re: notebook syna

Re: notebook syna

Re: notebook syna

Re: notebook syna

Re: notebook syna

Re: notebook syna