PC přestane přehrávat zvuk a spadne explorer

Zpráva

Terrsa · #1 Příspěvek od **Terrsa** » 19 úno 2016 22:51

Hezký večer, prosím o pomoc s problémem. Teď večer začal vypadávat zvuk a hned po něm explorer, nedaří se restart klasický - když jsem to nechala na restartu vyjel eplorer.exe a přehrávání zvuku s možností restart, ale restart visel v odhlašování. PC je přístupné všem doma a cokoliv mohlo být staženo.

Log:
Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-02-19 22:47:41
WIN_VISTA Service Pack 2
System drive C: has 427 GB (90%) free of 477 GB
Total RAM: 3542 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:48:17, on 19.2.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16748)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\DynamicUSBTool\DynamicUSB.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Users\Admin\Downloads\RSIT.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\trend micro\Admin.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
O3 - Toolbar: Vratné Peníze - {110C8480-EE32-4F39-9102-CA8502DE249E} - C:\Users\Admin\AppData\Local\VP_TOO~1.DLL
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [DynamicUSB] "C:\Program Files\DynamicUSBTool\DynamicUSB.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-21-1564728082-1205842579-2839393178-1000\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-21-1564728082-1205842579-2839393178-1000\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR (User '?')
O4 - HKUS\S-1-5-21-1564728082-1205842579-2839393178-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-1564728082-1205842579-2839393178-1000\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 8403 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-09 678656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED663}]
avast! Ad Blocker - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll [2013-02-18 1366720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{110C8480-EE32-4F39-9102-CA8502DE249E} - Vratné Peníze - C:\Users\Admin\AppData\Local\VP_TOO~1.DLL [2013-10-09 756736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2015-04-29 981688]
"picon"=C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [2008-07-19 773144]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-17 138008]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-17 171288]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-17 172824]
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2012-04-05 371864]
"DynamicUSB"=C:\Program Files\DynamicUSBTool\DynamicUSB.exe [2007-03-02 94208]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-02-15 7139768]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-07-08 1310720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2016-01-22 6819232]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2016-01-15 6628056]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13 1085656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-03 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-07 115440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-02-19 22:47:41 ----D---- C:\rsit
2016-02-19 22:47:41 ----D---- C:\Program Files\trend micro
2016-02-19 21:47:54 ----D---- C:\d790a25fdaf8d40bbffe497288a0c820
2016-02-10 03:26:36 ----A---- C:\Windows\system32\iasdatastore.dll
2016-02-10 03:26:35 ----A---- C:\Windows\system32\iashost.exe
2016-02-10 03:26:34 ----A---- C:\Windows\system32\sbeio.dll
2016-02-10 03:26:34 ----A---- C:\Windows\system32\iasads.dll
2016-02-10 03:26:33 ----A---- C:\Windows\system32\sdohlp.dll
2016-02-10 03:26:33 ----A---- C:\Windows\system32\psisdecd.dll
2016-02-10 03:26:33 ----A---- C:\Windows\system32\iasrecst.dll
2016-02-10 03:26:32 ----A---- C:\Windows\system32\sbe.dll
2016-02-10 03:26:32 ----A---- C:\Windows\system32\msorcl32.dll
2016-02-10 03:26:32 ----A---- C:\Windows\system32\EncDec.dll
2016-02-10 03:26:30 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-10 03:23:49 ----A---- C:\Windows\system32\advapi32.dll
2016-02-10 03:23:46 ----A---- C:\Windows\system32\rpcrt4.dll
2016-02-10 03:23:46 ----A---- C:\Windows\system32\ole32.dll
2016-02-10 03:23:46 ----A---- C:\Windows\system32\csrsrv.dll
2016-02-10 03:23:45 ----A---- C:\Windows\system32\smss.exe
2016-02-10 03:23:45 ----A---- C:\Windows\system32\ntdll.dll
2016-02-10 03:23:45 ----A---- C:\Windows\system32\kernel32.dll
2016-02-10 03:23:43 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-02-10 03:23:42 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-10 03:20:48 ----A---- C:\Windows\system32\win32k.sys
2016-02-10 03:06:15 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-10 03:01:08 ----A---- C:\Windows\system32\kerberos.dll
2016-02-09 22:50:48 ----A---- C:\Windows\system32\msfeedssync.exe
2016-02-09 22:50:47 ----A---- C:\Windows\system32\urlmon.dll
2016-02-09 22:50:47 ----A---- C:\Windows\system32\mshta.exe
2016-02-09 22:50:47 ----A---- C:\Windows\system32\msfeedsbs.dll
2016-02-09 22:50:47 ----A---- C:\Windows\system32\jsproxy.dll
2016-02-09 22:50:46 ----A---- C:\Windows\system32\vbscript.dll
2016-02-09 22:50:46 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\wininet.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\url.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\mshtmled.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\jscript.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\ieUnatt.exe
2016-02-09 22:50:44 ----A---- C:\Windows\system32\ieui.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\iertutil.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\dxtmsft.dll
2016-02-09 22:50:43 ----A---- C:\Windows\system32\ieframe.dll
2016-02-09 22:50:41 ----A---- C:\Windows\system32\dxtrans.dll
2016-02-09 22:50:39 ----A---- C:\Windows\system32\jscript9.dll
2016-02-09 22:50:38 ----A---- C:\Windows\system32\mshtml.dll
2016-02-09 02:37:08 ----A---- C:\Windows\system32\aswBoot.exe
2016-02-09 02:36:47 ----A---- C:\Windows\avastSS.scr

