Malware

[Márty84]

Vypnete trvale Windows Defender.


Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

BootExecute: autocheck autochk * sdnclean64.exe

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKU\S-1-5-21-3000822321-160099729-2533544899-1001 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
SearchScopes: HKLM-x32 -> DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3000822321-160099729-2533544899-1001 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3000822321-160099729-2533544899-1001 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> No File

FF user.js: detected! => C:\Users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\user.js [2016-04-17]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Programs\NOD32\Mozilla Thunderbird => not found

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23 144200]

2016-04-11 13:27 - 2016-04-12 23:29 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\IObit
2016-04-11 13:27 - 2016-04-12 23:29 - 00000000 ____D C:\Users\Mirča\AppData\LocalLow\IObit
2016-04-14 20:32 - 2012-02-16 16:07 - 00000000 ____D C:\Program Files (x86)\TNod User & Password Finder

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {45C2F263-B399-4F6B-B534-CD04DFEC21C7} - System32\Tasks\{D48B785F-0575-45BB-9C2B-01F58A4FBFFA} => pcalua.exe -a D:\Programs\WinRAR\WinRAR.exe -d D:\Programs\Firefox -c "C:\Users\Mirča\Downloads\ESET-NOD32-Antivirus-4-v4.2.64.12-100--Works-Licence-32bit-a-64bit-CZ.rar"
Task: {4F24CCEC-7119-4D32-8602-538048890FC3} - System32\Tasks\Better Updater => C:\Users\Mirča\AppData\Roaming\Better Updater\Better Updater.exe <==== ATTENTION
Task: {B3297703-74BD-4EBF-83CF-2503F27B4623} - System32\Tasks\Driver Booster SkipUAC (Mirča) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {BC92A203-4290-4D3D-900D-7BFE09E2816D} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
Task: {D0BD936F-E26B-4D4B-8091-017145551941} - \Megasoft Security Job -> No File <==== ATTENTION

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[markyzamek]

Omlouvám se za dlouhou prodlevu, ale měl jsem zkoušky, takže nebyl vůbec čas.
Windows defender vypnut, log zde:

Fix result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by Mirča (2016-04-29 19:32:34) Run:1
Running from C:\Users\Mirča\Desktop
Loaded Profiles: Mirča (Available Profiles: Mirča)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

BootExecute: autocheck autochk * sdnclean64.exe

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKU\S-1-5-21-3000822321-160099729-2533544899-1001 -> Default = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
SearchScopes: HKLM-x32 -> DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM-x32 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3000822321-160099729-2533544899-1001 -> {95289393-33EA-4F8D-B952-483415B9C955} URL = hxxp://search.qip.ru/?query={searchTerms}
SearchScopes: HKU\S-1-5-21-3000822321-160099729-2533544899-1001 -> {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = hxxp://search.qip.ru/search?query={searchTerms}&from=IE
BHO-x32: No Name -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> No File

FF user.js: detected! => C:\Users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\user.js [2016-04-17]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - D:\Programs\NOD32\Mozilla Thunderbird => not found

S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23 144200]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23 144200]

2016-04-11 13:27 - 2016-04-12 23:29 - 00000000 ____D C:\Users\Mirča\AppData\Roaming\IObit
2016-04-11 13:27 - 2016-04-12 23:29 - 00000000 ____D C:\Users\Mirča\AppData\LocalLow\IObit
2016-04-14 20:32 - 2012-02-16 16:07 - 00000000 ____D C:\Program Files (x86)\TNod User & Password Finder

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {45C2F263-B399-4F6B-B534-CD04DFEC21C7} - System32\Tasks\{D48B785F-0575-45BB-9C2B-01F58A4FBFFA} => pcalua.exe -a D:\Programs\WinRAR\WinRAR.exe -d D:\Programs\Firefox -c "C:\Users\Mirča\Downloads\ESET-NOD32-Antivirus-4-v4.2.64.12-100--Works-Licence-32bit-a-64bit-CZ.rar"
Task: {4F24CCEC-7119-4D32-8602-538048890FC3} - System32\Tasks\Better Updater => C:\Users\Mirča\AppData\Roaming\Better Updater\Better Updater.exe <==== ATTENTION
Task: {B3297703-74BD-4EBF-83CF-2503F27B4623} - System32\Tasks\Driver Booster SkipUAC (Mirča) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {BC92A203-4290-4D3D-900D-7BFE09E2816D} - System32\Tasks\Driver Booster Scheduler => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe
Task: {D0BD936F-E26B-4D4B-8091-017145551941} - \Megasoft Security Job -> No File <==== ATTENTION

