VIRY.CZ

Dobry vecer, prosim o kontrolu logu. Posledni dobou je pc zpomalene. Pomalu se zapina, programy se spousti take nezvykle dlouho. MBA odstranil 4 infikovane soubory trojan.agent.prn. Dalsi test nic neodhalil, presto po restartovani pc znovu MBA hlasi zablokovani skodliveho souboru. Moc dekuji.

Logfile of random's system information tool 1.10 (written by random/random)
Run by HP at 2015-05-09 20:21:34
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 5 GB (6%) free of 76 GB
Total RAM: 2046 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:21:39, on 9.5.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16636)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Opera\29.0.1795.47\opera.exe
C:\Program Files\Opera\29.0.1795.47\opera_crashreporter.exe
C:\Program Files\Opera\29.0.1795.47\opera.exe
C:\Program Files\Opera\29.0.1795.47\opera.exe
C:\Program Files\Opera\29.0.1795.47\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\HP\Downloads\RSIT (1).exe
C:\Program Files\trend micro\HP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [FingerPrintSoftwareSplashScreen] "C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe" \s
O4 - HKLM\..\Run: [ATUpdatePBA.ltp] C:\Windows\system32\ATUpdatePBA.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [a478d52adfc889d96e557fa727c482ec] "C:\Users\HP\AppData\Roaming\image.exe" ..
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AD Monitor (ADMonitor) - Unknown owner - C:\Windows\system32\ADMonitor.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Windows\system32\AtService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Data Transfer Service (dtsvc) - Unknown owner - C:\Windows\system32\DTS.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe

--
End of file - 7067 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-04-03 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-08 565304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-04-03 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19 1022152]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2014-07-25 2403104]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2007-11-01 671744]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2000-01-01 12017368]
"FingerPrintSoftware"=C:\Program Files\Lenovo Fingerprint Software\fpapp.exe [2010-10-21 1582400]
"FingerPrintSoftwareSplashScreen"=C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe [2010-10-21 102400]
"ATUpdatePBA.ltp"=C:\Windows\system32\ATUpdatePBA.exe [2010-10-21 226624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2299176]
"a478d52adfc889d96e557fa727c482ec"=C:\Users\HP\AppData\Roaming\image.exe .. []
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-05-08 5515496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a478d52adfc889d96e557fa727c482ec.exe]
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a478d52adfc889d96e557fa727c482ec.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^dce1253ce7b8be7e6fddfaa541ebb372.exe]
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dce1253ce7b8be7e6fddfaa541ebb372.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^exploire.exe]
C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exploire.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
"SoftwareSASGeneration"=1
"DisableCAD"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=serwvdrv.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-05-09 20:21:34 ----D---- C:\rsit
2015-05-09 20:21:34 ----D---- C:\Program Files\trend micro
2015-05-08 08:14:44 ----A---- C:\Windows\system32\msxml3.dll
2015-05-08 08:08:02 ----A---- C:\Windows\system32\gdi32.dll
2015-05-08 08:05:20 ----A---- C:\Windows\system32\clfsw32.dll
2015-05-08 08:05:20 ----A---- C:\Windows\system32\clfs.sys
2015-05-08 08:04:56 ----A---- C:\Windows\system32\ntdll.dll
2015-05-08 08:04:55 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-05-08 08:04:55 ----A---- C:\Windows\system32\ntkrnlpa.exe
2015-05-08 07:31:34 ----A---- C:\Windows\system32\vbscript.dll
2015-05-08 07:31:34 ----A---- C:\Windows\system32\urlmon.dll
2015-05-08 07:31:34 ----A---- C:\Windows\system32\mshta.exe
2015-05-08 07:31:34 ----A---- C:\Windows\system32\msfeedsbs.dll
2015-05-08 07:31:34 ----A---- C:\Windows\system32\jsproxy.dll
2015-05-08 07:31:34 ----A---- C:\Windows\system32\ieUnatt.exe
2015-05-08 07:31:34 ----A---- C:\Windows\system32\iertutil.dll
2015-05-08 07:31:33 ----A---- C:\Windows\system32\url.dll
2015-05-08 07:31:32 ----A---- C:\Windows\system32\wininet.dll
2015-05-08 07:31:32 ----A---- C:\Windows\system32\mshtmled.dll
2015-05-08 07:31:32 ----A---- C:\Windows\system32\msfeedssync.exe
2015-05-08 07:31:32 ----A---- C:\Windows\system32\msfeeds.dll
2015-05-08 07:31:32 ----A---- C:\Windows\system32\jscript.dll
2015-05-08 07:31:32 ----A---- C:\Windows\system32\dxtmsft.dll
2015-05-08 07:31:30 ----A---- C:\Windows\system32\jscript9.dll
2015-05-08 07:31:30 ----A---- C:\Windows\system32\dxtrans.dll
2015-05-08 07:31:29 ----A---- C:\Windows\system32\ieui.dll
2015-05-08 07:31:29 ----A---- C:\Windows\system32\ieframe.dll
2015-05-08 07:31:27 ----A---- C:\Windows\system32\mshtml.dll
2015-05-08 06:31:55 ----D---- C:\Users\HP\AppData\Roaming\AVAST Software
2015-05-08 06:29:30 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2015-05-08 06:29:29 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2015-05-08 06:29:28 ----A---- C:\Windows\system32\drivers\aswSP.sys
2015-05-08 06:29:28 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2015-05-08 06:29:27 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2015-05-08 06:29:26 ----A---- C:\Windows\system32\drivers\aswRdr.sys
2015-05-08 06:29:26 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2015-05-08 06:29:24 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2015-05-08 06:29:13 ----A---- C:\Windows\system32\aswBoot.exe
2015-05-08 06:28:40 ----A---- C:\Windows\avastSS.scr
2015-05-08 06:21:26 ----D---- C:\Program Files\AVAST Software
2015-05-08 06:18:13 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-05-08 06:17:24 ----D---- C:\ProgramData\Malwarebytes
2015-05-08 06:17:24 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2015-05-08 06:17:24 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-05-08 06:17:24 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-05-08 06:17:24 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-05-08 06:08:00 ----D---- C:\Windows\pss
2015-05-03 15:13:17 ----D---- C:\Users\HP\AppData\Roaming\Mumble
2015-05-03 15:12:52 ----D---- C:\Program Files\Mumble
2015-05-03 10:02:38 ----D---- C:\Program Files\CCleaner
2015-05-02 13:04:54 ----D---- C:\Users\HP\AppData\Roaming\MPC-HC
2015-05-01 21:28:52 ----D---- C:\Users\HP\AppData\Roaming\java
2015-05-01 21:26:45 ----D---- C:\Users\HP\AppData\Roaming\.minecraft
2015-04-30 19:19:01 ----D---- C:\Users\HP\AppData\Roaming\Google
2015-04-30 19:19:00 ----D---- C:\Users\HP\AppData\Roaming\NVIDIA
2015-04-30 18:59:31 ----D---- C:\ProgramData\Google
2015-04-30 18:55:30 ----D---- C:\Users\HP\AppData\Roaming\Macromedia
2015-04-25 15:18:17 ----D---- C:\ProgramData\SP_FT_Logs
2015-04-15 17:51:51 ----D---- C:\Program Files\Google
2015-04-15 17:51:44 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 17:51:38 ----D---- C:\Windows\system32\Macromed
2015-04-14 17:35:32 ----RA---- C:\Windows\system32\drivers\ewusbnet.sys
2015-04-14 17:35:32 ----RA---- C:\Windows\system32\drivers\ewusbmdm.sys
2015-04-14 17:35:32 ----RA---- C:\Windows\system32\drivers\ewusbdev.sys
2015-04-14 17:35:32 ----RA---- C:\Windows\system32\drivers\ewdcsc.sys
2015-04-14 17:27:26 ----D---- C:\Program Files\T-Mobile
2015-04-12 10:15:09 ----D---- C:\Program Files\Common Files\HeliosRed
2015-04-12 10:14:38 ----D---- C:\ASol