======List of files/folders modified in the last 1 month======

2016-02-19 22:48:15 ----D---- C:\Windows\Temp
2016-02-19 22:47:54 ----D---- C:\Windows
2016-02-19 22:45:55 ----A---- C:\Windows\system32\log.txt
2016-02-19 22:16:28 ----D---- C:\Program Files
2016-02-19 21:33:34 ----D---- C:\Windows\SoftwareDistribution
2016-02-19 21:32:11 ----D---- C:\Windows\inf
2016-02-19 21:01:57 ----D---- C:\Program Files\Google
2016-02-19 20:40:36 ----D---- C:\Windows\Prefetch
2016-02-16 22:22:52 ----SHD---- C:\System Volume Information
2016-02-15 21:05:23 ----D---- C:\Users\Admin\AppData\Roaming\MPC-HC
2016-02-14 11:02:53 ----D---- C:\CitrixUSBStore
2016-02-14 09:56:34 ----D---- C:\Windows\System32
2016-02-14 09:56:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-10 21:19:00 ----D---- C:\Windows\system32\drivers
2016-02-10 21:13:22 ----D---- C:\Windows\Debug
2016-02-10 04:06:58 ----D---- C:\Windows\rescache
2016-02-10 04:03:07 ----SHD---- C:\Windows\Installer
2016-02-10 04:03:07 ----SHD---- C:\Config.Msi
2016-02-10 03:59:43 ----D---- C:\Windows\Microsoft.NET
2016-02-10 03:58:59 ----D---- C:\Windows\Tasks
2016-02-10 03:57:22 ----RSD---- C:\Windows\assembly
2016-02-10 03:47:47 ----D---- C:\Program Files\Windows Collaboration
2016-02-10 03:47:46 ----D---- C:\Windows\system32\migration
2016-02-10 03:47:46 ----D---- C:\Windows\system32\cs-CZ
2016-02-10 03:47:46 ----D---- C:\Program Files\Windows Journal
2016-02-10 03:47:46 ----D---- C:\Program Files\Internet Explorer
2016-02-10 03:27:39 ----D---- C:\Windows\winsxs
2016-02-10 03:27:34 ----D---- C:\Windows\system32\catroot
2016-02-10 03:27:33 ----D---- C:\Windows\system32\catroot2
2016-02-10 03:17:42 ----D---- C:\Windows\system32\MRT
2016-02-10 03:13:27 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-02-10 03:07:15 ----A---- C:\Windows\system32\mrt.exe
2016-02-09 22:11:59 ----D---- C:\Windows\system32\Tasks
2016-02-09 03:35:34 ----D---- C:\Windows\Minidump
2016-02-07 00:09:55 ----D---- C:\Program Files\SUPERAntiSpyware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-09 58776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-10 221240]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2015-03-04 245096]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-02-09 35096]
R1 AswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2016-02-09 64272]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-02-09 812720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-09 447848]
R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2012-02-14 67960]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-09 32792]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-02-09 91168]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2015-03-04 95408]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-07-08 378880]
R3 aswStmXP;Avast StreamFilter Driver; C:\Windows\system32\drivers\aswStmXP.sys [2016-02-09 171608]
R3 aswTdi;aswTdi; C:\Windows\system32\drivers\aswTdi.sys [2016-02-09 67088]
R3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k6032.sys [2010-04-05 202408]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2008-07-19 40832]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-06-03 9036800]
R3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
R3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
R3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
R3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
R3 NAL;Nal Service ; \??\C:\Windows\system32\Drivers\iqvw32.sys [2010-02-03 30880]
R3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2013-01-11 15576]
R3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2013-01-11 10200]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
R4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-04-11 6656]
R4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2014-08-16 142648]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-05-28 90112]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-09 237096]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-09 107848]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2008-07-19 174616]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2015-04-30 22216]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-07-19 2054680]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10 269504]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe []
R3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-09 107848]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2015-04-30 284504]
R3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2014-04-11 772296]
R4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
R4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
R4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
R4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 19 úno 2016 23:41

Zdravim

Odinstalujte jeden z antiviru. Bezi tam Avast a MSE. Jeden musi ven.

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Terrsa · #3 Příspěvek od **Terrsa** » 20 úno 2016 09:58

CRYSTAl
----------------------------------------------------------------------------
CrystalDiskInfo 6.7.4 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows Vista Business SP2 [6.0 Build 6002] (x86)
Date : 2016/02/20 9:43:43

-- Controller Map ----------------------------------------------------------
+ PCI Standardní dvoukanálový řadič IDE [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Intel(R) ICH10 Family 4 port Serial ATA Storage Controller 1 - 3A00 [ATA]
+ ATA Channel 0 (0)
- ST3500418AS ATA Device
+ ATA Channel 1 (1)
- TSSTcorp CDDVDW TS-H653N ATA Device
+ Intel(R) ICH10 Family 2 port Serial ATA Storage Controller 2 - 3A06 [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
- Iniciátor iSCSI společnosti Microsoft [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST3500418AS : 500,1 GB [0/2/0, pd1] - st