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => value removed successfully
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}" => key removed successfully
HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => key not found.
"HKU\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955}" => key removed successfully
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => key not found.
"HKU\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}" => key removed successfully
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} => key not found.
C:\Users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\user.js => moved successfully
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\eplgTb@eset.com => value removed successfully
catchme => service removed successfully
gupdate => service removed successfully
gupdatem => service removed successfully
C:\Users\Mirča\AppData\Roaming\IObit => moved successfully
C:\Users\Mirča\AppData\LocalLow\IObit => moved successfully
C:\Program Files (x86)\TNod User & Password Finder => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45C2F263-B399-4F6B-B534-CD04DFEC21C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45C2F263-B399-4F6B-B534-CD04DFEC21C7}" => key removed successfully
C:\Windows\System32\Tasks\{D48B785F-0575-45BB-9C2B-01F58A4FBFFA} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D48B785F-0575-45BB-9C2B-01F58A4FBFFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F24CCEC-7119-4D32-8602-538048890FC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F24CCEC-7119-4D32-8602-538048890FC3}" => key removed successfully
C:\Windows\System32\Tasks\Better Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Better Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3297703-74BD-4EBF-83CF-2503F27B4623}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3297703-74BD-4EBF-83CF-2503F27B4623}" => key removed successfully
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Mirča) => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Mirča)" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC92A203-4290-4D3D-900D-7BFE09E2816D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC92A203-4290-4D3D-900D-7BFE09E2816D}" => key removed successfully
C:\Windows\System32\Tasks\Driver Booster Scheduler => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0BD936F-E26B-4D4B-8091-017145551941}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0BD936F-E26B-4D4B-8091-017145551941}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Megasoft Security Job => key not found.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dropbox Update => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QIP Internet Guardian => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotPostWindows10UpgradeReInstall => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 908.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:33:08 ====

[Márty84]

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Presunte ComboFix zpet na plochu, prejmenujte ho na Uninstall a spustte ho. CF by se mel odinstalovat.

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.

[markyzamek]

Vše provedeno, reklamy se na webu nezobrazují, zdá se, že se vše povedlo úspěšně odstranit a napravit.

Jen malý detail a to je "občasné sekání" - při psaní textu píšu a text se napíše až za pár vteřin; při přehrávání videa např. na youtube se video sekne a po pár sekundách se rozběhne a je časově posunuto dál, zvuk se při tom seká také; ovlivňuje to celkovou plynulost chodu systému.

Neměl byste nápad, co by to mohlo způsobovat?

[Márty84]

při psaní textu píšu a text se napíše až za pár vteřin

Jde o psani na netu, napriklad mail, nebo i mimo, treba psani ve wordu atd.?

při přehrávání videa např. na youtube se video sekne a po pár sekundách se rozběhne a je časově posunuto dál, zvuk se při tom seká také

Stejny dotaz, jde o videa na netu, nebo se seka i video jiz stahnute na disku, pripadne cd/dvd?


Pokud se to stava jen na netu, dela to ve vsech prohlizecich?



Stahnete crystal disk info http://www.slunecnice.cz/sw/crystaldiskinfo/
Nainstalujte (pozor na pripadne doplnky, ty odmitnete zrusenim zatrzitka) a spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

[markyzamek]

Ano, jde o psaní v prohlížeči. Ve vyhledávači, facebook nebo psaní webové adresy.
U videí je to také jen online.

Primárně používám chrome, v mozille jsem to nezkoušel.
(Momentálně to nezlobí. Nevím, jestli to není ovlivněné tím, že běží více procesů najednou, ale stejně se mi nezdá, že by to bylo normální.)

Crystal disk:

----------------------------------------------------------------------------
CrystalDiskInfo 6.8.2 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Professional SP1 [6.1 Build 7601] (x64)
Date : 2016/05/03 19:20:37

-- Controller Map ----------------------------------------------------------
- ATA Channel 1 (1) [ATA]
+ ATA Channel 0 (0) [ATA]
- WDC WD5000AADS-00M2B0 ATA Device
+ ATA Channel 1 (1) [ATA]
- HL-DT-ST DVDRAM GH22NS90 ATA Device
+ AMD SATA Controller (IDE Mode) [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ AMD PCI IDE Controller [ATA]
- ATA Channel 0 (0)
- ATA Channel 1 (1)
+ Virtual CloneDrive [SCSI]
- ELBY CLONEDRIVE SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) WDC WD5000AADS-00M2B0 : 500,1 GB [0/0/0, pd1] - wd