======List of files/folders modified in the last 1 month======

2015-05-09 20:21:39 ----D---- C:\Windows\Prefetch
2015-05-09 20:21:37 ----D---- C:\Windows\Temp
2015-05-09 20:21:34 ----RD---- C:\Program Files
2015-05-09 19:33:05 ----D---- C:\Windows\system32\WDI
2015-05-09 19:29:00 ----D---- C:\Windows\system32\catroot2
2015-05-09 14:42:00 ----D---- C:\Windows\inf
2015-05-09 13:06:46 ----SHD---- C:\System Volume Information
2015-05-08 09:07:37 ----D---- C:\Windows\Debug
2015-05-08 08:43:02 ----D---- C:\Windows\Microsoft.NET
2015-05-08 08:19:13 ----D---- C:\Windows\System32
2015-05-08 08:19:12 ----D---- C:\Windows\system32\migration
2015-05-08 08:19:12 ----D---- C:\Program Files\Internet Explorer
2015-05-08 08:18:10 ----RSD---- C:\Windows\assembly
2015-05-08 08:14:56 ----D---- C:\Windows\winsxs
2015-05-08 08:14:55 ----D---- C:\Windows\system32\catroot
2015-05-08 08:08:43 ----D---- C:\Windows\system32\MRT
2015-05-08 08:08:35 ----A---- C:\Windows\system32\mrt.exe
2015-05-08 08:08:00 ----SHD---- C:\Windows\Installer
2015-05-08 08:03:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-05-08 06:59:27 ----RD---- C:\Users
2015-05-08 06:42:16 ----D---- C:\Windows
2015-05-08 06:30:13 ----D---- C:\Windows\system32\Tasks
2015-05-08 06:29:30 ----D---- C:\Windows\system32\drivers
2015-05-08 06:19:59 ----D---- C:\ProgramData\AVAST Software
2015-05-08 06:17:24 ----HD---- C:\ProgramData
2015-05-03 10:03:27 ----D---- C:\Windows\Panther
2015-05-03 10:03:27 ----D---- C:\Windows\ModemLogs
2015-05-03 10:03:27 ----D---- C:\Windows\Logs
2015-04-28 18:53:56 ----D---- C:\Program Files\Opera
2015-04-18 14:30:53 ----SD---- C:\Users\HP\AppData\Roaming\Microsoft
2015-04-18 12:42:40 ----D---- C:\Windows\rescache
2015-04-17 21:20:00 ----D---- C:\ProgramData\Adobe
2015-04-15 17:57:55 ----D---- C:\Windows\Tasks
2015-04-14 19:36:05 ----D---- C:\Windows\system32\NDF
2015-04-14 19:35:50 ----D---- C:\Windows\tracing
2015-04-12 12:44:32 ----SHD---- C:\$Recycle.Bin
2015-04-12 10:15:09 ----D---- C:\Program Files\Common Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-05-08 49904]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-05-08 209048]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2015-05-08 55200]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-05-08 787760]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-05-08 427992]
R1 aswTdi;aswTdi; C:\Windows\system32\drivers\aswTdi.sys [2015-05-08 57888]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-05-08 24144]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-05-08 74976]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2009-06-25 48128]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2009-06-25 44544]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2009-06-25 38400]
R3 ATSwpWDF;AuthenTec TruePrint USB Driver; C:\Windows\System32\Drivers\ATSwpWDF.sys [2010-10-21 659968]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
R3 BTWAMPFL;btwampfl; C:\Windows\system32\DRIVERS\btwampfl.sys [2000-01-01 302120]
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2000-01-01 93224]
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2000-01-01 114728]
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2000-01-01 33832]
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2000-01-01 18728]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2000-01-01 2888536]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-04-14 23256]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2015-05-09 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-04-14 51928]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 NETwLv32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2014-07-02 10681176]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\Windows\system32\DRIVERS\psadd.sys [2009-12-08 31680]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-05 1095808]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 299312]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-07-12 134272]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\Windows\system32\DRIVERS\ewusbdev.sys [2009-10-12 100736]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2015-04-03 13368]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 15872]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2009-04-11 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-05-08 65432]
R2 ATService;AuthenTec Fingerprint Service; C:\Windows\system32\AtService.exe [2010-10-21 1824064]
R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-05-08 343336]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2011-03-25 660768]
R2 dtsvc;Data Transfer Service; C:\Windows\system32\DTS.exe [2010-10-21 98304]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-04-06 866576]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-04-14 1871160]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-07-25 1720608]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-07-02 670552]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-04-06 481552]
R2 RtkAudioService;Realtek Audio Service; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [2000-01-01 250072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-11 103608]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-15 116648]
S3 ADMonitor;AD Monitor; C:\Windows\system32\ADMonitor.exe [2010-10-21 106496]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-11 45744]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-04-15 116648]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2014-04-11 772296]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]

-----------------EOF-----------------







info.txt logfile of random's system information tool 1.10 2015-05-09 20:21:41

======MBR======

0x33C08ED0BC007C8EC08ED8BE007CBF0006B90002FCF3A450681C06CBFBB90400BDBE07807E00007C0B0F85100183C510E2F1CD1888560055C6461105C6461000B441BBAA55CD135D720F81FB55AA7509F7C101007403FE46106660807E1000742666680000000066FF760868000068007C680100681000B4428A56008BF4CD139F83C4109EEB14B80102BB007C8A56008A76018A4E028A6E03CD136661731EFE4E110F850C00807E00800F848A00B280EB825532E48A5600CD135DEB9C813EFE7D55AA756EFF7600E88A000F851500B0D1E664E87F00B0DFE660E87800B0FFE664E87100B800BBCD1A6623C0753B6681FB54435041753281F90201722C666807BB00006668000200006668080000006653665366556668000000006668007C0000666168000007CD1A5A32F6EA007C0000CD18A0B707EB08A0B607EB03A0B50732E40500078BF0AC3C0074FCBB0700B40ECD10EBF22BC9E464EB002402E0F82402C3496E76616C696420706172746974696F6E207461626C65004572726F72206C6F6164696E67206F7065726174696E672073797374656D004D697373696E67206F7065726174696E672073797374656D00000000627A999BFB018500008020210007FEFFFF0008000000E8500900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000055AA