----------------------------------------------------------------------------
(1) ST3500418AS
----------------------------------------------------------------------------
Model : ST3500418AS
Firmware : HP35
Serial Number : 9VMFERXB
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 4
Transfer Mode : ---- | SATA/300
Power On Hours : 22033 hod.
Power On Count : 18280 krát
Temperature : 33 C (91 F)
Health Status : Pozor
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 105 _99 __6 00000086DA70 Počet chyb čtení
03 _97 _97 __0 000000000000 Čas na roztočení ploten
04 _65 _65 _20 000000008ED8 Počet spuštění/zastavení
05 _99 _99 _36 000000000033 Počet přemapovaných sektorů
07 _86 _60 _30 000018906945 Počet chybných hledání
09 _75 _75 __0 000000005611 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _83 _83 _20 000000004768 Počet cyklů zapnutí zařízení
B4 100 100 __0 000058742235 Specifický pro výrobce
B7 100 100 __0 000000000000 Specifický pro výrobce
B8 100 100 _97 000000000000 Ukončovacích chyb
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000000 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _67 _58 _45 000021190021 Teplota toku vzduchu
C2 _33 _42 __0 001300000021 Teplota
C3 _41 _20 __0 00000086DA70 Počet oprav chybného čtení
C4 _99 _99 _36 000000000033 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 3956 4D46 4552 5842 2020 2020 2020 2020 2020 2020
020: 0000 8000 0004 4850 3335 2020 2020 5354 3335 3030
030: 3431 3841 5320 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0506 0000 0048 0048
080: 01F0 0029 306B 7C01 4163 3069 BC01 4163 203F 002A
090: 002A 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 0000 0000 5000 C500
110: 208C 9141 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 6030
130: 3A38 6030 3A38 2020 0002 0140 0100 5000 3C06 3C0A
140: 0000 0078 0000 0008 0000 0000 004F 0280 0000 0000
150: 0008 0000 0000 0000 0000 0000 0000 0000 3F00 9800
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 103F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 1010 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0080 0000 0000 0000 0000
240: 0000 0000 0000 1000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 31A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 2F 00 69 63 70 DA 86 00 00 00 00 03 23
010: 00 61 61 00 00 00 00 00 00 00 04 32 00 41 41 D8
020: 8E 00 00 00 00 00 05 33 00 63 63 33 00 00 00 00
030: 00 00 07 2F 00 56 3C 45 69 90 18 00 00 00 09 32
040: 00 4B 4B 11 56 00 00 00 00 00 0A 33 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 53 53 68 47 00 00 00
060: 00 00 B4 2B 00 64 64 35 22 74 58 00 00 00 B7 32
070: 00 64 64 00 00 00 00 00 00 00 B8 33 00 64 64 00
080: 00 00 00 00 00 00 BB 32 00 64 64 00 00 00 00 00
090: 00 00 BC 32 00 64 64 00 00 00 00 00 00 00 BD 3A
0A0: 00 64 64 00 00 00 00 00 00 00 BE 22 00 43 3A 21
0B0: 00 19 21 00 00 00 C2 22 00 21 2A 21 00 00 00 13
0C0: 00 00 C3 3A 00 29 14 70 DA 86 00 00 00 00 C4 32
0D0: 00 63 63 33 00 00 00 00 00 00 C5 32 00 64 64 00
0E0: 00 00 00 00 00 00 C6 30 00 64 64 00 00 00 00 00
0F0: 00 00 C7 32 00 C8 C8 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 82 00 58 02 00 5B
170: 03 00 01 00 02 57 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 74 17 00 00 00 03 03 03 03 03 03 03
190: 03 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 20 13 79 5C 2B 48 00 00
1B0: 00 00 00 00 01 00 BA 07 3C 76 1B F7 5F 6A 00 00
1C0: 97 77 65 00 78 5E 02 00 00 00 00 00 60 14 28 00
1D0: 01 00 00 00 00 00 00 00 D2 17 00 00 30 00 08 00
1E0: 00 00 00 00 E5 51 00 00 00 00 00 00 00 00 00 05
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4D

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 24 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B4 00 00 00 00 00 00 00 00 00 00 00 B7 00
070: 00 00 00 00 00 00 00 00 00 00 B8 61 00 00 00 00
080: 00 00 00 00 00 00 BB 00 00 00 00 00 00 00 00 00
090: 00 00 BC 00 00 00 00 00 00 00 00 00 00 00 BD 00
0A0: 00 00 00 00 00 00 00 00 00 00 BE 2D 00 00 00 00
0B0: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
0C0: 00 00 C3 00 00 00 00 00 00 00 00 00 00 00 C4 24
0D0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0E0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0F0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 99

# AdwCleaner v5.035 - Logfile created 20/02/2016 at 09:48:14
# Updated 18/02/2016 by Xplode
# Database : 2016-02-18.5 [Server]
# Operating system : Windows Vista (TM) Business Service Pack 2 (x86)
# Username : Admin - PC
# Running from : C:\Users\Admin\Desktop\adwcleaner_5.035.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\SafeSaver
[-] Folder Deleted : C:\ProgramData\StarApp
[-] Folder Deleted : C:\ProgramData\saFe syave
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\saFe syave

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\SProtector
[-] Key Deleted : HKLM\SOFTWARE\SP Global
[-] Key Deleted : HKLM\SOFTWARE\SProtector
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{924C3DC2-8E4E-432E-F973-9A2174A39774}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{924C3DC2-8E4E-432E-F973-9A2174A39774}

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1293 bytes] ##########

Bylo by možné se pak přihodit ještě ntb? Je tam staré xp a nejde jít na stránky- tday je pak mozilla - nebo udělat nové téma?

#4 Příspěvek od **Márty84** » 20 úno 2016 10:08

Disk na tom neni nejlepe, i to muze pusobit potize. Uvidime po docisteni.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Terrsa píše: Bylo by možné se pak přihodit ještě ntb? Je tam staré xp a nejde jít na stránky- tday je pak mozilla - nebo udělat nové téma?

Zalozte na nej nove tema, jinak v tom bude gulas

Pokud budete chtit, at na to kouknu ja, napiste do predmetu Pro Márty84. Jinak na to koukne ten z nas, kdo bude mit nejdrive cas

Terrsa · #5 Příspěvek od **Terrsa** » 20 úno 2016 11:22

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 20.2.2016
Čas skenování: 10:19:52
Protokol: MBAM.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2016.02.19.07
Databáze rootkitů: v2016.02.17.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: Admin

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 384122
Uplynulý čas: 54 min, 49 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 1
PUP.Optional.SilentInstall, C:\AdwCleaner\Quarantine\C\ProgramData\saFe syave\uninstall.exe.vir, , [ddb6065c118816208643c57850b1e51b],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#6 Příspěvek od **Márty84** » 20 úno 2016 12:15

Nalez neni potreba resit, uz je v karantene ADWCleaneru, takze MBAM muzete odinstalovat.