----------------------------------------------------------------------------
(1) WDC WD5000AADS-00M2B0
----------------------------------------------------------------------------
Model : WDC WD5000AADS-00M2B0
Firmware : 01.00A01
Serial Number : WD-WMAV52727857
Disk Size : 500,1 GB (8,4/137,4/500,1/500,1)
Buffer Size : 32767 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : ---- | SATA/300
Power On Hours : 7428 hod.
Power On Count : 1397 krát
Temperature : 29 C (84 F)
Health Status : Pozor
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----
Drive Letter : C: D:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 0000000002DF Počet chyb čtení
03 191 190 _21 000000001919 Čas na roztočení ploten
04 _99 _99 __0 000000000580 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 100 253 __0 000000000000 Počet chybných hledání
09 _90 _90 __0 000000001D04 Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _99 _99 __0 000000000575 Počet cyklů zapnutí zařízení
C0 200 200 __0 000000000018 Počet vypnutí disku
C1 187 187 __0 00000000A210 Počet cyklů načítání/vymazání
C2 118 105 __0 00000000001D Teplota
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000003 Počet podezřelých sektorů
C6 200 200 __0 000000000002 Počet neopravitelných sektorů
C7 200 200 __0 000000000003 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 __0 000000000003 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2057 442D 574D 4156 3532 3732 3738 3537
020: 0000 FFFF 0032 3031 2E30 3041 3031 5744 4320 5744
030: 3530 3030 4141 4453 2D30 304D 3242 3020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1706 0000 0044 0040
080: 01FE 0000 746B 7D61 4123 7469 BC41 4123 407F 0031
090: 0031 0000 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 0000 0000 0000 5001 4EE2
110: 5BE2 04B0 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 16CE 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 3037 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 101E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 1000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 EEA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 C8 C8 DF 02 00 00 00 00 00 03 27
010: 00 BF BE 19 19 00 00 00 00 00 04 32 00 63 63 80
020: 05 00 00 00 00 00 05 33 00 C8 C8 00 00 00 00 00
030: 00 00 07 2E 00 64 FD 00 00 00 00 00 00 00 09 32
040: 00 5A 5A 04 1D 00 00 00 00 00 0A 32 00 64 64 00
050: 00 00 00 00 00 00 0B 32 00 64 64 00 00 00 00 00
060: 00 00 0C 32 00 63 63 75 05 00 00 00 00 00 C0 32
070: 00 C8 C8 18 00 00 00 00 00 00 C1 32 00 BB BB 10
080: A2 00 00 00 00 00 C2 22 00 76 69 1D 00 00 00 00
090: 00 00 C4 32 00 C8 C8 00 00 00 00 00 00 00 C5 32
0A0: 00 C8 C8 03 00 00 00 00 00 00 C6 30 00 C8 C8 02
0B0: 00 00 00 00 00 00 C7 32 00 C8 C8 03 00 00 00 00
0C0: 00 00 C8 08 00 C8 C8 03 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 82 00 BC 25 01 7B
170: 03 00 01 00 02 72 05 00 00 00 00 00 00 00 00 00
180: 00 00 01 03 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 C8 C8 C8 00 00 00 00 00 00 00 03 15
010: 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00
020: 00 00 00 00 00 00 05 8C 00 00 00 00 00 00 00 00
030: 00 00 07 00 64 64 64 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00
050: 00 00 00 00 00 00 0B 00 00 00 00 00 00 00 00 00
060: 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 C0 00
070: 00 00 00 00 00 00 00 00 00 00 C1 00 00 00 00 00
080: 00 00 00 00 00 00 C2 00 00 00 00 00 00 00 00 00
090: 00 00 C4 00 00 00 00 00 00 00 00 00 00 00 C5 00
0A0: 00 00 00 00 00 00 00 00 00 00 C6 00 00 00 02 00
0B0: 00 00 00 00 00 00 C7 00 00 00 00 00 00 00 00 00
0C0: 00 00 C8 00 C8 C8 C8 00 00 00 00 00 00 00 00 00
0D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 DF

[Márty84]

Pokud to zacne zlobit, zkuste i jine prohlizece, at vime, jestli je to jen v jednom, nebo celkove na netu.

Bohuzel disk nevypada dobre.

Udelejte kontrolu programem HD Tune
Stahnete http://www.slunecnice.cz/sw/hd-tune/ , nainstalujte a spustte jako spravce (pokud vam pri instalaci nabidne nejaky doplnek, odmitnete ho!)
V tom okne kliknete na posledni zalozku - Error Scan (pokud bude zatrzeny quick scan, tak zatrzitko zruste) a kliknete na Start.
Kontrola bude nejakou dobu trvat. Dejte vedet, jestli tam bylo nejake cervene policko.
Taky se podivejte na zalozku Health a opiste mi (vyfotte), co se tam pise. Melo by tam byt OK http://www.google.cz/imgres?um=1&hl=cs& ... s:20,i:143

[markyzamek]

hd 1.png (37.98 KiB) Zobrazeno 1926 x

[markyzamek]

hd 2.png (56.69 KiB) Zobrazeno 1926 x

[markyzamek]

A problém se děje jak na chromu, tak u mozilly.

[markyzamek]

Novinka. Zjistil jsem, že při snížení kvality videa na nižší než HD, tak se sekání ani zpožďování videa oproti zvuku neděje.
Problém s grafikou?

[Márty84]

Nevim, jestli s grafikou, to by asi neslo ani video z disku. Ale mozne je vsechno.

Kazdopadne ten disk neni v poradku.


Zkusime se podivat hloubeji


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[markyzamek]