======Uninstall list======

-->MsiExec /X{80407BA7-7763-4395-AB98-5233F1B34E65}
Adobe Flash Player 17 PPAPI-->C:\Windows\system32\Macromed\Flash\FlashUtil32_17_0_0_169_pepper.exe -maintain pepperplugin
Adobe Reader XI (11.0.08) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Adobe Shockwave Player 12.0-->"C:\Windows\system32\Adobe\Shockwave 12\uninstaller.exe"
Avast Free Antivirus-->C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel /instop:uninstall
Balíček ovladače systému Windows - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29)-->C:\PROGRA~1\DIFX\25C232B9F73C1237\DPInst32.exe /u C:\Windows\System32\DriverStore\FileRepository\atswpwdf.inf_591fd7cf\atswpwdf.inf
Bluetooth by hp-->MsiExec.exe /X{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\42.0.2311.135\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google SketchUp 8-->MsiExec.exe /X{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}
Google Update Helper-->MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Helios Red 2015-->C:\ASol\HeliosRed.15\uninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel PROSet Wireless-->Intel PROSet Wireless
Java 8 Update 40-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83218040F0}
K-Lite Mega Codec Pack 11.0.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lenovo Fingerprint Software-->MsiExec.exe /X{3D8994A3-02A8-45B5-B955-53E608BC69ED}
Malwarebytes Anti-Malware verze 2.1.6.1022-->"C:\Program Files\Malwarebytes Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Extended CSY Language Pack-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended CSY Language Pack-->MsiExec.exe /X{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}
Microsoft .NET Framework 4.5.2-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\\Setup.exe /repair /x86
Microsoft .NET Framework 4.5.2-->MsiExec.exe /X{3911CF56-9EF2-39BA-846A-C27BD3CD0685}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Minecraft1.7.2-->C:\Users\HP\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co85.dll,SM56UnInstaller
Mumble 1.2.8-->MsiExec.exe /I{0E784CFD-CEB1-42E1-9C42-FC2497DD653E}
NVIDIA GeForce Experience 2.1.1-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{FA51CE74-831D-4DE1-9443-A3C82491BB26}\NVI2.DLL",UninstallPackage Display.GFExperience
NVIDIA Ovladače grafiky 340.52-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{FA51CE74-831D-4DE1-9443-A3C82491BB26}\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /I{80407BA7-7763-4395-AB98-5233F1B34E65}
NVIDIA Systémový software PhysX 9.13.1220-->"C:\Windows\system32\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.{FA51CE74-831D-4DE1-9443-A3C82491BB26}\NVI2.DLL",UninstallPackage Display.PhysX
Opera Stable 29.0.1795.47-->"C:\Program Files\Opera\Launcher.exe" /uninstall
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RICOH Media Driver-->"C:\Program Files\InstallShield Installation Information\{F5CC2EF8-20A4-4366-A681-3FE849E65809}\setup.exe" -runfromtemp -l0x0009 anything -removeonly
Runtime pro Helios Red-->C:\Program Files\Common Files\HeliosRed\uninst_Runtime pro Helios Red.exe
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {94EFE014-E577-310B-B2D5-6973A21D8A90} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {939AF4BC-EC42-38D1-AE82-91D4A7ED8911} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8433C01-319F-3370-850E-87C35496299A} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {48B0C142-A0F4-3263-90E1-1984CBB8DD18} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4.5.2 (KB2972107)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {CBD8D84A-257A-3A60-9819-5DF166F9CD25}
Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {4DC3F78D-5CCF-37B9-9A05-EDDC456F4F20}
Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {00BE0B8D-C610-34AA-ABD1-EE023DA39E5D}
Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {1863F765-CBE8-3EB3-B434-CA6B6DF2561E}
Security Update for Microsoft .NET Framework 4.5.2 (KB3037581)-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.51209\setup.exe /uninstallpatch {C7D8B9A9-9C79-3278-A33E-C621DA724830}
SlimDrivers-->MsiExec.exe /X{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}
Software Intel(R) PROSet/Wireless WiFi-->MsiExec.exe /I{C96ED8FC-B673-4FE6-8AE5-69B4B83C7193}
swMSM-->MsiExec.exe /I{612C34C7-5E90-47D8-9B5C-0F717DD82726}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
WinRAR 5.20 (32-bit)-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: HP-PC
Event Code: 3004
Message: Agent ochrany v reálném čase programu Windows Defender zjistil změny. Společnost Microsoft doporučuje provést analýzu možných rizik softwaru, který tyto změny provedl. Pomocí informací o tom, jak tyto programy pracují, můžete zvolit, zda chcete povolit jejich spuštění nebo je chcete odebrat z počítače. Povolte změny pouze v případě, že programu nebo vydavateli softwaru důvěřujete. Změny, které povolíte, nebude možné v programu Windows Defender vrátit zpět.
Další informace najdete v následující části:
Nelze použít
ID prohledávání: {4DAC500A-BE49-472A-B185-1767E68AA0AB}
Uživatel: HP-PC\HP
Název: Unknown
ID:
ID závažnosti:
ID kategorie:
Nalezená cesta: file:C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\dce1253ce7b8be7e6fddfaa541ebb372.exe;startup:C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\dce1253ce7b8be7e6fddfaa541ebb372.exe
Typ výstrahy: Neklasifikovaný software
Typ zjišťování:
Record Number: 75474
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20150505190030.000000-000
Event Type: Upozornění
User:

Computer Name: HP-PC
Event Code: 3005
Message: Agent ochrany v reálném čase programu Windows Defender provedl akci pro ochranu tohoto počítače před spywarem nebo jiným potenciálně nežádoucím softwarem.
Další informace najdete v následující části:
Nelze použít
ID prohledávání: {7A12E06B-3EA7-4502-A24F-1D34963CC022}
Uživatel: HP-PC\HP
Název: Unknown
ID:
ID závažnosti:
ID kategorie:
Typ výstrahy: Neklasifikovaný software
Akce: Ignorovat
Record Number: 75473
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20150505190026.000000-000
Event Type: Informace
User:

Computer Name: HP-PC
Event Code: 3004
Message: Agent ochrany v reálném čase programu Windows Defender zjistil změny. Společnost Microsoft doporučuje provést analýzu možných rizik softwaru, který tyto změny provedl. Pomocí informací o tom, jak tyto programy pracují, můžete zvolit, zda chcete povolit jejich spuštění nebo je chcete odebrat z počítače. Povolte změny pouze v případě, že programu nebo vydavateli softwaru důvěřujete. Změny, které povolíte, nebude možné v programu Windows Defender vrátit zpět.
Další informace najdete v následující části:
Nelze použít
ID prohledávání: {7A12E06B-3EA7-4502-A24F-1D34963CC022}
Uživatel: HP-PC\HP
Název: Unknown
ID:
ID závažnosti:
ID kategorie:
Nalezená cesta: file:C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\a478d52adfc889d96e557fa727c482ec.exe;startup:C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\a478d52adfc889d96e557fa727c482ec.exe
Typ výstrahy: Neklasifikovaný software
Typ zjišťování:
Record Number: 75472
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20150505190026.000000-000
Event Type: Upozornění
User:

Computer Name: HP-PC
Event Code: 3005
Message: Agent ochrany v reálném čase programu Windows Defender provedl akci pro ochranu tohoto počítače před spywarem nebo jiným potenciálně nežádoucím softwarem.
Další informace najdete v následující části:
Nelze použít
ID prohledávání: {71991092-56DB-451D-AF31-DEF22C400BB8}
Uživatel: HP-PC\HP
Název: Unknown
ID:
ID závažnosti:
ID kategorie:
Typ výstrahy: Neklasifikovaný software
Akce: Ignorovat
Record Number: 75471
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20150505190022.000000-000
Event Type: Informace
User:

Computer Name: HP-PC
Event Code: 3004
Message: Agent ochrany v reálném čase programu Windows Defender zjistil změny. Společnost Microsoft doporučuje provést analýzu možných rizik softwaru, který tyto změny provedl. Pomocí informací o tom, jak tyto programy pracují, můžete zvolit, zda chcete povolit jejich spuštění nebo je chcete odebrat z počítače. Povolte změny pouze v případě, že programu nebo vydavateli softwaru důvěřujete. Změny, které povolíte, nebude možné v programu Windows Defender vrátit zpět.
Další informace najdete v následující části:
Nelze použít
ID prohledávání: {71991092-56DB-451D-AF31-DEF22C400BB8}
Uživatel: HP-PC\HP
Název: Unknown
ID:
ID závažnosti:
ID kategorie:
Nalezená cesta: file:C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\dce1253ce7b8be7e6fddfaa541ebb372.exe;startup:C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\dce1253ce7b8be7e6fddfaa541ebb372.exe
Typ výstrahy: Neklasifikovaný software
Typ zjišťování:
Record Number: 75470
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20150505190022.000000-000
Event Type: Upozornění
User:

=====Application event log=====

Computer Name: 37L4247E20-07
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 5
Source Name: Microsoft-Windows-WMI
Time Written: 20150402140925.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E20-07
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 4
Source Name: Microsoft-Windows-EventSystem
Time Written: 20150402140921.000000-000
Event Type: Informace
User:

Computer Name: WIN-VBZA2QSIH0W
Event Code: 900
Message: Služba Licencování softwaru se spouští.