Dejte novy log z RSIT

a k tomu

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Terrsa · #7 Příspěvek od **Terrsa** » 20 úno 2016 13:19

Logfile of random's system information tool 1.10 (written by random/random)
Run by Admin at 2016-02-20 13:17:39
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 430 GB (90%) free of 477 GB
Total RAM: 3542 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:17:40, on 20.2.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16748)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\DynamicUSBTool\DynamicUSB.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Users\Admin\Desktop\FRSTLauncher.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\notepad.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser_crashreporter.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe
C:\Program Files\AVAST Software\Avast\AvastNM.exe
C:\Program Files\AVAST Software\Avast\AvastNM.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Program Files\AVAST Software\SZBrowser\1.48.2066.44\SZBrowser.exe
C:\Windows\system32\cmd.exe
C:\Program Files\AVAST Software\Avast\AvastNM.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Users\Admin\Desktop\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: avast! Ad Blocker - {FFCB3198-32F3-4E8B-9539-4324694ED663} - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll
O3 - Toolbar: Vratné Peníze - {110C8480-EE32-4F39-9102-CA8502DE249E} - C:\Users\Admin\AppData\Local\VP_TOO~1.DLL
O4 - HKLM\..\Run: [picon] "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [DynamicUSB] "C:\Program Files\DynamicUSBTool\DynamicUSB.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Unknown owner - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

--
End of file - 9534 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player PPAPI Notifier.job - C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe -check pepperplugin
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-09 678656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED663}]
avast! Ad Blocker - C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll [2013-02-18 1366720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{110C8480-EE32-4F39-9102-CA8502DE249E} - Vratné Peníze - C:\Users\Admin\AppData\Local\VP_TOO~1.DLL [2013-10-09 756736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"picon"=C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [2008-07-19 773144]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-06-17 138008]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-06-17 171288]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-06-17 172824]
"ConnectionCenter"=C:\Program Files\Citrix\ICA Client\concentr.exe [2012-04-05 371864]
"DynamicUSB"=C:\Program Files\DynamicUSBTool\DynamicUSB.exe [2007-03-02 94208]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2016-02-15 7139768]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-07-08 1310720]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2016-01-22 6819232]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2016-01-15 6628056]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13 1085656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-06-03 228864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-07 115440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"SoftwareSASGeneration"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2016-02-20 13:15:22 ----D---- C:\FRST
2016-02-20 12:38:05 ----D---- C:\rsit
2016-02-20 12:38:05 ----D---- C:\Program Files\trend micro
2016-02-20 10:17:21 ----D---- C:\ProgramData\Malwarebytes
2016-02-20 09:45:37 ----D---- C:\AdwCleaner
2016-02-20 09:31:11 ----D---- C:\ProgramData\WindowsSearch
2016-02-19 21:47:54 ----D---- C:\d790a25fdaf8d40bbffe497288a0c820
2016-02-10 03:26:36 ----A---- C:\Windows\system32\iasdatastore.dll
2016-02-10 03:26:35 ----A---- C:\Windows\system32\iashost.exe
2016-02-10 03:26:34 ----A---- C:\Windows\system32\sbeio.dll
2016-02-10 03:26:34 ----A---- C:\Windows\system32\iasads.dll
2016-02-10 03:26:33 ----A---- C:\Windows\system32\sdohlp.dll
2016-02-10 03:26:33 ----A---- C:\Windows\system32\psisdecd.dll
2016-02-10 03:26:33 ----A---- C:\Windows\system32\iasrecst.dll
2016-02-10 03:26:32 ----A---- C:\Windows\system32\sbe.dll
2016-02-10 03:26:32 ----A---- C:\Windows\system32\msorcl32.dll
2016-02-10 03:26:32 ----A---- C:\Windows\system32\EncDec.dll
2016-02-10 03:26:30 ----A---- C:\Windows\system32\mtxoci.dll
2016-02-10 03:23:49 ----A---- C:\Windows\system32\advapi32.dll
2016-02-10 03:23:46 ----A---- C:\Windows\system32\rpcrt4.dll
2016-02-10 03:23:46 ----A---- C:\Windows\system32\ole32.dll
2016-02-10 03:23:46 ----A---- C:\Windows\system32\csrsrv.dll
2016-02-10 03:23:45 ----A---- C:\Windows\system32\smss.exe
2016-02-10 03:23:45 ----A---- C:\Windows\system32\ntdll.dll
2016-02-10 03:23:45 ----A---- C:\Windows\system32\kernel32.dll
2016-02-10 03:23:43 ----A---- C:\Windows\system32\ntkrnlpa.exe
2016-02-10 03:23:42 ----A---- C:\Windows\system32\ntoskrnl.exe
2016-02-10 03:20:48 ----A---- C:\Windows\system32\win32k.sys
2016-02-10 03:06:15 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2016-02-10 03:01:08 ----A---- C:\Windows\system32\kerberos.dll
2016-02-09 22:50:48 ----A---- C:\Windows\system32\msfeedssync.exe
2016-02-09 22:50:47 ----A---- C:\Windows\system32\urlmon.dll
2016-02-09 22:50:47 ----A---- C:\Windows\system32\mshta.exe
2016-02-09 22:50:47 ----A---- C:\Windows\system32\msfeedsbs.dll
2016-02-09 22:50:47 ----A---- C:\Windows\system32\jsproxy.dll
2016-02-09 22:50:46 ----A---- C:\Windows\system32\vbscript.dll
2016-02-09 22:50:46 ----A---- C:\Windows\system32\msfeeds.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\wininet.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\url.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\mshtmled.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\jscript.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\ieUnatt.exe
2016-02-09 22:50:44 ----A---- C:\Windows\system32\ieui.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\iertutil.dll
2016-02-09 22:50:44 ----A---- C:\Windows\system32\dxtmsft.dll
2016-02-09 22:50:43 ----A---- C:\Windows\system32\ieframe.dll
2016-02-09 22:50:41 ----A---- C:\Windows\system32\dxtrans.dll
2016-02-09 22:50:39 ----A---- C:\Windows\system32\jscript9.dll
2016-02-09 22:50:38 ----A---- C:\Windows\system32\mshtml.dll
2016-02-09 02:37:08 ----A---- C:\Windows\system32\aswBoot.exe
2016-02-09 02:36:47 ----A---- C:\Windows\avastSS.scr