ComboFix 16-04-13.01 - Mirča 05.05.2016 21:07:24.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.7935.4351 [GMT 2:00]
Spuštěný z: c:\users\MirŔa\Desktop\Mßra\oprava pc\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-04-05 do 2016-05-05 )))))))))))))))))))))))))))))))
.
.
2016-05-05 19:14 . 2016-05-05 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-17 21:25 . 2016-04-17 21:25 -------- d-----w- c:\programdata\ATI
2016-04-17 20:20 . 2016-04-17 20:20 -------- d-----w- c:\program files (x86)\AMD AVT
2016-04-17 20:20 . 2016-04-17 20:20 -------- d-----w- c:\program files (x86)\AMD APP
2016-04-17 20:20 . 2016-04-17 20:20 -------- d-----w- c:\program files\Common Files\ATI Technologies
2016-04-17 20:20 . 2016-04-17 20:20 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2016-04-17 19:50 . 2016-04-17 19:50 -------- d-----w- c:\users\Mirča\AppData\Local\ElevatedDiagnostics
2016-04-17 19:50 . 2016-04-17 19:50 -------- d-----w- c:\windows\SysWow64\.launcher_log
2016-04-14 10:01 . 2016-04-14 10:02 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-14 10:01 . 2016-04-14 10:01 -------- d-----w- c:\programdata\Malwarebytes
2016-04-14 10:01 . 2016-03-10 12:09 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-04-14 10:01 . 2016-03-10 12:08 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-04-14 10:01 . 2016-03-10 12:08 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-04-14 05:33 . 2016-04-14 05:34 -------- d-----w- c:\program files\trend micro
2016-04-14 00:12 . 2016-04-14 00:12 -------- d-----w- c:\users\Mirča\AppData\Roaming\dlg
2016-04-14 00:03 . 2016-04-14 00:03 -------- d-----w- c:\program files (x86)\Ninight
2016-04-14 00:03 . 2016-04-14 00:03 -------- d-----w- c:\program files (x86)\Fedaryqeule
2016-04-13 14:11 . 2016-04-13 15:28 -------- d-----w- C:\KVRT_Data
2016-04-12 21:50 . 2016-04-12 21:50 -------- d-----w- c:\program files\VIA
2016-04-12 21:50 . 2016-04-12 21:50 -------- d-----w- c:\windows\system32\SRSLabs
2016-04-12 21:46 . 2016-04-12 21:46 129224 ----a-w- c:\windows\system32\drivers\L1C62x64.sys
2016-04-12 21:43 . 2016-04-12 21:43 11944 ----a-w- c:\windows\system32\drivers\amdide64.sys
2016-04-12 21:29 . 2016-04-12 21:29 27552 ----a-w- c:\windows\SysWow64\drivers\HWiNFO64A.SYS
2016-04-12 21:26 . 2016-04-12 21:26 -------- d-----w- c:\programdata\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2016-04-12 21:22 . 2016-04-12 21:04 398152 ----a-w- c:\windows\system32\aswBoot.exe
2016-04-12 21:19 . 2016-04-12 21:18 37144 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2016-04-12 21:07 . 2016-04-12 21:07 -------- d-----w- c:\users\Mirča\AppData\Roaming\AVAST Software
2016-04-12 21:06 . 2016-04-13 23:26 -------- d-----w- c:\program files\Common Files\AV
2016-04-12 21:06 . 2016-04-12 21:06 -------- d-----w- c:\program files (x86)\Common Files\AV
2016-04-12 21:05 . 2016-04-13 14:13 287528 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-04-12 21:05 . 2016-04-12 21:04 166432 ----a-w- c:\windows\system32\drivers\aswStm.sys
2016-04-12 21:05 . 2016-04-12 21:04 74544 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-04-12 21:05 . 2016-04-12 21:04 465792 ----a-w- c:\windows\system32\drivers\aswSP.sys
2016-04-12 21:05 . 2016-04-12 21:04 37656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-04-12 21:05 . 2016-04-12 21:04 107792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-04-12 21:05 . 2016-04-12 21:04 103064 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2016-04-12 21:05 . 2016-04-12 21:03 1070904 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2016-04-12 21:04 . 2016-04-12 21:04 52184 ----a-w- c:\windows\avastSS.scr
2016-04-12 20:46 . 2016-04-12 21:18 -------- d-----w- c:\program files\AVAST Software
2016-04-12 20:45 . 2016-04-12 21:18 -------- d-----w- c:\programdata\AVAST Software
2016-04-11 11:29 . 2016-04-11 11:29 -------- d-----w- c:\users\Mirča\AppData\Roaming\ProductData
2016-04-11 11:12 . 2016-04-17 19:15 -------- d-----w- c:\users\Mirča\AppData\Roaming\uTorrent
2016-04-10 21:15 . 2016-04-10 21:15 -------- d-----w- c:\users\Mirča\AppData\Roaming\LolClient
2016-04-10 19:51 . 2016-04-10 19:51 -------- d-----w- c:\program files\Defraggler
2016-04-10 18:41 . 2016-04-10 18:41 -------- d-----w- c:\programdata\Riot Games
2016-04-10 18:40 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2016-04-10 18:40 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2016-04-10 18:40 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2016-04-10 18:40 . 2016-04-10 18:40 -------- d-----w- c:\program files\CCleaner
2016-04-10 18:29 . 2016-04-10 18:40 -------- d-----w- c:\users\Mirča\AppData\Roaming\Riot Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-10 19:05 . 2013-03-19 08:09 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-10 19:05 . 2012-02-16 13:22 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 200000 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2016-03-11 8686296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2011-06-24 5199984]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-04-17 7390608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2012-12-17 159744]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-12-17 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AVerFx2hbtv64;AVerMedia USB SW Hybrid Tuner;c:\windows\system32\drivers\AVerFx2hbtv64.sys;c:\windows\SYSNATIVE\drivers\AVerFx2hbtv64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\downloads\Ovladače\NTIOLib_X64.sys;d:\downloads\Ovladače\NTIOLib_X64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 amdide64;amdide64;c:\windows\system32\DRIVERS\amdide64.sys;c:\windows\SYSNATIVE\DRIVERS\amdide64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-05-03 17:07 1186968 ----a-w- c:\program files (x86)\Google\Chrome\Application\50.0.2661.94\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-04-12 21:04 920784 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2016-03-12 00:16 236864 ----a-w- c:\users\Mirča\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"XeroxEndeavorBackgroundTask"="xrWCbgnd.dll" [2009-07-14 58368]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\System32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
TCP: DhcpNameServer = 217.30.64.53 217.30.64.54
FF - ProfilePath - c:\users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - ExtSQL: 2016-04-11 15:27; ascsurfingprotection@iobit.com; c:\users\MirÄŤa\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\extensions\ascsurfingprotection@iobit.com
FF - ExtSQL: 2016-04-13 00:43; adsremoval@adsremoval.net; c:\users\MirÄŤa\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\extensions\adsremoval@adsremoval.net
.
.
Celkový čas: 2016-05-05 21:16:45
ComboFix-quarantined-files.txt 2016-05-05 19:16
.
Před spuštěním: 7 810 809 856
Po spuštění: 7 765 667 840
.
- - End Of File - - E9BD7127327BD877CD07516ED2B4C5E1
A36C5E4F47E84449FF07ED3517B43A31