Record Number: 3
Source Name: Microsoft-Windows-Security-Licensing-SLC
Time Written: 20150402140919.000000-000
Event Type: Informace
User:

Computer Name: WIN-VBZA2QSIH0W
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20150402140918.000000-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E20-07
Event Code: 2
Message: Klient Certifikační služby byl úspěšně zastaven.
Record Number: 1
Source Name: Microsoft-Windows-CertificateServicesClient
Time Written: 20090411134648.021600-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: 37L4247E20-07
Event Code: 4648
Message: Došlo k pokusu o přihlášení pomocí explicitního pověření.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E20-07$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Účet, jehož pověření bylo použito:
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Cílový server:
Název cílového serveru: localhost
Další informace: localhost

Informace o procesu:
ID procesu: 0x218
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Síťová adresa: -
Port: -

Tato událost je generována, pokud se proces pokusí přihlásit k účtu explicitním zadáním pověření tohoto účtu. K tomu nejčastěji dochází v dávkových konfiguracích, například naplánovaných úlohách, nebo při použití příkazu RUNAS.
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150402140852.333593-000
Event Type: Úspěch auditu
User:

Computer Name: 37L4247E20-07
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x5f1d8
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150402140844.252742-000
Event Type: Úspěch auditu
User:

Computer Name: 37L4247E20-07
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150402140842.380730-000
Event Type: Úspěch auditu
User:

Computer Name: 37L4247E20-07
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20150402140842.365129-000
Event Type: Úspěch auditu
User:

Computer Name: 37L4247E20-07
Event Code: 4634
Message: Účet byl odhlášen.

Předmět:
ID zabezpečení: S-1-5-7
Název účtu: ANONYMOUS LOGON
Doména účtu: NT AUTHORITY
ID přihlášení: 0x1e5b0

Typ přihlášení: 3

Tato událost je generována, pokud je zničena relace přihlášení. Může být spojena s událostí přihlášení pomocí hodnoty ID přihlášení. Hodnoty ID přihlášení jsou jednoznačné pouze v rámci jednotlivých restartů stejného počítače.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090411134648.052800-000
Event Type: Úspěch auditu
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\ProgramData\Oracle\Java\javapath;C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\WIDCOMM\Bluetooth Software\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\winseqfe\release\Windows6.0\lh_sp2rtm\6002.18005.090410-1830\x86fre\symbols.pri\TraceFormat
"DFSTRACINGON"=FALSE
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------

Zdravim

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Po spusteni probehne stazeni databaze
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  resethosts;
  emptyclsid;
  IEdefaults;
  FFdefaults;
  CHRdefaults;
  emptyIEcache;
  emptyFFcache;
  emptyCHRcache;
  emptyalltemp;
  emptyflash;
  emptyjava;
  emptyrecycle.bin;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

# AdwCleaner v4.203 - Log vytvořen 09/05/2015 v 20:46:11
# Aktualizováno 30/04/2015 by Xplode
# Databáze : 2015-05-09.1 [Server]
# Operační system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Uživatelské jméno : HP - HP-PC
# Spuštěno z : C:\Users\HP\Downloads\adwcleaner_4.203.exe
# Nastavení : Čištění

***** [ Služby ] *****


***** [ Soubory / Složky ] *****


***** [ Naplánované úlohy ] *****


***** [ Zástupci ] *****


***** [ Registry ] *****

Klíč Smazáno : HKCU\Software\a478d52adfc889d96e557fa727c482ec
Klíč Smazáno : HKCU\Software\dce1253ce7b8be7e6fddfaa541ebb372

***** [ Prohlížeče ] *****

-\\ Internet Explorer v9.0.8112.16636


-\\ Google Chrome v42.0.2311.135


-\\ Opera v29.0.1795.47


*************************

AdwCleaner[R0].txt - [918 bytů] - [09/05/2015 20:44:26]
AdwCleaner[S0].txt - [842 bytů] - [09/05/2015 20:46:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [899 bytů] ##########





Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by HP on so 09.05.2015 at 21:02:01,92.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\HP\Downloads\zoek (1).exe [Scan all users] [Script inserted]

==== System Restore Info ======================

9.5.2015 21:03:20 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\AGEIA Technologies deleted successfully
C:\Program Files\VideoLAN deleted successfully
C:\Users\honziik\AppData\Local\Adobe deleted successfully
C:\Users\honziik\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\AGEIA Technologies not found
C:\Program Files\VideoLAN not found

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [08.05.2015 06:29]

==== Chromium Look ======================

Google Chrome Version: 42.0.2311.135

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[08.05.2015 06:28]

Bookmark Manager - honziik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Bookmark Manager - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik
Avast Online Security - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Chromium Startpages ======================

C:\Users\honziik\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://www.google.com/" ]

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.com/",
"startup_urls": [ "http://www.google.com/" ]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\honziik\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\honziik\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\honziik\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\honziik\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\honziik\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\honziik\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\honziik\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Web Data will be reset at reboot
C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal will be reset at reboot

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\honziik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\honziik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\honziik\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache will be emptied at reboot
C:\Users\honziik\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\honziik\AppData\Local\Temp emptied successfully
C:\Users\HP\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\HP\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Web Data" not found
"C:\Users\HP\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal" not found
"C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\data_0" deleted
"C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\data_1" deleted
"C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\data_2" deleted
"C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\data_3" deleted
"C:\Users\HP\AppData\Local\Opera Software\Opera Stable\Cache\index" deleted

==== EOF on so 09.05.2015 at 21:24:57,10 ======================

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbar
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Výsledek Malwarebytes Anti-Rootkit
Scan Finished: No malware found!

Tedy log jeste

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
main: v2015.05.09.04
rootkit: v2015.04.21.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
HP :: HP-PC [administrator]

9.5.2015 21:51:49
mbar-log-2015-05-09 (21-51-49).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 337686
Time elapsed: 18 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  CREATERESTOREPOINT
  
  netsvcs
  drivers32
  savembr:0
  
  /md5start
  atapi.sys
  autochk.exe
  cdrom.sys
  explorer.exe
  hal.dll
  scecli.dll
  services.exe
  svchost.exe
  tcpip.sys
  userinit.exe
  winlogon.exe
  /md5stop
  
  %systemroot%*.* /U /s
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.
  %ALLUSERSPROFILE%\Application Data\*.exe /s
  %APPDATA%\*.
  %APPDATA%\*.exe /s
  %systemroot%\*. /mp /s
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\system32\drivers\*.sys /3
  %systemroot%\system32\*.* /3
  %SYSTEMDRIVE%\*.exe
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
  
  %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
  %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
  %PROGRAMFILES%\Opera\opera.exe /md5
  %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
  
  %SystemDrive%\PhysicalMBR.bin /md5 
  
  *crack* /s
  *keygen* /s
  *loader* /s

• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
• Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

OTL Extras logfile created on: 9.5.2015 22:21:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,62% Memory free
4,23 Gb Paging File | 3,12 Gb Available in Paging File | 73,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 2,95 Gb Free Space | 3,96% Space Free | Partition Type: NTFS

Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3350915670-2306449340-2698032532-1000\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [mplayerc.enqueue] -- "C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" /add "%1" (MPC-HC Team)
Directory [mplayerc.play] -- "C:\Program Files\K-Lite Codec Pack\MPC-HC\mpc-hc.exe" "%1" (MPC-HC Team)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B30C47C-7A41-4299-B94E-3C04A94195B2}" = lport=443 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{31F56277-8E1A-45BA-8A13-DFC5569EFAA3}" = lport=80 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\netservice\nvnetworkservice.exe |
"{51C98F32-86C1-45C2-8EA9-4D106BC9B228}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{8AB1DF51-6E59-470F-A88D-AE2421CD3198}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F1108D88-09F8-4F3B-9F0C-8552A6929579}" = protocol=17 | dir=in | app=c:\users\hp\appdata\roaming\image.exe |
"{FA4C8235-2747-46F9-A153-560E2BA75ECC}" = protocol=6 | dir=in | app=c:\users\hp\appdata\roaming\image.exe |
"TCP Query User{DB32F395-8E41-49DB-8EAA-33C4D76B3814}C:\program files\java\jre1.8.0_40\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_40\bin\javaw.exe |
"UDP Query User{857E1AA1-0B96-47F3-8EC7-3060D739BB7E}C:\program files\java\jre1.8.0_40\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_40\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E784CFD-CEB1-42E1-9C42-FC2497DD653E}" = Mumble 1.2.8
"{26A24AE4-039D-4CA4-87B4-2F83218040F0}" = Java 8 Update 40
"{3911CF56-9EF2-39BA-846A-C27BD3CD0685}" = Microsoft .NET Framework 4.5.2
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D8994A3-02A8-45B5-B955-53E608BC69ED}" = Lenovo Fingerprint Software
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Bluetooth by hp
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}" = SlimDrivers
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Czech
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 15.3.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{C96ED8FC-B673-4FE6-8AE5-69B4B83C7193}" = Software Intel(R) PROSet/Wireless WiFi
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"05FBE63CF9C9B3424152207E7278CD6DA193C56C" = Balíček ovladače systému Windows - AuthenTec Inc. (ATSwpWDF) Biometric (07/02/2010 8.6.0.29)
"Adobe Flash Player PPAPI" = Adobe Flash Player 17 PPAPI
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avast" = Avast Free Antivirus
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"Helios Red 2015" = Helios Red 2015
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 11.0.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.1.6.1022
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Minecraft1.7.2" = Minecraft1.7.2
"Opera 29.0.1795.47" = Opera Stable 29.0.1795.47
"ProInst" = Intel PROSet Wireless
"Runtime pro Helios Red" = Runtime pro Helios Red
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 5.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3350915670-2306449340-2698032532-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2.5.2015 4:49:04 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 2.5.2015 13:21:31 | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = Program WoW.exe verze 4.3.4.15595 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: f70 Čas zahájení: 01d084caadef26c0 Čas ukončení: 42

Error - 4.5.2015 8:56:13 | Computer Name = HP-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7.5.2015 7:36:42 | Computer Name = HP-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace nvxdsync.exe, verze 8.17.13.4052, časové razítko
0x53b45020, chybující modul ntdll.dll, verze 6.0.6002.18881, časové razítko 0x51da3e27,
kód výjimky 0xc0000374, posun chyby 0x000b06fc, ID procesu 0x10d8, čas spuštění
aplikace 0x01d084b54f0d5830.

Error - 7.5.2015 13:15:10 | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = Program WoW.exe verze 4.3.4.15595 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 1428 Čas zahájení: 01d088e947e21220 Čas ukončení: 21

Error - 8.5.2015 0:20:35 | Computer Name = HP-PC | Source = VSS | ID = 8194
Description =

Error - 8.5.2015 0:59:03 | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE verze 6.0.6002.18005 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení
problémů. ID procesu: ad4 Čas zahájení: 01d08948c01cd1a7 Čas ukončení: 0

Error - 8.5.2015 2:14:16 | Computer Name = HP-PC | Source = Perflib | ID = 1010
Description =

Error - 8.5.2015 2:14:17 | Computer Name = HP-PC | Source = Perflib | ID = 1008
Description =

Error - 8.5.2015 6:40:37 | Computer Name = HP-PC | Source = Application Hang | ID = 1002
Description = Program javaw.exe verze 8.0.40.26 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 1420 Čas zahájení: 01d0897ad6573c4e Čas ukončení: 21973

[ System Events ]
Error - 9.5.2015 14:46:35 | Computer Name = HP-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10003
Description =

Error - 9.5.2015 14:48:05 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9.5.2015 15:19:26 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9.5.2015 15:19:27 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9.5.2015 15:19:28 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9.5.2015 15:19:28 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9.5.2015 15:19:30 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 9.5.2015 15:23:49 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 9.5.2015 16:06:48 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 9.5.2015 16:07:18 | Computer Name = HP-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

OTL logfile created on: 9.5.2015 22:21:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\HP\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 53,62% Memory free
4,23 Gb Paging File | 3,12 Gb Available in Paging File | 73,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 2,95 Gb Free Space | 3,96% Space Free | Partition Type: NTFS

Computer Name: HP-PC | User Name: HP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2015.05.09 22:17:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
PRC - [2015.05.08 06:28:42 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015.05.08 06:28:26 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2015.04.28 18:53:32 | 000,479,352 | ---- | M] () -- C:\Program Files\Opera\29.0.1795.47\opera_crashreporter.exe
PRC - [2015.04.28 18:53:19 | 056,025,208 | ---- | M] (Opera Software) -- C:\Program Files\Opera\29.0.1795.47\opera.exe
PRC - [2014.07.25 16:02:45 | 002,403,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014.07.25 16:02:40 | 001,720,608 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014.07.02 21:42:26 | 000,940,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2014.07.02 21:42:25 | 001,818,968 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2014.05.08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.06 20:25:22 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2011.04.06 20:04:52 | 000,481,552 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2011.03.25 16:25:42 | 002,852,128 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2011.03.25 16:25:42 | 000,840,992 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2011.03.25 16:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010.10.21 03:07:36 | 000,098,304 | ---- | M] () -- C:\Windows\System32\DTS.exe
PRC - [2010.10.21 03:04:08 | 001,824,064 | ---- | M] (AuthenTec, Inc.) -- C:\Windows\System32\AtService.exe
PRC - [2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 15:18:26 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007.11.01 16:44:50 | 000,671,744 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2000.01.01 02:00:00 | 001,003,224 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
PRC - [2000.01.01 02:00:00 | 000,250,072 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE.EXE


========== Modules (No Company Name) ==========

MOD - [2015.05.08 06:29:06 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015.05.08 06:28:39 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015.05.08 06:28:29 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
MOD - [2015.04.28 18:53:32 | 000,479,352 | ---- | M] () -- C:\Program Files\Opera\29.0.1795.47\opera_crashreporter.exe
MOD - [2011.03.25 16:25:58 | 000,148,768 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Services (SafeList) ==========