======List of files/folders modified in the last 1 month======

2016-02-20 13:15:26 ----D---- C:\Windows
2016-02-20 13:11:51 ----D---- C:\Windows\system32\catroot2
2016-02-20 13:10:20 ----A---- C:\Windows\system32\log.txt
2016-02-20 12:43:56 ----D---- C:\Windows\Prefetch
2016-02-20 12:38:05 ----D---- C:\Program Files
2016-02-20 12:37:29 ----D---- C:\Windows\system32\drivers
2016-02-20 10:17:21 ----HD---- C:\ProgramData
2016-02-20 10:05:28 ----D---- C:\Windows\Temp
2016-02-20 09:42:20 ----SHD---- C:\Windows\Installer
2016-02-20 09:42:19 ----SHD---- C:\Config.Msi
2016-02-20 09:23:01 ----D---- C:\Windows\inf
2016-02-20 03:03:29 ----SHD---- C:\System Volume Information
2016-02-19 21:33:34 ----D---- C:\Windows\SoftwareDistribution
2016-02-15 21:05:23 ----D---- C:\Users\Admin\AppData\Roaming\MPC-HC
2016-02-14 11:02:53 ----D---- C:\CitrixUSBStore
2016-02-14 09:56:34 ----D---- C:\Windows\System32
2016-02-14 09:56:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2016-02-10 21:13:22 ----D---- C:\Windows\Debug
2016-02-10 04:06:58 ----D---- C:\Windows\rescache
2016-02-10 03:59:43 ----D---- C:\Windows\Microsoft.NET
2016-02-10 03:58:59 ----D---- C:\Windows\Tasks
2016-02-10 03:57:22 ----RSD---- C:\Windows\assembly
2016-02-10 03:47:47 ----D---- C:\Program Files\Windows Collaboration
2016-02-10 03:47:46 ----D---- C:\Windows\system32\migration
2016-02-10 03:47:46 ----D---- C:\Windows\system32\cs-CZ
2016-02-10 03:47:46 ----D---- C:\Program Files\Windows Journal
2016-02-10 03:47:46 ----D---- C:\Program Files\Internet Explorer
2016-02-10 03:27:39 ----D---- C:\Windows\winsxs
2016-02-10 03:27:34 ----D---- C:\Windows\system32\catroot
2016-02-10 03:17:42 ----D---- C:\Windows\system32\MRT
2016-02-10 03:13:27 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2016-02-10 03:07:15 ----A---- C:\Windows\system32\mrt.exe
2016-02-09 22:11:59 ----D---- C:\Windows\system32\Tasks
2016-02-09 03:35:34 ----D---- C:\Windows\Minidump
2016-02-07 00:09:55 ----D---- C:\Program Files\SUPERAntiSpyware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2016-02-09 58776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2016-02-10 221240]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2016-02-09 35096]
R1 AswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2016-02-09 64272]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2016-02-09 812720]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2016-02-09 447848]
R1 ctxusbm;Citrix USB Monitor Driver; C:\Windows\system32\DRIVERS\ctxusbm.sys [2012-02-14 67960]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2016-02-09 32792]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2016-02-09 91168]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2008-07-08 378880]
R3 aswStmXP;Avast StreamFilter Driver; C:\Windows\system32\drivers\aswStmXP.sys [2016-02-09 171608]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\Windows\system32\DRIVERS\e1k6032.sys [2010-04-05 202408]
R3 HECI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2008-07-19 40832]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2011-06-03 9036800]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys []
S3 aswTdi;aswTdi; C:\Windows\system32\drivers\aswTdi.sys [2016-02-09 67088]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-21 220672]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NAL;Nal Service ; \??\C:\Windows\system32\Drivers\iqvw32.sys [2010-02-03 30880]
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [2013-01-11 15576]
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys [2013-01-11 10200]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-04-11 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2014-08-16 142648]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-05-28 90112]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-02-09 237096]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2008-07-19 174616]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2008-07-19 2054680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-09 107848]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10 269504]
S3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-09 107848]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2014-04-11 772296]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-02-2016
Ran by Admin (administrator) on PC (20-02-2016 13:15:54)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
(Intel Corporation) C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems) C:\Program Files\DynamicUSBTool\DynamicUSB.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [picon] => C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe [773144 2008-07-19] (Intel Corporation)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.)
HKLM\...\Run: [DynamicUSB] => C:\Program Files\DynamicUSBTool\DynamicUSB.exe [94208 2007-03-02] (Citrix Systems)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-15] (AVAST Software)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1310720 2008-07-08] (Analog Devices, Inc.)
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2016-01-22] (SUPERAntiSpyware)
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [879616 2008-01-21] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-02-09] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-21] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{B84252A1-09F0-4853-9BB6-498B39E874AE}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{BA395AC5-0A83-425B-9842-C317E1047E35}: [DhcpNameServer] 208.67.220.220 208.67.222.222