[Márty84]

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

[markyzamek]

1/2
OTL logfile created on: 6.5.2016 15:20:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mirča\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16844)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

7,75 Gb Total Physical Memory | 4,53 Gb Available Physical Memory | 58,48% Memory free
23,25 Gb Paging File | 19,23 Gb Available in Paging File | 82,71% Paging File free
Paging file location(s): c:\pagefile.sys 0 0d:\pagefile.sys 7935 16000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 43,85 Gb Total Space | 7,62 Gb Free Space | 17,37% Space Free | Partition Type: NTFS
Drive D: | 421,82 Gb Total Space | 305,93 Gb Free Space | 72,53% Space Free | Partition Type: NTFS

Computer Name: MIRČA-PC | User Name: Mirča | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2016.05.06 15:19:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirča\Desktop\OTL.exe
PRC - [2016.04.28 01:25:42 | 000,881,304 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2016.04.17 20:43:53 | 007,390,608 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2016.04.12 23:04:26 | 000,243,296 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014.05.14 21:07:08 | 000,067,584 | ---- | M] (PasswordBox, Inc.) -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe
PRC - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2008.07.14 20:42:22 | 000,409,600 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008.06.19 04:53:53 | 000,679,936 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2008.06.11 04:34:02 | 000,159,744 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2008.06.06 02:41:22 | 000,352,256 | R--- | M] (AVerMedia) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe


========== Modules (No Company Name) ==========

MOD - [2016.04.28 01:25:18 | 001,738,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll
MOD - [2016.04.28 01:25:06 | 000,086,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll
MOD - [2016.04.12 23:04:42 | 040,539,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2016.04.12 23:04:31 | 000,123,344 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2016.04.12 23:04:27 | 000,135,816 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2008.06.11 04:34:02 | 000,159,744 | R--- | M] () -- C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe


========== Services (SafeList) ==========

SRV:64bit: - [2016.04.12 23:48:42 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2016.04.12 23:04:26 | 000,243,296 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013.05.27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013.04.30 05:52:38 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.04.29 23:25:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2016.04.25 21:21:12 | 000,146,888 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2016.04.10 21:05:44 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.14 21:07:08 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Auto | Running] -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2012.03.23 14:25:24 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.14 20:42:22 | 000,409,600 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.06.06 02:41:22 | 000,352,256 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2016.04.13 16:13:07 | 000,287,528 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswvmm.sys -- (aswVmm)
DRV:64bit: - [2016.04.12 23:48:42 | 000,688,648 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2016.04.12 23:46:33 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2016.04.12 23:43:14 | 000,011,944 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2016.04.12 23:18:48 | 000,037,144 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2016.04.12 23:04:44 | 000,465,792 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2016.04.12 23:04:44 | 000,166,432 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2016.04.12 23:04:44 | 000,107,792 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2016.04.12 23:04:44 | 000,103,064 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2016.04.12 23:04:44 | 000,074,544 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2016.04.12 23:04:44 | 000,037,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2016.04.12 23:03:51 | 001,070,904 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014.08.15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2013.04.30 06:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2013.04.30 06:16:04 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.04.30 04:48:14 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.10.03 17:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.28 22:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010.06.16 23:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.10 22:31:43 | 000,292,224 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerFx2hbtv64.sys -- (AVerFx2hbtv64)
DRV - [2016.04.12 23:29:41 | 000,027,552 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2011.06.29 03:59:34 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- D:\Downloads\Ovladače\NTIOLib_X64.sys -- (NTIOLib_1_0_C)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-3000822321-160099729-2533544899-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3000822321-160099729-2533544899-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE10SR
IE - HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:45.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: D:\Programs\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2016.04.12 23:22:10 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\SAFEPRICE\FF [2016.04.12 23:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\firefox@passwordbox.com: C:\Program Files (x86)\PasswordBox\Firefox [2013.11.22 12:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2016.04.12 23:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sp@avast.com: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016.04.12 23:22:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.2\extensions\\Components: D:\Programs\Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 45.0.2\extensions\\Plugins: D:\Programs\Firefox\plugins [2016.04.25 21:21:07 | 000,000,000 | ---D | M]