SRV - [2015.05.08 06:28:26 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2015.04.14 09:36:30 | 001,080,120 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2015.04.14 09:36:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014.07.25 16:02:40 | 001,720,608 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014.05.08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.06 20:25:22 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2011.04.06 20:04:52 | 000,481,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2011.03.25 16:25:42 | 000,660,768 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.10.21 03:07:36 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DTS.exe -- (dtsvc)
SRV - [2010.10.21 03:07:32 | 000,106,496 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\ADMonitor.exe -- (ADMonitor)
SRV - [2010.10.21 03:04:08 | 001,824,064 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Windows\System32\AtService.exe -- (ATService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2000.01.01 02:00:00 | 000,250,072 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE.EXE -- (RtkAudioService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2015.05.08 06:29:08 | 000,427,992 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2015.05.08 06:29:08 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2015.05.08 06:29:08 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2015.05.08 06:29:08 | 000,057,888 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2015.05.08 06:29:08 | 000,055,200 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2015.05.08 06:29:08 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2015.05.08 06:29:08 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2015.05.08 06:28:13 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2015.04.14 09:37:50 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2015.04.14 09:37:42 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2015.04.03 10:22:58 | 000,013,368 | ---- | M] (SlimWare Utilities, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2014.07.02 22:54:57 | 010,681,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.10.21 05:54:16 | 000,659,968 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2010.10.07 05:11:38 | 006,639,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwLv32.sys -- (NETwLv32)
DRV - [2009.12.08 15:11:40 | 000,031,680 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\psadd.sys -- (psadd)
DRV - [2009.10.12 15:21:54 | 000,100,736 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009.09.10 14:55:52 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009.06.25 16:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2009.06.25 16:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009.05.05 12:15:58 | 001,095,808 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007.07.11 02:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-3350915670-2306449340-2698032532-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3350915670-2306449340-2698032532-1000\..\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3350915670-2306449340-2698032532-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3350915670-2306449340-2698032532-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2: C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015.05.08 06:29:10 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2015.05.09 21:03:35 | 000,000,781 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [a478d52adfc889d96e557fa727c482ec] "C:\Users\HP\AppData\Roaming\image.exe" .. File not found
O4 - HKLM..\Run: [ATUpdatePBA.ltp] C:\Windows\System32\ATUpdatePBA.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (AuthenTec)
O4 - HKLM..\Run: [FingerPrintSoftwareSplashScreen] C:\Program Files\Lenovo Fingerprint Software\SplashScreen.exe (AuthenTec, Inc.)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F5AC5EB-4452-4745-B05D-E0322BC021B2}: DhcpNameServer = 192.168.43.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img3.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.LAGS - C:\Windows\System32\lagarith.dll ( )
Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll (x264vfw project)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2015.05.09 22:17:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2015.05.09 21:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2015.05.09 21:49:47 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\mbar
[2015.05.09 21:46:31 | 016,502,728 | ---- | C] (Malwarebytes Corp.) -- C:\Users\HP\Desktop\mbar-1.09.1.1004.exe
[2015.05.09 21:25:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2015.05.09 21:21:46 | 000,000,000 | ---D | C] -- C:\Windows\Temp
[2015.05.09 21:21:46 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Local\Temp
[2015.05.09 21:01:39 | 000,000,000 | ---D | C] -- C:\zoek_backup
[2015.05.09 20:43:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015.05.09 20:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015.05.09 20:21:34 | 000,000,000 | ---D | C] -- C:\rsit
[2015.05.09 19:26:14 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
[2015.05.08 08:05:20 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\clfsw32.dll
[2015.05.08 08:04:55 | 003,604,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2015.05.08 08:04:55 | 003,552,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2015.05.08 07:31:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2015.05.08 07:31:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2015.05.08 07:31:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2015.05.08 07:31:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2015.05.08 07:31:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2015.05.08 07:31:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2015.05.08 07:31:32 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2015.05.08 07:31:32 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2015.05.08 07:31:32 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2015.05.08 07:31:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2015.05.08 07:31:30 | 001,810,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2015.05.08 07:31:30 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2015.05.08 07:31:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2015.05.08 06:31:55 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\AVAST Software
[2015.05.08 06:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015.05.08 06:30:05 | 000,356,272 | ---- | C] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2015.05.08 06:29:30 | 000,057,888 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswTdi.sys
[2015.05.08 06:29:28 | 000,427,992 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSP.sys
[2015.05.08 06:29:27 | 000,074,976 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2015.05.08 06:29:26 | 000,055,200 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswRdr.sys
[2015.05.08 06:29:24 | 000,787,760 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSnx.sys
[2015.05.08 06:29:13 | 000,291,312 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe
[2015.05.08 06:28:40 | 000,043,112 | ---- | C] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015.05.08 06:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015.05.08 06:18:13 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.05.08 06:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015.05.08 06:17:24 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.05.08 06:17:24 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2015.05.08 06:17:24 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2015.05.08 06:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2015.05.08 06:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015.05.08 06:08:00 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2015.05.03 15:13:17 | 000,000,000 | ---D | C] -- C:\Users\HP\AppData\Roaming\Mumble
[2015.05.03 15:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[2015.05.03 15:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mumble
[2015.05.03 10:02:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015.05.03 10:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 7 Days ==========

[2015.05.09 22:23:29 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015.05.09 22:17:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\HP\Desktop\OTL.exe
[2015.05.09 22:02:02 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015.05.09 21:49:54 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2015.05.09 21:48:00 | 016,502,728 | ---- | M] (Malwarebytes Corp.) -- C:\Users\HP\Desktop\mbar-1.09.1.1004.exe
[2015.05.09 21:24:48 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2015.05.09 21:24:25 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015.05.09 21:23:31 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015.05.09 21:23:31 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.05.09 21:23:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015.05.09 21:23:23 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2015.05.09 21:22:11 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2015.05.09 21:03:35 | 000,000,781 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2015.05.09 21:01:38 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
[2015.05.09 20:58:34 | 001,308,672 | ---- | M] () -- C:\Users\HP\Desktop\zoek (1).exe
[2015.05.09 19:26:16 | 000,002,025 | ---- | M] () -- C:\Users\HP\Desktop\Minecraft.lnk
[2015.05.09 10:12:05 | 000,000,540 | ---- | M] () -- C:\Users\HP\Desktop\DropboxInstallerAvast – zástupce.lnk
[2015.05.08 08:03:53 | 000,645,304 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015.05.08 08:03:53 | 000,634,468 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015.05.08 08:03:53 | 000,137,942 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015.05.08 08:03:53 | 000,120,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015.05.08 06:30:36 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015.05.08 06:30:12 | 000,356,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2015.05.08 06:29:08 | 000,427,992 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSP.sys
[2015.05.08 06:29:08 | 000,209,048 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2015.05.08 06:29:08 | 000,074,976 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2015.05.08 06:29:08 | 000,057,888 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswTdi.sys
[2015.05.08 06:29:08 | 000,055,200 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswRdr.sys
[2015.05.08 06:29:08 | 000,049,904 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2015.05.08 06:29:08 | 000,024,144 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2015.05.08 06:28:40 | 000,291,312 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\aswBoot.exe
[2015.05.08 06:28:40 | 000,043,112 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\avastSS.scr
[2015.05.08 06:28:13 | 000,787,760 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\System32\drivers\aswSnx.sys
[2015.05.08 06:17:27 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.05.03 15:13:51 | 000,002,392 | ---- | M] () -- C:\Users\HP\Documents\MumbleAutomaticCertificateBackup.p12
[2015.05.03 10:02:39 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2015.05.09 22:23:29 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015.05.09 21:21:48 | 000,024,064 | ---- | C] () -- C:\Windows\zoek-delete.exe
[2015.05.09 20:54:42 | 001,308,672 | ---- | C] () -- C:\Users\HP\Desktop\zoek (1).exe
[2015.05.09 19:26:16 | 000,002,025 | ---- | C] () -- C:\Users\HP\Desktop\Minecraft.lnk
[2015.05.09 10:12:05 | 000,000,540 | ---- | C] () -- C:\Users\HP\Desktop\DropboxInstallerAvast – zástupce.lnk
[2015.05.08 06:30:36 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015.05.08 06:29:29 | 000,209,048 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2015.05.08 06:29:28 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2015.05.08 06:29:26 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2015.05.08 06:17:27 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015.05.03 15:13:51 | 000,002,392 | ---- | C] () -- C:\Users\HP\Documents\MumbleAutomaticCertificateBackup.p12
[2015.05.03 10:02:39 | 000,000,806 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015.04.03 09:21:05 | 000,681,905 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2015.04.03 08:59:24 | 003,826,628 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2015.04.03 08:32:43 | 000,655,872 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2015.04.03 08:32:43 | 000,240,128 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2015.04.03 08:32:43 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2015.04.03 08:32:40 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2015.04.02 18:43:00 | 000,031,586 | ---- | C] () -- C:\ProgramData\nvModes.001
[2015.04.02 18:42:26 | 000,031,586 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2015.04.02 16:17:39 | 000,000,680 | ---- | C] () -- C:\Users\HP\AppData\Local\d3d9caps.dat
[2015.04.02 16:12:14 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

========== ZeroAccess Check ==========

[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.02.18 04:02:58 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 15:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 15:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2015.04.12 12:46:32 | 000,000,000 | ---D | M] -- C:\Users\honziik\AppData\Roaming\Opera Software