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
SearchScopes: HKU\S-1-5-21-1564728082-1205842579-2839393178-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1564728082-1205842579-2839393178-1000 -> {5F345FF3-9FDF-496E-9050-0F77954526BE} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_13415
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-09] (AVAST Software)
BHO: avast! Ad Blocker -> {FFCB3198-32F3-4E8B-9539-4324694ED663} -> C:\Program Files\AVAST Software\avast! Ad Blocker IE\Adblocker32.dll [2013-02-18] (AVAST Software)
Toolbar: HKLM - Vratné Peníze - {110C8480-EE32-4F39-9102-CA8502DE249E} - C:\Users\Admin\AppData\Local\VP_TOO~1.DLL [2013-10-09] ()
Toolbar: HKU\S-1-5-21-1564728082-1205842579-2839393178-1000 -> Vratné Peníze - {110C8480-EE32-4F39-9102-CA8502DE249E} - C:\Users\Admin\AppData\Local\VP_TOO~1.DLL [2013-10-09] ()
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2012-04-05] (Citrix Systems, Inc.)

FireFox:
========
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2012-04-05] (Citrix Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1564728082-1205842579-2839393178-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-04-07] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-09]

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-09]
CHR Extension: (Dokumenty Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-09]
CHR Extension: (Disk Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tabulky Google) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Avast Online Security) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (Black Metal) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\paobmpohikbdlchndhfddegebcjhngej [2015-07-22]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-09]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-08-16] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-09] (AVAST Software)
R2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2054680 2008-07-19] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [32792 2016-02-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-02-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [91168 2016-02-09] (AVAST Software)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-02-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [58776 2016-02-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [812720 2016-02-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447848 2016-02-09] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [171608 2016-02-09] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [67088 2016-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [221240 2016-02-10] (AVAST Software)
R3 e1kexpress; C:\Windows\System32\DRIVERS\e1k6032.sys [202408 2010-04-05] (Intel Corporation)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30880 2010-02-03] (Intel Corporation )
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [15576 2013-01-11] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [10200 2013-01-11] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-20 13:15 - 2016-02-20 13:16 - 00015272 _____ C:\Users\Admin\Desktop\FRST.txt
2016-02-20 13:15 - 2016-02-20 13:15 - 00000000 ____D C:\FRST
2016-02-20 13:14 - 2016-02-20 13:14 - 00112640 _____ (forum.viry.cz) C:\Users\Admin\Desktop\FRSTLauncher.exe
2016-02-20 12:45 - 2016-02-20 12:48 - 01722368 _____ (Farbar) C:\Users\Admin\Downloads\FRST (1).exe
2016-02-20 12:44 - 2016-02-20 12:48 - 01722368 _____ (Farbar) C:\Users\Admin\Desktop\FRST.exe
2016-02-20 12:38 - 2016-02-20 12:58 - 00000000 ____D C:\Program Files\trend micro
2016-02-20 12:38 - 2016-02-20 12:38 - 00000000 ____D C:\rsit
2016-02-20 10:17 - 2016-02-20 10:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-20 10:16 - 2016-02-20 10:16 - 22908888 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-20 09:45 - 2016-02-20 09:48 - 00000000 ____D C:\AdwCleaner
2016-02-20 09:43 - 2016-02-20 09:43 - 00000236 _____ C:\Users\Admin\Desktop\DiskInfo.ini
2016-02-20 09:43 - 2016-02-20 09:43 - 00000000 ____D C:\Users\Admin\Desktop\Smart
2016-02-20 09:43 - 2016-02-01 23:54 - 00000000 ____D C:\Users\Admin\Desktop\CdiResource
2016-02-20 09:43 - 2016-01-17 20:13 - 00000000 ____D C:\Users\Admin\Desktop\License
2016-02-20 09:42 - 2016-02-01 22:59 - 02746656 _____ (Crystal Dew World) C:\Users\Admin\Desktop\DiskInfo.exe
2016-02-20 09:31 - 2016-02-20 09:31 - 00000000 ____D C:\ProgramData\WindowsSearch
2016-02-20 09:24 - 2016-02-20 09:24 - 04657896 _____ C:\Users\Admin\Desktop\CrystalDiskInfo6_7_4.zip
2016-02-20 09:17 - 2016-02-20 09:17 - 01511424 _____ C:\Users\Admin\Desktop\adwcleaner_5.035.exe
2016-02-19 23:02 - 2016-02-19 23:02 - 00008794 _____ C:\Users\Admin\Desktop\info.txt
2016-02-19 22:47 - 2016-02-19 22:47 - 00223339 _____ C:\Users\Admin\Downloads\A9B1.tmp
2016-02-19 22:46 - 2016-02-19 22:47 - 01107968 _____ C:\Users\Admin\Desktop\RSIT.exe
2016-02-19 22:43 - 2016-02-19 22:43 - 01222144 _____ C:\Users\Admin\Downloads\4F9E.tmp
2016-02-19 22:41 - 2016-02-19 22:41 - 01222144 _____ C:\Users\Admin\Downloads\RSITx64.exe
2016-02-19 21:47 - 2016-02-19 21:48 - 00000000 ____D C:\d790a25fdaf8d40bbffe497288a0c820
2016-02-14 10:58 - 2016-02-14 10:58 - 09181737 _____ C:\Users\Admin\Downloads\Helloween - I want out.mp4
2016-02-10 03:26 - 2016-01-30 04:09 - 00429056 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-10 03:26 - 2016-01-30 04:09 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\sdohlp.dll
2016-02-10 03:26 - 2016-01-30 04:09 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2016-02-10 03:26 - 2016-01-30 04:09 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2016-02-10 03:26 - 2016-01-30 04:09 - 00217600 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2016-02-10 03:26 - 2016-01-30 04:09 - 00153088 _____ (Microsoft Corporation) C:\Windows\system32\sbeio.dll
2016-02-10 03:26 - 2016-01-30 04:08 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-02-10 03:26 - 2016-01-30 04:08 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\iasrecst.dll
2016-02-10 03:26 - 2016-01-30 04:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 03:26 - 2016-01-30 04:08 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MSNP.ax
2016-02-10 03:26 - 2016-01-30 04:08 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Mpeg2Data.ax
2016-02-10 03:26 - 2016-01-30 04:08 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\MSDvbNP.ax
2016-02-10 03:26 - 2016-01-30 04:08 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\iasads.dll
2016-02-10 03:26 - 2016-01-30 04:08 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\iasdatastore.dll