[2012.02.16 15:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirča\AppData\Roaming\Mozilla\Extensions
[2016.04.14 09:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\extensions
[2015.01.18 14:42:32 | 000,000,000 | ---D | M] (Widevine Media Optimizer) -- C:\Users\Mirča\AppData\Roaming\Mozilla\Firefox\Profiles\ejtt4vyi.default\extensions\{2d3fbcf7-be69-4433-8858-c621a8d0e58d}

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.56_0\
CHR - Extension: No name found = C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\11.1.0.242_0\
CHR - Extension: No name found = C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Mirča\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\

O1 HOSTS File: ([2016.04.29 19:32:53 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PasswordBox Helper) - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [XeroxEndeavorBackgroundTask] C:\Windows\SysNative\xrWCbgnd.dll (Xerox Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3000822321-160099729-2533544899-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3000822321-160099729-2533544899-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3000822321-160099729-2533544899-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.30.64.53 217.30.64.54
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F61A94E8-D767-4466-AEC0-3D7B25CFC2EB}: DhcpNameServer = 217.30.64.53 217.30.64.54
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.aacacm - C:\Windows\SysWow64\AACACM.acm (fccHandler)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3pacm - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: VIDC.X264 - C:\Windows\SysWow64\x264vfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2016.05.06 15:19:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mirča\Desktop\OTL.exe
[2016.05.05 21:16:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2016.05.05 21:05:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2016.05.05 21:05:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2016.05.05 21:05:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2016.05.05 21:05:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2016.05.05 21:04:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2016.05.04 19:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
[2016.05.03 19:19:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2016.04.29 23:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player
[2016.04.29 21:41:22 | 000,000,000 | ---D | C] -- C:\Users\Mirča\Documents\Záloha registrů Ccleaner
[2016.04.17 23:26:02 | 000,000,000 | ---D | C] -- C:\Users\Mirča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2016.04.17 23:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2016.04.17 22:20:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2016.04.17 22:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2016.04.17 22:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2016.04.17 22:20:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2016.04.17 22:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2016.04.17 22:19:05 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2016.04.17 21:50:56 | 000,000,000 | ---D | C] -- C:\Users\Mirča\AppData\Local\ElevatedDiagnostics
[2016.04.17 21:50:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\.launcher_log
[2016.04.17 21:18:20 | 000,000,000 | ---D | C] -- C:\Users\Mirča\Documents\My Games
[2016.04.14 20:42:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2016.04.14 12:01:33 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.04.14 12:01:03 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2016.04.14 12:01:03 | 000,064,896 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2016.04.14 12:01:03 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2016.04.14 12:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2016.04.14 08:47:50 | 000,000,000 | ---D | C] -- C:\Users\Mirča\Documents\ProcAlyzer Dumps
[2016.04.14 07:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2016.04.14 02:12:36 | 000,000,000 | ---D | C] -- C:\Users\Mirča\AppData\Roaming\dlg
[2016.04.14 02:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ninight
[2016.04.14 02:03:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fedaryqeule
[2016.04.14 02:03:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\dmp
[2016.04.13 16:11:24 | 000,000,000 | ---D | C] -- C:\KVRT_Data
[2016.04.12 23:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2016.04.12 23:50:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2016.04.12 23:48:43 | 002,103,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2016.04.12 23:48:43 | 001,999,640 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO264.DLL
[2016.04.12 23:48:43 | 000,879,616 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO64.DLL
[2016.04.12 23:48:43 | 000,739,328 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO32.DLL
[2016.04.12 23:48:43 | 000,619,520 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMTHX64.DLL
[2016.04.12 23:48:43 | 000,554,496 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMTHX32.DLL
[2016.04.12 23:48:43 | 000,388,096 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMWRP64.DLL
[2016.04.12 23:48:43 | 000,070,776 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\VtSrdAPO.dll
[2016.04.12 23:48:43 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPLD64.DLL
[2016.04.12 23:48:43 | 000,053,760 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPCN64.DLL
[2016.04.12 23:48:43 | 000,030,728 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\VMfilt64.sys
[2016.04.12 23:48:42 | 003,300,528 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2016.04.12 23:48:42 | 001,986,048 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2016.04.12 23:48:42 | 001,728,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO232.DLL
[2016.04.12 23:48:42 | 001,161,336 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll
[2016.04.12 23:48:42 | 000,876,544 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2016.04.12 23:48:42 | 000,688,648 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2016.04.12 23:48:42 | 000,123,512 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll
[2016.04.12 23:48:42 | 000,095,352 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2016.04.12 23:48:42 | 000,027,768 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe
[2016.04.12 23:48:40 | 000,055,416 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\PropPageExt.dll
[2016.04.12 23:48:39 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64H.dll
[2016.04.12 23:48:39 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll
[2016.04.12 23:48:39 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64H.dll
[2016.04.12 23:48:39 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll
[2016.04.12 23:48:39 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64H.dll
[2016.04.12 23:48:39 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll
[2016.04.12 23:48:39 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64H.dll
[2016.04.12 23:48:39 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll
[2016.04.12 23:48:39 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2016.04.12 23:48:39 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64H.dll
[2016.04.12 23:48:39 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll
[2016.04.12 23:48:37 | 027,646,720 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2016.04.12 23:48:37 | 001,013,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2016.04.12 23:48:37 | 000,663,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2016.04.12 23:48:36 | 000,092,280 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2016.04.12 23:48:34 | 000,248,952 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2016.04.12 23:46:33 | 000,129,224 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2016.04.12 23:43:14 | 000,011,944 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\amdide64.sys
[2016.04.12 23:29:41 | 000,027,552 | ---- | C] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
[2016.04.12 23:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
[2016.04.12 23:22:11 | 000,398,152 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2016.04.12 23:19:25 | 000,037,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2016.04.12 23:07:15 | 000,000,000 | ---D | C] -- C:\Users\Mirča\AppData\Roaming\AVAST Software
[2016.04.12 23:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2016.04.12 23:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2016.04.12 23:06:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AV
[2016.04.12 23:05:42 | 000,287,528 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswvmm.sys
[2016.04.12 23:05:42 | 000,166,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2016.04.12 23:05:41 | 000,465,792 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2016.04.12 23:05:41 | 000,074,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2016.04.12 23:05:40 | 000,107,792 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2016.04.12 23:05:40 | 000,037,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2016.04.12 23:05:39 | 000,103,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2016.04.12 23:05:37 | 001,070,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2016.04.12 23:04:31 | 000,052,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2016.04.12 22:48:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2016.04.12 22:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2016.04.12 22:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2016.04.12 19:59:01 | 000,000,000 | ---D | C] -- C:\Users\Mirča\Desktop\Nepoužívané odkazy plochy
[2016.04.11 13:29:01 | 000,000,000 | ---D | C] -- C:\Users\Mirča\AppData\Roaming\ProductData
[2016.04.11 13:27:46 | 000,000,000 | ---D | C] -- C:\Windows\tasks\ImCleanDisabled
[2016.04.11 13:12:13 | 000,000,000 | ---D | C] -- C:\Users\Mirča\AppData\Roaming\uTorrent
[2016.04.11 12:58:12 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2016.04.10 23:30:42 | 000,000,000 | ---D | C] -- C:\Users\Mirča\Documents\League of Legends
[2016.04.10 23:15:33 | 000,000,000 | ---D | C] -- C:\Users\Mirča\AppData\Roaming\LolClient
[2016.04.10 21:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2016.04.10 20:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Riot Games
[2016.04.10 20:40:45 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2016.04.10 20:40:45 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2016.04.10 20:40:44 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2016.04.10 20:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2016.04.10 20:37:59 | 000,000,000 | ---D | C] -- C:\Users\Mirča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2016.04.10 20:29:38 | 000,000,000 | ---D | C] -- C:\Users\Mirča\AppData\Roaming\Riot Games

========== Files - Modified Within 30 Days ==========

[2016.05.06 15:22:23 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2016.05.06 15:19:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirča\Desktop\OTL.exe
[2016.05.06 15:12:45 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2016.05.06 15:12:45 | 000,022,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2016.05.06 15:05:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2016.05.06 15:04:54 | 1945,509,887 | -HS- | M] () -- C:\hiberfil.sys
[2016.04.29 19:32:53 | 000,000,035 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2016.04.25 23:30:07 | 000,014,331 | ---- | M] () -- C:\Users\Mirča\Desktop\Jaroševská - text výběrko.odt
[2016.04.14 20:41:50 | 001,576,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2016.04.14 20:41:50 | 000,666,194 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2016.04.14 20:41:50 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2016.04.14 20:41:50 | 000,139,890 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2016.04.14 20:41:50 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2016.04.14 20:39:29 | 000,002,292 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
[2016.04.14 20:39:29 | 000,002,250 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVerQuick.lnk
[2016.04.14 20:39:04 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2016.04.14 20:39:04 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2016.04.14 20:39:04 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2016.04.14 20:39:04 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016.04.14 20:38:21 | 000,001,224 | ---- | M] () -- C:\Users\Mirča\Desktop\TSM.lnk
[2016.04.14 20:38:21 | 000,000,359 | ---- | M] () -- C:\Users\Mirča\Desktop\Počítač.lnk
[2016.04.14 12:02:17 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2016.04.13 16:13:07 | 000,287,528 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswvmm.sys
[2016.04.12 23:48:43 | 002,103,040 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2016.04.12 23:48:43 | 001,999,640 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO264.DLL
[2016.04.12 23:48:43 | 000,879,616 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO64.DLL
[2016.04.12 23:48:43 | 000,739,328 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO32.DLL
[2016.04.12 23:48:43 | 000,619,520 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMTHX64.DLL
[2016.04.12 23:48:43 | 000,554,496 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMTHX32.DLL
[2016.04.12 23:48:43 | 000,388,096 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMWRP64.DLL
[2016.04.12 23:48:43 | 000,070,776 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\VtSrdAPO.dll
[2016.04.12 23:48:43 | 000,057,856 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPLD64.DLL
[2016.04.12 23:48:43 | 000,053,760 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPCN64.DLL
[2016.04.12 23:48:43 | 000,030,728 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysNative\drivers\VMfilt64.sys
[2016.04.12 23:48:42 | 003,300,528 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2016.04.12 23:48:42 | 001,986,048 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2016.04.12 23:48:42 | 001,728,280 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO232.DLL
[2016.04.12 23:48:42 | 001,161,336 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll
[2016.04.12 23:48:42 | 000,876,544 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2016.04.12 23:48:42 | 000,688,648 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2016.04.12 23:48:42 | 000,123,512 | ---- | M] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll
[2016.04.12 23:48:42 | 000,095,352 | ---- | M] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2016.04.12 23:48:42 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe
[2016.04.12 23:48:40 | 007,163,744 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64H.dll
[2016.04.12 23:48:40 | 000,055,416 | ---- | M] (TODO: <Company name>) -- C:\Windows\SysNative\PropPageExt.dll
[2016.04.12 23:48:39 | 007,163,744 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll
[2016.04.12 23:48:39 | 000,433,504 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EED64H.dll
[2016.04.12 23:48:39 | 000,433,504 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll
[2016.04.12 23:48:39 | 000,137,056 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64H.dll
[2016.04.12 23:48:39 | 000,137,056 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll
[2016.04.12 23:48:39 | 000,120,160 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64H.dll
[2016.04.12 23:48:39 | 000,120,160 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll
[2016.04.12 23:48:39 | 000,086,016 | ---- | M] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2016.04.12 23:48:39 | 000,075,104 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64H.dll
[2016.04.12 23:48:39 | 000,075,104 | ---- | M] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll
[2016.04.12 23:48:38 | 027,646,720 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2016.04.12 23:48:37 | 001,013,504 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2016.04.12 23:48:37 | 000,663,296 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2016.04.12 23:48:36 | 000,248,952 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2016.04.12 23:48:36 | 000,092,280 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2016.04.12 23:46:33 | 000,129,224 | ---- | M] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2016.04.12 23:43:14 | 000,011,944 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\drivers\amdide64.sys
[2016.04.12 23:29:41 | 000,027,552 | ---- | M] (REALiX(tm)) -- C:\Windows\SysWow64\drivers\HWiNFO64A.SYS
[2016.04.12 23:18:48 | 000,037,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2016.04.12 23:04:44 | 000,465,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2016.04.12 23:04:44 | 000,398,152 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2016.04.12 23:04:44 | 000,166,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2016.04.12 23:04:44 | 000,107,792 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2016.04.12 23:04:44 | 000,103,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2016.04.12 23:04:44 | 000,074,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2016.04.12 23:04:44 | 000,037,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2016.04.12 23:04:31 | 000,052,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2016.04.12 23:03:51 | 001,070,904 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2016.04.11 13:36:23 | 000,000,218 | ---- | M] () -- C:\Users\Mirča\AppData\Local\recently-used.xbel
[2016.04.10 21:05:43 | 000,797,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2016.04.10 21:05:43 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2016.04.10 20:26:44 | 000,000,017 | ---- | M] () -- C:\Users\Mirča\AppData\Local\resmon.resmoncfg

========== Files Created - No Company Name ==========

[2016.05.06 15:22:23 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2016.05.05 21:05:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2016.05.05 21:05:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2016.05.05 21:05:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2016.05.05 21:05:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2016.05.05 21:05:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2016.04.25 21:30:17 | 000,014,331 | ---- | C] () -- C:\Users\Mirča\Desktop\Jaroševská - text výběrko.odt
[2016.04.12 23:19:56 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
[2016.04.12 23:06:45 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2016.04.11 13:36:23 | 000,000,218 | ---- | C] () -- C:\Users\Mirča\AppData\Local\recently-used.xbel
[2016.04.10 21:51:39 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2016.04.10 20:40:06 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2016.04.10 20:26:44 | 000,000,017 | ---- | C] () -- C:\Users\Mirča\AppData\Local\resmon.resmoncfg
[2012.04.13 23:51:44 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.04.13 21:44:51 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\AnvSoft
[2013.09.06 10:59:25 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Appset
[2016.04.12 23:07:15 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\AVAST Software
[2013.01.01 20:42:48 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\BSplayer
[2012.02.16 15:16:00 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\BSplayer Pro
[2016.04.14 02:12:36 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\dlg
[2016.04.11 11:49:57 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Dropbox
[2013.01.07 04:18:01 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Foxit Software
[2013.05.02 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\ICQ-Profile
[2016.04.10 23:15:35 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\LolClient
[2012.02.16 15:40:33 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\OpenOffice.org
[2014.05.06 15:16:16 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\PDF Architect 2
[2016.04.11 13:29:01 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\ProductData
[2013.08.13 14:12:27 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Python-Eggs
[2016.04.10 20:40:59 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Riot Games
[2016.04.17 21:15:37 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\uTorrent
[2012.02.16 15:27:59 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Win7codecs
[2012.07.31 00:45:18 | 000,000,000 | ---D | M] -- C:\Users\Mirča\AppData\Roaming\Windows Live Writer