========== Purity Check ==========



========== Custom Scans ==========

< >
[2006.11.02 15:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 15:01:49 | 000,012,622 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2015.04.15 17:52:26 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.04.15 17:52:31 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: ATAPI.SYS >
[2009.04.11 15:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\HP\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150403T063657136400\internal_ide_channel\atapi.sys
[2009.04.11 15:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\HP\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150403T063657136400\pci\cc_010601\atapi.sys
[2009.04.11 15:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Users\HP\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150403T063657136400\pci\ven_8086&dev_2850\atapi.sys
[2009.04.11 15:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 15:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 15:18:00 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 15:18:39 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 15:18:39 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 15:18:00 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Users\HP\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150403T063657136400\gencdrom\cdrom.sys
[2009.04.11 15:18:00 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.11 15:18:00 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.11 15:18:00 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 15:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 15:18:00 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Users\HP\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20150403T063657136400\acpiapic\hal.dll
[2009.04.11 15:18:00 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: SCECLI.DLL >
[2009.04.11 15:18:47 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 15:18:47 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.04.11 15:18:46 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009.04.11 15:18:46 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2015.04.14 09:36:16 | 000,878,392 | ---- | M] (MalwareBytes) MD5=4518DD9A09B4FEF7DB3B13F0DDDDD36E -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.04.11 15:19:10 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2010.02.18 13:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 16:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2010.02.18 16:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 14:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2010.02.18 19:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2014.04.05 05:23:10 | 000,915,392 | ---- | M] (Microsoft Corporation) MD5=A4196D394207369E1431E8681B373312 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.23370_none_b54264477ce304df\tcpip.sys
[2014.04.05 04:42:27 | 000,905,664 | ---- | M] (Microsoft Corporation) MD5=C7B0746FCD576D7EEBA6A2530B0B2966 -- C:\Windows\System32\drivers\tcpip.sys
[2014.04.05 04:42:27 | 000,905,664 | ---- | M] (Microsoft Corporation) MD5=C7B0746FCD576D7EEBA6A2530B0B2966 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.19080_none_b4adf3c463cd86b8\tcpip.sys
[2010.02.18 16:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2015.04.14 09:36:16 | 000,878,392 | ---- | M] (MalwareBytes) MD5=4518DD9A09B4FEF7DB3B13F0DDDDD36E -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009.04.11 15:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 15:18:46 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

< >

< %systemroot%*.* /U /s >
[8 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2015.05.09 19:25:36 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\.minecraft
[2015.04.03 10:37:42 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Adobe
[2015.05.08 06:31:55 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\AVAST Software
[2015.04.03 10:11:02 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\CachedFiles
[2015.04.30 19:19:01 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Google
[2015.04.02 16:17:44 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Identities
[2015.04.03 09:22:55 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Intel
[2015.05.01 21:28:52 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\java
[2015.04.30 18:55:30 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Macromedia
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Media Center Programs
[2015.04.18 14:30:53 | 000,000,000 | --SD | M] -- C:\Users\HP\AppData\Roaming\Microsoft
[2015.05.02 13:04:54 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\MPC-HC
[2015.05.06 21:53:04 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Mumble
[2015.04.30 19:19:00 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\NVIDIA
[2015.04.03 10:37:14 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\OpenOffice
[2015.04.03 08:34:25 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\Opera Software
[2015.04.03 09:02:44 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\WinBatch
[2015.04.03 20:43:31 | 000,000,000 | ---D | M] -- C:\Users\HP\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2015.05.09 19:27:08 | 000,048,476 | ---- | M] (TeamExtreme) -- C:\Users\HP\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe
[2015.05.09 19:26:16 | 000,069,251 | ---- | M] () -- C:\Users\HP\AppData\Roaming\.minecraft\minecraft launcher\Uninstall.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2015.05.09 21:24:25 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2015.05.09 22:02:02 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.04.11 16:08:12 | 023,552,000 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2009.04.11 16:07:55 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2009.04.11 16:08:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2015.05.08 06:29:08 | 000,024,144 | ---- | M] () -- C:\Windows\system32\drivers\aswHwid.sys
[2015.05.08 06:29:08 | 000,074,976 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\system32\drivers\aswMonFlt.sys
[2015.05.08 06:29:08 | 000,055,200 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\system32\drivers\aswRdr.sys
[2015.05.08 06:29:08 | 000,049,904 | ---- | M] () -- C:\Windows\system32\drivers\aswRvrt.sys
[2015.05.08 06:28:13 | 000,787,760 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\system32\drivers\aswSnx.sys
[2015.05.08 06:29:08 | 000,427,992 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\system32\drivers\aswSP.sys
[2015.05.08 06:29:08 | 000,057,888 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\system32\drivers\aswTdi.sys
[2015.05.08 06:29:08 | 000,209,048 | ---- | M] () -- C:\Windows\system32\drivers\aswVmm.sys
[2015.05.09 21:49:54 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbamchameleon.sys
[2015.05.09 21:24:48 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\MBAMSwissArmy.sys

< %systemroot%\system32\*.* /3 >
[2015.05.09 21:23:31 | 000,003,760 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015.05.09 21:23:31 | 000,003,760 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015.05.08 06:28:40 | 000,291,312 | ---- | M] (Avast Software s.r.o.) -- C:\Windows\system32\aswBoot.exe
[2015.05.08 08:08:35 | 125,832,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\mrt.exe
[2015.05.08 08:03:53 | 000,137,942 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2015.05.08 08:03:53 | 000,120,034 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2015.05.08 08:03:53 | 000,645,304 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2015.05.08 08:03:53 | 000,634,468 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2015.05.08 08:03:53 | 001,510,450 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.04.11 15:18:04 | 001,233,920 | ---- | M] (Microsoft Corporation)
"ehTray.exe" = C:\Windows\ehome\ehTray.exe -- [2008.01.21 04:25:11 | 000,125,952 | ---- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2015.03.10 01:12:52 | 000,757,968 | ---- | M] (Microsoft Corporation) MD5=F6A99C1FA53F6CBA2306EAFAEE4DC7C9 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2015.04.28 04:07:36 | 000,812,872 | ---- | M] (Google Inc.) MD5=7EDA1D46618C2F5801E4A47D80AE89ED -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2015.05.09 22:23:29 | 000,000,512 | ---- | M] () MD5=10D49B9F34A2CE2124423A722518876F -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2015.05.08 06:28:22 | 000,072,440 | ---- | M] () -- \Program Files\AVAST Software\Avast\aswWrcIELoader32.exe
[2010.12.23 14:47:46 | 000,004,176 | ---- | M] () -- \Program Files\Google\Google SketchUp 8\Resources\en-US\searching\ajax-loader.gif
[2010.12.23 14:47:48 | 000,000,500 | ---- | M] () -- \Program Files\Google\Google SketchUp 8\Tools\DynamicComponents\ruby\dcloader.rb
[2010.12.23 14:47:48 | 000,001,871 | ---- | M] () -- \Program Files\Google\Google SketchUp 8\Tools\ShadowStringsFix\shadowstringsfix_loader.rb
[2010.12.23 14:47:48 | 000,003,949 | ---- | M] () -- \Program Files\Google\Google SketchUp 8\Tools\SolarNorth\solarnorth_loader.rb
[2010.12.23 14:47:48 | 000,029,565 | ---- | M] () -- \Program Files\Google\Google SketchUp 8\Tools\WebTextures\webtextures_loader.rb
[2014.07.25 16:02:18 | 001,170,208 | ---- | M] () -- \Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2013.12.20 01:37:56 | 000,065,344 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013.12.20 01:37:44 | 000,073,536 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2015.04.02 17:38:41 | 000,755,000 | ---- | M] () -- \Users\HP\AppData\Local\Adobe\AIH.189d1469510936123d6787516ea7db7ab1684538\downloader.dll
[2008.01.21 04:23:37 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013.12.05 09:32:02 | 000,012,532 | ---- | M] () -- \Windows\System32\Adobe\Shockwave 12\shockwave_Projector_Loader.dcr
[2009.04.13 11:28:31 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2009.04.13 11:28:31 | 000,027,648 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winload.exe.mui_3bc5b827
[2009.04.13 11:28:31 | 000,019,968 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winresume.exe.mui_ff8b5358
[2009.04.11 15:19:54 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2009.04.11 15:19:54 | 000,986,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winload.exe_75835076
[2009.04.11 15:19:54 | 000,926,184 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winresume.exe_85cd1215
[2008.01.21 04:26:48 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 04:26:48 | 000,021,048 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2_spldr.sys_98bd87a0
[2008.01.21 04:09:06 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_de-de_cbcaa800f7f71dcc.manifest
[2008.01.21 04:09:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_en-us_74bb7df9e6d52991.manifest
[2008.01.21 04:09:08 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_es-es_7486dadde6fc1b36.manifest
[2008.01.21 04:09:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_fr-fr_173e50dcd9ce3198.manifest
[2008.01.21 04:09:13 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_it-it_01664723b1001716.manifest
[2008.01.21 04:09:14 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_ja-jp_a38bc630a41b28f1.manifest
[2008.01.21 04:09:16 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16609_nl-nl_2dc76f586fdd2598.manifest
[2008.01.21 04:09:06 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_de-de_cc2ed396113192b6.manifest
[2008.01.21 04:09:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_en-us_751fa98f000f9e7b.manifest
[2008.01.21 04:09:08 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_es-es_74eb067300369020.manifest
[2008.01.21 04:09:01 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_fr-fr_17a27c71f308a682.manifest
[2008.01.21 04:09:13 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_it-it_01ca72b8ca3a8c00.manifest
[2008.01.21 04:09:14 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_ja-jp_a3eff1c5bd559ddb.manifest
[2008.01.21 04:09:16 | 000,003,726 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20734_nl-nl_2e2b9aed89179a82.manifest
[2009.04.13 11:12:34 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2008.01.21 04:08:59 | 000,005,227 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16609_none_59497e266f783366.manifest
[2008.01.21 04:08:59 | 000,005,227 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20734_none_59ada9bb88b2a850.manifest
[2008.01.21 04:20:53 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048.manifest
[2009.04.11 15:16:55 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2006.11.02 12:13:06 | 000,003,970 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6000.16386_none_68fc663d5430d3de.manifest
[2008.01.21 04:19:11 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 04:23:37 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6002.18005_none_47df94fd8cc49aa6\dmloader.dll
[2012.08.17 14:15:18 | 006,396,128 | ---- | M] () -- \wow\BackgroundDownloader.exe