2016-02-10 03:26 - 2016-01-30 02:32 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\iashost.exe
2016-02-10 03:23 - 2016-02-01 18:21 - 01208776 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 03:23 - 2016-01-30 04:15 - 03609024 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-02-10 03:23 - 2016-01-30 04:15 - 03556800 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 03:23 - 2016-01-30 04:09 - 01316864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-10 03:23 - 2016-01-30 04:09 - 00783872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-10 03:23 - 2016-01-30 04:08 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-10 03:23 - 2016-01-30 04:07 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 03:23 - 2016-01-30 04:07 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-10 03:23 - 2016-01-30 02:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-10 03:20 - 2016-01-07 16:21 - 02068480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-02-10 03:06 - 2016-01-07 16:18 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 03:01 - 2016-01-09 18:06 - 00501760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-09 22:50 - 2016-01-25 05:59 - 01815552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-09 22:50 - 2016-01-25 05:57 - 12391424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-09 22:50 - 2016-01-25 05:55 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-09 22:50 - 2016-01-25 05:54 - 09753600 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-09 22:50 - 2016-01-25 05:54 - 01140224 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-09 22:50 - 2016-01-25 05:53 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-09 22:50 - 2016-01-25 05:52 - 01804800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-09 22:50 - 2016-01-25 05:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-09 22:50 - 2016-01-25 05:52 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-09 22:50 - 2016-01-25 05:52 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-09 22:50 - 2016-01-25 05:52 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-09 22:50 - 2016-01-25 05:52 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2016-02-09 22:50 - 2016-01-25 05:52 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-09 22:50 - 2016-01-25 05:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-09 22:50 - 2016-01-25 05:51 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-09 22:50 - 2016-01-25 05:51 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-09 22:50 - 2016-01-25 05:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-09 22:50 - 2016-01-25 05:51 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-09 22:50 - 2016-01-25 05:51 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-09 22:50 - 2016-01-25 05:51 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2016-02-09 22:50 - 2016-01-25 05:51 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2016-02-09 22:50 - 2016-01-25 05:51 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2016-02-09 02:37 - 2016-02-09 02:36 - 00334280 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-02-09 02:36 - 2016-02-09 02:36 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-28 01:49 - 2016-01-28 01:49 - 06828320 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup514.exe
2016-01-22 00:47 - 2016-01-22 00:48 - 06805440 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup513 (1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-20 13:12 - 2012-11-21 15:13 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-02-20 13:10 - 2015-06-09 00:22 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-20 13:10 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-20 13:10 - 2006-11-02 13:47 - 00008432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-20 13:10 - 2006-11-02 13:47 - 00008432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-20 13:03 - 2015-06-09 00:22 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-20 12:38 - 2015-12-19 00:05 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-02-20 10:05 - 2015-06-09 00:23 - 00001949 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-20 09:48 - 2006-11-02 14:01 - 00032602 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-20 09:42 - 2012-08-08 13:00 - 00001912 _____ C:\Windows\epplauncher.mif
2016-02-20 09:23 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-02-19 20:40 - 2013-08-07 19:22 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\Avast Ad Blocker
2016-02-15 21:05 - 2014-08-24 08:08 - 00000000 ____D C:\Users\Admin\AppData\Roaming\MPC-HC
2016-02-14 11:02 - 2013-05-03 12:40 - 00000000 ____D C:\CitrixUSBStore
2016-02-14 09:56 - 2009-04-14 00:32 - 01559658 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-14 09:56 - 2009-04-14 00:31 - 00658010 _____ C:\Windows\system32\perfh005.dat
2016-02-14 09:56 - 2009-04-14 00:31 - 00142128 _____ C:\Windows\system32\perfc005.dat
2016-02-10 20:36 - 2013-08-07 18:53 - 00221240 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-02-10 04:06 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2016-02-10 03:50 - 2006-11-02 13:47 - 00283128 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-10 03:47 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 03:47 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2016-02-10 03:17 - 2013-07-13 02:00 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 03:13 - 2012-11-21 15:13 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-02-10 03:13 - 2012-11-21 15:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-02-10 03:07 - 2006-11-02 11:24 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-02-09 03:35 - 2014-05-25 18:29 - 00000000 ____D C:\Windows\Minidump
2016-02-09 02:36 - 2015-07-24 23:02 - 00035096 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-02-09 02:36 - 2015-07-20 20:48 - 00171608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStmXP.sys
2016-02-09 02:36 - 2014-04-21 20:33 - 00032792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-02-09 02:36 - 2013-08-07 18:53 - 00812720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-02-09 02:36 - 2013-08-07 18:53 - 00447848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2016-02-09 02:36 - 2013-08-07 18:53 - 00091168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2016-02-09 02:36 - 2013-08-07 18:53 - 00067088 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2016-02-09 02:36 - 2013-08-07 18:53 - 00064272 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
2016-02-09 02:36 - 2013-08-07 18:53 - 00058776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-02-07 00:09 - 2013-08-02 05:42 - 00000000 ____D C:\Program Files\SUPERAntiSpyware

==================== Files in the root of some directories =======

2012-06-01 14:01 - 2016-01-17 19:30 - 0002032 _____ () C:\Users\Admin\AppData\Local\d3d9caps.dat
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\Admin\AppData\Local\setup.txt
2013-10-09 23:48 - 2013-10-09 23:48 - 0756736 _____ () C:\Users\Admin\AppData\Local\vp_toolbar_ie.dll
2014-04-13 08:09 - 2014-04-13 08:28 - 0000000 _____ () C:\ProgramData\LauncherAccess.dt

Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-20 13:16

==================== End of FRST.txt ============================

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (System) (Fixed) (Total:465.76 GB) (Free:420.25 GB) NTFS ==>[drive with boot components (obtained from BCD)]

Available physical RAM: 2436.18 MB
Total physical RAM: 3542.31 MB
Percentage of memory in use: 31%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 48E4D74D)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Admin\Desktop" je 1753 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#8 Příspěvek od **Márty84** » 20 úno 2016 14:09

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Admin\Desktop" je 1753 MB.

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2016-01-22] (SUPERAntiSpyware)
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - Vratné Peníze - {110C8480-EE32-4F39-9102-CA8502DE249E} - C:\Users\Admin\AppData\Local\VP_TOO~1.DLL [2013-10-09] ()
Toolbar: HKU\S-1-5-21-1564728082-1205842579-2839393178-1000 -> Vratné Peníze - {110C8480-EE32-4F39-9102-CA8502DE249E} - C:\Users\Admin\AppData\Local\VP_TOO~1.DLL [2013-10-09] ()

2016-02-20 10:17 - 2016-02-20 10:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-20 10:16 - 2016-02-20 10:16 - 22908888 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.0.1024.exe

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-09 107848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-09 107848]

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Terrsa · #9 Příspěvek od **Terrsa** » 20 úno 2016 14:37

Fix result of Farbar Recovery Scan Tool (x86) Version:17-02-2016
Ran by Admin (2016-02-20 14:31:52) Run:1
Running from C:\ADMIN\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6819232 2016-01-22] (SUPERAntiSpyware)
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6628056 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM - Vratné Peníze - {110C8480-EE32-4F39-9102-CA8502DE249E} - C:\Users\Admin\AppData\Local\VP_TOO~1.DLL [2013-10-09] ()
Toolbar: HKU\S-1-5-21-1564728082-1205842579-2839393178-1000 -> Vratné Peníze - {110C8480-EE32-4F39-9102-CA8502DE249E} - C:\Users\Admin\AppData\Local\VP_TOO~1.DLL [2013-10-09] ()

2016-02-20 10:17 - 2016-02-20 10:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-20 10:16 - 2016-02-20 10:16 - 22908888 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.0.1024.exe

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\system32\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-12-13 82128]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-09 107848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-09 107848]

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware => value removed successfully.
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully.
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG => value removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{110C8480-EE32-4F39-9102-CA8502DE249E} => value removed successfully.
"HKCR\CLSID\{110C8480-EE32-4F39-9102-CA8502DE249E}" => key removed successfully.
HKU\S-1-5-21-1564728082-1205842579-2839393178-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{110C8480-EE32-4F39-9102-CA8502DE249E} => value removed successfully.
HKCR\CLSID\{110C8480-EE32-4F39-9102-CA8502DE249E} => key not found.
C:\ProgramData\Malwarebytes => moved successfully
"C:\Users\Admin\Downloads\mbam-setup-2.2.0.1024.exe" => not found.
C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
AdobeARMservice => service removed successfully.
gupdate => service removed successfully.
gupdatem => service removed successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM => key removed successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender => key removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 223.9 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 14:32:51 ====

#10 Příspěvek od **Márty84** » 20 úno 2016 15:34

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak to s pc vypada. Nastala nejaka zmena?

Terrsa · #11 Příspěvek od **Terrsa** » 20 úno 2016 22:13

Krok 1 hotov
Krok 2 CCleaner jsem už používala, aktualizace se hodila.
Krok 3 Defragmentace hotova

Vcelku super, už před defragem šlapalo jak hodinky a je o dost rychlejší počítač, a když jsem udělala pak preventivně restart, tak to šlo hodně rychle.
(hra na FB jde krásně rychle a bez padání)

Děkuji moc moc za rychlou pomoc

Klidně je možno uzavřít.

#12 Příspěvek od **Márty84** » 21 úno 2016 09:09

To mam radost

Kdyby neco, staci se ozvat

Nemate vubec zac, rado se stalo!

Mejte se krasne a treba zase nekdy

VIRY.CZ

PC přestane přehrávat zvuk a spadne explorer

PC přestane přehrávat zvuk a spadne explorer

Re: PC přestane přehrávat zvuk a spadne explorer

Re: PC přestane přehrávat zvuk a spadne explorer

Re: PC přestane přehrávat zvuk a spadne explorer

Re: PC přestane přehrávat zvuk a spadne explorer

Re: PC přestane přehrávat zvuk a spadne explorer

Re: PC přestane přehrávat zvuk a spadne explorer

Re: PC přestane přehrávat zvuk a spadne explorer

Re: PC přestane přehrávat zvuk a spadne explorer

Re: PC přestane přehrávat zvuk a spadne explorer

Re: PC přestane přehrávat zvuk a spadne explorer

Re: PC přestane přehrávat zvuk a spadne explorer