< End of report >

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
  DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
  IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  IE - HKU\S-1-5-21-3350915670-2306449340-2698032532-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
  O4 - HKLM..\Run: [a478d52adfc889d96e557fa727c482ec] "C:\Users\HP\AppData\Roaming\image.exe" .. File not found
  NetSvcs: Nla - File not found
  NetSvcs: Ntmssvc - File not found
  NetSvcs: NWCWorkstation - File not found
  NetSvcs: Nwsapagent - File not found
  NetSvcs: SRService - File not found
  NetSvcs: WmdmPmSp - File not found
  NetSvcs: LogonHours - File not found
  NetSvcs: PCAudit - File not found
  NetSvcs: helpsvc - File not found
  NetSvcs: uploadmgr - File not found
  NetSvcs: FastUserSwitchingCompatibility - File not found
  [2015.05.09 21:51:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
  [2015.05.09 21:49:47 | 000,000,000 | ---D | C] -- C:\Users\HP\Desktop\mbar
  [2015.05.09 21:46:31 | 016,502,728 | ---- | C] (Malwarebytes Corp.) -- C:\Users\HP\Desktop\mbar-1.09.1.1004.exe
  [2015.05.09 21:01:39 | 000,000,000 | ---D | C] -- C:\zoek_backup
  [2015.05.09 20:43:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner
  [2015.05.09 20:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
  [2015.05.09 20:21:34 | 000,000,000 | ---D | C] -- C:\rsit
  [2015.05.09 21:49:54 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
  [2015.05.09 21:48:00 | 016,502,728 | ---- | M] (Malwarebytes Corp.) -- C:\Users\HP\Desktop\mbar-1.09.1.1004.exe
  [2015.05.09 21:24:48 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
  [2015.05.09 21:01:38 | 000,024,064 | ---- | M] () -- C:\Windows\zoek-delete.exe
  [2015.05.09 20:58:34 | 001,308,672 | ---- | M] () -- C:\Users\HP\Desktop\zoek (1).exe
  [2015.05.09 21:24:25 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  [2015.05.09 22:02:02 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  :reg
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a478d52adfc889d96e557fa727c482ec.exe]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^dce1253ce7b8be7e6fddfaa541ebb372.exe]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^exploire.exe]
  
  :files
  C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a478d52adfc889d96e557fa727c482ec.exe
  C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dce1253ce7b8be7e6fddfaa541ebb372.exe
  C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exploire.exe
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3350915670-2306449340-2698032532-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\a478d52adfc889d96e557fa727c482ec deleted successfully.
Nla removed from NetSvcs value successfully!
Ntmssvc removed from NetSvcs value successfully!
NWCWorkstation removed from NetSvcs value successfully!
Nwsapagent removed from NetSvcs value successfully!
SRService removed from NetSvcs value successfully!
WmdmPmSp removed from NetSvcs value successfully!
LogonHours removed from NetSvcs value successfully!
PCAudit removed from NetSvcs value successfully!
helpsvc removed from NetSvcs value successfully!
uploadmgr removed from NetSvcs value successfully!
FastUserSwitchingCompatibility removed from NetSvcs value successfully!
C:\ProgramData\Malwarebytes' Anti-Malware (portable) folder moved successfully.
C:\Users\HP\Desktop\mbar\Plugins folder moved successfully.
C:\Users\HP\Desktop\mbar\Languages folder moved successfully.
C:\Users\HP\Desktop\mbar\imageformats folder moved successfully.
C:\Users\HP\Desktop\mbar\Data\Configuration folder moved successfully.
C:\Users\HP\Desktop\mbar\Data folder moved successfully.
C:\Users\HP\Desktop\mbar folder moved successfully.
C:\Users\HP\Desktop\mbar-1.09.1.1004.exe moved successfully.
C:\zoek_backup folder moved successfully.
C:\AdwCleaner\Quarantine folder moved successfully.
C:\AdwCleaner folder moved successfully.
C:\Program Files\trend micro folder moved successfully.
C:\rsit folder moved successfully.
C:\Windows\System32\drivers\mbamchameleon.sys moved successfully.
File C:\Users\HP\Desktop\mbar-1.09.1.1004.exe not found.
C:\Windows\System32\drivers\MBAMSwissArmy.sys moved successfully.
C:\Windows\zoek-delete.exe moved successfully.
C:\Users\HP\Desktop\zoek (1).exe moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^a478d52adfc889d96e557fa727c482ec.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^dce1253ce7b8be7e6fddfaa541ebb372.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^exploire.exe\ deleted successfully.
========== FILES ==========
File\Folder C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a478d52adfc889d96e557fa727c482ec.exe not found.
File\Folder C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dce1253ce7b8be7e6fddfaa541ebb372.exe not found.
File\Folder C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exploire.exe not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: honziik
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 51981 bytes
->Google Chrome cache emptied: 0 bytes

User: HP
->Temp folder emptied: 40859 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 8196 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1233 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: honziik

User: HP
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: honziik

User: HP
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05092015_232306

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Jak se chova PC, stale zpomalene??

Dlouho trva, nez se pc zapne, ale po nabehnuti windows uz jde vsechno v pohode. Nevyskakuji uz ani ty hlasky o zablokovani trojan.agent. Vypada to tedy uz v poradku. Moc dekuji za pomoc a preji krasny zbytek dne:)

Tak jeste uklidime

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse