Prosím o kontrolu logu RSIT

Zpráva

Kopac · #1 Příspěvek od **Kopac** » 17 srp 2015 12:53

PC je zpomalený ale vzhledem k jeho stáří už od něj nic moc nečekám

, jde jen o preventivku. Děkuji
----------------------------------------------

Logfile of random's system information tool 1.10 (written by random/random)
Run by Kopac at 2015-08-17 13:41:46
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 42 GB (18%) free of 230 GB
Total RAM: 2047 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:43:41, on 17.8.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16684)
Boot mode: Normal

Running processes:
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Users\Kopac\Downloads\RSIT.exe
C:\Program Files\trend micro\Kopac.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\AMD\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Kopac\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Kopac\AppData\Roaming\ICQM\icq.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

--
End of file - 6664 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\WebReg psc 1400 series.job - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe "psc 1400 series"

=========Mozilla firefox=========

ProfilePath - C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\fbvcbnm5.default-1439685444109

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"url_advisor@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
"virtual_keyboard@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
"content_blocker@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
"anti_banner@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
"online_banking@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-02-07 655040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16 1265448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-02-07 455360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17 798912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\AMD\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-04-30 642304]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filler602.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\maxthon.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mx3uninstall.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccompanion.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-17 13:41:47 ----D---- C:\Program Files\trend micro
2015-08-17 13:41:46 ----D---- C:\rsit
2015-08-13 18:10:35 ----HD---- C:\Windows\msdownld.tmp
2015-08-13 00:24:49 ----A---- C:\Windows\system32\ntdll.dll
2015-08-13 00:24:49 ----A---- C:\Windows\system32\msmmsp.dll
2015-08-13 00:24:49 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-08-13 00:24:49 ----A---- C:\Windows\system32\drivers\ecache.sys
2015-08-13 00:24:49 ----A---- C:\Windows\system32\csrsrv.dll
2015-08-13 00:24:48 ----A---- C:\Windows\system32\ntkrnlpa.exe
2015-08-13 00:24:48 ----A---- C:\Windows\system32\emdmgmt.dll
2015-08-13 00:24:46 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-08-13 00:20:46 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 00:19:37 ----A---- C:\Windows\system32\drivers\srv.sys
2015-08-13 00:17:34 ----A---- C:\Windows\system32\mstscax.dll
2015-08-13 00:16:27 ----A---- C:\Windows\system32\shell32.dll
2015-08-13 00:15:27 ----SHD---- C:\Config.Msi
2015-08-12 22:13:04 ----ASH---- C:\hiberfil.sys
2015-08-12 21:39:52 ----D---- C:\b8cbd75376ff666d79
2015-08-12 21:36:13 ----A---- C:\Windows\system32\basesrv.dll
2015-08-12 21:27:18 ----A---- C:\Windows\system32\msxml6.dll
2015-08-12 21:27:18 ----A---- C:\Windows\system32\msxml3.dll
2015-08-12 21:24:27 ----A---- C:\Windows\system32\d3d10level9.dll
2015-08-12 21:24:27 ----A---- C:\Windows\system32\d3d10core.dll
2015-08-12 21:24:27 ----A---- C:\Windows\system32\d3d10_1core.dll
2015-08-12 21:24:27 ----A---- C:\Windows\system32\d3d10_1.dll
2015-08-12 21:24:26 ----A---- C:\Windows\system32\win32k.sys
2015-08-12 21:24:26 ----A---- C:\Windows\system32\d3d10warp.dll
2015-08-12 21:24:26 ----A---- C:\Windows\system32\d3d10.dll
2015-08-12 21:24:26 ----A---- C:\Windows\system32\d2d1.dll
2015-08-12 21:24:26 ----A---- C:\Windows\system32\atmlib.dll
2015-08-12 21:24:26 ----A---- C:\Windows\system32\atmfd.dll
2015-08-12 21:24:25 ----A---- C:\Windows\system32\FntCache.dll
2015-08-12 21:24:25 ----A---- C:\Windows\system32\DWrite.dll
2015-08-12 21:22:46 ----A---- C:\Windows\system32\WebClnt.dll
2015-08-12 21:22:24 ----A---- C:\Windows\system32\notepad.exe
2015-08-12 21:22:24 ----A---- C:\Windows\notepad.exe
2015-08-12 10:09:12 ----A---- C:\Windows\system32\urlmon.dll
2015-08-12 10:09:12 ----A---- C:\Windows\system32\mshta.exe
2015-08-12 10:09:12 ----A---- C:\Windows\system32\msfeedsbs.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\vbscript.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\url.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\msfeeds.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\jscript.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\ieUnatt.exe
2015-08-12 10:09:11 ----A---- C:\Windows\system32\iertutil.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\dxtmsft.dll
2015-08-12 10:09:10 ----A---- C:\Windows\system32\jsproxy.dll
2015-08-12 10:09:09 ----A---- C:\Windows\system32\msfeedssync.exe
2015-08-12 10:09:07 ----A---- C:\Windows\system32\wininet.dll
2015-08-12 10:09:07 ----A---- C:\Windows\system32\mshtmled.dll
2015-08-12 10:09:07 ----A---- C:\Windows\system32\jscript9.dll
2015-08-12 10:09:07 ----A---- C:\Windows\system32\ieui.dll
2015-08-12 10:09:07 ----A---- C:\Windows\system32\dxtrans.dll
2015-08-12 10:09:06 ----A---- C:\Windows\system32\ieframe.dll
2015-08-12 10:09:04 ----A---- C:\Windows\system32\mshtml.dll
2015-08-09 16:29:53 ----D---- C:\Users\Kopac\AppData\Roaming\dvdcss
2015-08-05 00:03:08 ----A---- C:\Windows\system32\msvcr120_clr0400.dll
2015-08-05 00:03:08 ----A---- C:\Windows\system32\msvcp120_clr0400.dll
2015-08-04 14:46:23 ----D---- C:\Users\Kopac\AppData\Roaming\Bigasoft Total Video Converter 5
2015-08-04 14:46:01 ----D---- C:\Program Files\Bigasoft
2015-08-04 14:24:15 ----D---- C:\Users\Kopac\AppData\Roaming\avidemux
2015-08-04 14:17:30 ----D---- C:\Users\Kopac\AppData\Roaming\Nico Mak Computing
2015-08-04 14:17:11 ----A---- C:\Windows\system32\roboot.exe
2015-08-04 14:17:03 ----D---- C:\Program Files\WinZip Registry Optimizer
2015-08-03 15:35:38 ----D---- C:\Program Files\Common Files\InstallShield
2015-07-21 09:39:28 ----A---- C:\Windows\system32\TURegOpt.exe
2015-07-21 09:39:27 ----A---- C:\Windows\system32\authuitu.dll

======List of files/folders modified in the last 1 month======

2015-08-17 13:43:32 ----D---- C:\Windows\Temp
2015-08-17 13:42:13 ----D---- C:\Windows\Prefetch
2015-08-17 13:41:47 ----RD---- C:\Program Files
2015-08-17 13:29:02 ----D---- C:\ProgramData\Kaspersky Lab
2015-08-17 13:10:23 ----SHD---- C:\System Volume Information
2015-08-17 11:04:42 ----D---- C:\Program Files\Opera
2015-08-17 11:03:59 ----D---- C:\Users\Kopac\AppData\Roaming\MiniLyrics
2015-08-17 10:29:31 ----D---- C:\Users\Kopac\AppData\Roaming\vlc
2015-08-16 08:05:41 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-08-16 02:36:27 ----D---- C:\Program Files\Mozilla Firefox
2015-08-14 17:19:27 ----D---- C:\Filmy
2015-08-14 14:51:02 ----D---- C:\Hry
2015-08-14 14:48:25 ----D---- C:\Instal
2015-08-13 19:37:25 ----D---- C:\Windows\Microsoft.NET
2015-08-13 19:35:13 ----RSD---- C:\Windows\assembly
2015-08-13 18:51:22 ----D---- C:\Windows\system32\directx
2015-08-13 18:10:35 ----D---- C:\Windows
2015-08-13 18:10:33 ----D---- C:\Windows\Logs
2015-08-13 18:08:40 ----D---- C:\Windows\inf
2015-08-13 08:29:23 ----D---- C:\Windows\Debug
2015-08-13 08:21:33 ----D---- C:\Windows\System32
2015-08-13 08:21:32 ----D---- C:\Windows\system32\drivers
2015-08-13 08:21:31 ----D---- C:\Windows\system32\XPSViewer
2015-08-13 00:25:36 ----D---- C:\Windows\winsxs
2015-08-13 00:25:33 ----D---- C:\Windows\system32\catroot
2015-08-13 00:24:37 ----SHD---- C:\Windows\Installer
2015-08-13 00:23:55 ----D---- C:\Program Files\Microsoft Silverlight
2015-08-13 00:22:11 ----D---- C:\Windows\system32\catroot2
2015-08-13 00:19:28 ----D---- C:\ProgramData\Microsoft Help
2015-08-12 22:02:36 ----D---- C:\Windows\system32\migration
2015-08-12 22:02:36 ----D---- C:\Program Files\Internet Explorer
2015-08-12 21:42:58 ----D---- C:\Windows\system32\MRT
2015-08-12 21:42:20 ----A---- C:\Windows\system32\mrt.exe
2015-08-12 12:05:35 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-08-10 15:53:16 ----D---- C:\Windows\Minidump
2015-08-10 12:30:24 ----D---- C:\Mp3
2015-08-06 12:39:52 ----D---- C:\Windows\system32\Tasks
2015-08-06 10:47:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-04 14:42:07 ----D---- C:\Program Files\FormatFactory
2015-08-04 14:34:38 ----D---- C:\FFOutput
2015-08-04 14:18:00 ----D---- C:\Windows\Tasks
2015-08-04 14:14:28 ----D---- C:\Program Files\Format Factory
2015-08-03 15:37:02 ----HD---- C:\Program Files\InstallShield Installation Information
2015-08-03 15:35:38 ----D---- C:\Program Files\Common Files
2015-08-02 19:22:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2015-08-02 19:21:50 ----D---- C:\Program Files\AGEIA Technologies
2015-07-21 09:47:40 ----D---- C:\Program Files\Mozilla Thunderbird

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2014-02-07 135776]
R0 secdir;Folder Security Personal; C:\Windows\system32\secdir.sys [2005-05-08 70233]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-02-07 243128]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2014-03-20 576608]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2013-10-20 25696]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2013-05-14 45024]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2014-02-07 144992]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-04-30 290304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2012-02-23 83984]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2014-02-17 25184]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2013-10-20 25696]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-03-04 261152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2015-06-25 30632]
R3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2011-02-11 25728]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 qcusbnet;Qualcomm USB-NDIS miniport; C:\Windows\system32\DRIVERS\qcusbnet.sys [2012-10-26 136192]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\qcusbser.sys [2012-10-26 110080]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 35328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-04-30 217088]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-20 214512]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2015-06-29 2446648]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12 269000]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S4 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-12 45744]
S4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-08-13 149160]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S4 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S4 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2014-04-12 772296]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 17 srp 2015 15:01

Zdravim

Pozor na pouzivani TuneUp. Dokaze to nadelat peknou paseku

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Kopac · #3 Příspěvek od **Kopac** » 17 srp 2015 21:25

CrystalDisk Info:
-------------------------

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows Vista Home Premium Edition SP2 [6.0 Build 6002] (x86)
Date : 2015/08/17 22:25:19

-- Controller Map ----------------------------------------------------------
+ Řadič úložiště Intel(R) 82801GB/GR/GH (řada ICH7) s rozhraním Serial ATA - 27C0 [ATA]
+ Kanál IDE (0)
- WDC WD2500AAJS-00B4A0 ATA Device
+ Kanál IDE (1)
- HL-DT-ST DVDRAM GH24NSB0 ATA Device
- Iniciátor iSCSI společnosti Microsoft [SCSI]

-- Disk List ---------------------------------------------------------------
(1) WDC WD2500AAJS-00B4A0 : 250,0 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) WDC WD2500AAJS-00B4A0
----------------------------------------------------------------------------
Model : WDC WD2500AAJS-00B4A0
Firmware : 01.03A01
Serial Number : WD-WCAT10825109
Disk Size : 250,0 GB (8,4/137,4/250,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 488397168
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ----
Transfer Mode : SATA/300
Power On Hours : 22392 hod.
Power On Count : 9433 krát
Temparature : 31 C (87 F)
Health Status : Dobrý
Features : S.M.A.R.T., AAM, 48bit LBA, NCQ
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 200 _51 000000000000 Počet chyb čtení
03 157 156 _21 000000000C24 Čas na roztočení ploten
04 _91 _91 __0 0000000024E5 Počet spuštění/zastavení
05 200 200 140 000000000000 Počet přemapovaných sektorů
07 200 200 __0 000000000000 Počet chybných hledání
09 _70 _70 __0 000000005778 Hodin v činnosti
0A 100 100 __0 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 __0 000000000000 Počet pokusů o překalibrování
0C _91 _91 __0 0000000024D9 Počet cyklů zapnutí zařízení
C0 200 200 __0 00000000004E Počet vypnutí disku
C1 197 197 __0 0000000024E5 Počet cyklů načítání/vymazání
C2 112 _85 __0 00000000001F Teplota
C4 199 199 __0 000000000001 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 __0 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2057 442D 5743 3130 3130 3832 3531 3039
020: 0000 4000 0032 3031 2E30 3031 3031 5744 4320 5744
030: 3235 3030 4141 4A53 2D30 3441 3441 3020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0000 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0706 0706 0000 0044 0040
080: 01FE 0000 746B 7F01 4123 BC01 BC01 4123 207F 001B
090: 001B 0000 FFFE 0000 80FE 0000 0000 0000 0000 0000
100: 5970 1D1C 0000 0000 0000 0000 0000 0000 5001 4EE1
110: 00F2 5EC6 0000 0000 0000 0000 0000 0000 0000 4010
120: 4010 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 169F 0000 0000 0000 0000 0000 0000
140: 0000 0000 0004 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 303F 303F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 100E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 6FA5

Kopac · #4 Příspěvek od **Kopac** » 17 srp 2015 21:32

No ty TuneUpy tam mám právě proto aby to tu paseku nedělalo a aspoň trochu se o ten počítač starali...
AdwCleaner Log:
-------------------------------
# AdwCleaner v5.000 - Logfile created 17/08/2015 at 22:28:34
# Updated 14/08/2015 by Xplode
# Database : 2015-08-16.2 [Server]
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Username : Kopac - KOPAC-PC
# Running from : C:\Users\Kopac\Downloads\adwcleaner_5.000.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Conduit
[-] Folder Deleted : C:\Program Files\WinZip Registry Optimizer
[-] Folder Deleted : C:\ProgramData\Conduit
[-] Folder Deleted : C:\ProgramData\ParetoLogic
[-] Folder Deleted : C:\ProgramData\TweakBit
[-] Folder Deleted : C:\Users\Kopac\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Kopac\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Kopac\AppData\LocalLow\PriceGong
[-] Folder Deleted : C:\Users\Kopac\AppData\Roaming\DriverCure
[-] Folder Deleted : C:\Users\Kopac\AppData\Roaming\ParetoLogic

***** [ Files ] *****

[-] File Deleted : C:\Windows\system32\roboot.exe
[-] File Deleted : C:\Windows\system32\drivers\sp_rsdrv2.sys

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\ParetoLogic
[-] Key Deleted : HKCU\Software\MiniLyrics
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MiniLyrics
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinZip Registry Optimizer_is1
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MiniLyrics
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}

***** [ Web browsers ] *****

*************************

:: Proxy settings cleared
:: Winsock settings cleared

*************************

C:\AdwCleaner[C1].txt - [2382 octets] - [17/08/2015 22:28:34]
C:\AdwCleaner[S1].txt - [2267 octets] - [17/08/2015 22:26:44]

########## EOF - C:\AdwCleaner[C1].txt - [2508 octets] ##########

#5 Příspěvek od **Márty84** » 17 srp 2015 21:36

Kopac píše:No ty TuneUpy tam mám právě proto aby to tu paseku nedělalo a aspoň trochu se o ten počítač starali...

No, to uz nekteri zaplatili reinstalem

TuneUp je fajn, ale udela obcas (casteji nez by bylo zdravo) takovou chybu, ze uz to nejde opravit

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Kopac · #6 Příspěvek od **Kopac** » 18 srp 2015 13:52

tak tu je ten MBAM... byly to skoro čtyři hodiny...
----------------------------------------------------
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 18.8.2015
Čas skenování: 11:19:28
Protokol: 1.txt
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.18.03
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: Kopac

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 524206
Uplynulý čas: 3 hod, 31 min, 28 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 5
PUP.Optional.Conduit.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETUP.EXE, , [7dce13f71279152115d050c1ed140ef2],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAUNCHER.EXE, , [99b293772b60a98da41fbd26e91af010],
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MAXTHON.EXE, , [7ad139d1137871c5d910db08679c4db3],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\TWEAKBIT\ATPopups, , [ae9dac5e2566e254dea24b61a55f3ec2],
PUP.Optional.TweakBit.A, HKLM\SOFTWARE\TWEAKBIT\ATUpdaters, , [5eedc941058671c5d2aefdaf7f85867a],

Hodnoty registru: 2
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\LAUNCHER.EXE|Debugger, "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe", , [99b293772b60a98da41fbd26e91af010]
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MAXTHON.EXE|Debugger, "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe", , [7ad139d1137871c5d910db08679c4db3]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 6
PUP.Optional.Conduit, C:\AdwCleaner\Quarantine\C\Program Files\Conduit\Community Alerts\Alert.dll.vir, , [f853cc3e8b002610647bb27ed22e7888],
PUP.Optional.Conduit.A, C:\Users\Kopac\AppData\Roaming\setup.exe, , [7dce13f71279152115d050c1ed140ef2],
PUP.Optional.Conduit.A, C:\Users\Kopac\AppData\Roaming\setup_Firefox.exe, , [f5565eac8cff71c5796cf41dd52cd42c],
RiskWare.Keygen, C:\Windows\AutoKMS.exe, , [4308cb3f82098fa7f751e2e8d0316f91],
PUP.RiskWareTool.CK, C:\Hry\DiRT 3\paul.dll, , [db70878398f31b1b2cebfecc649d17e9],
Trojan.Downloader.H, C:\Hry\DiRT 3\SKIDROW.dll, , [8dbeba5024678aaceb60e841d52dc23e],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#7 Příspěvek od **Márty84** » 18 srp 2015 14:55

Je to nekdy dlouhe, ale dukladne.

Nalezy doporucuji odstranit. Po odstraneni a restartu pc test zopakujte (staci uz jen Sken hrozeb - bude rychlejsi), at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

Kopac · #8 Příspěvek od **Kopac** » 18 srp 2015 17:03

nový po odstranění
-------------------------
Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 18.8.2015
Čas skenování: 17:36:31
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.08.18.05
Databáze rootkitů: v2015.08.16.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: Kopac

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 367142
Uplynulý čas: 24 min, 40 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

#9 Příspěvek od **Márty84** » 18 srp 2015 22:19

MBAM muzete odinstalovat.

Dejte novy log z RSIT

a k tomu

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Kopac · #10 Příspěvek od **Kopac** » 19 srp 2015 10:31

Rsit
-------------------
Logfile of random's system information tool 1.10 (written by random/random)
Run by Kopac at 2015-08-19 11:28:24
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 46 GB (20%) free of 230 GB
Total RAM: 2047 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:29:16, on 19.8.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16684)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Kopac\Downloads\RSIT.exe
C:\Program Files\trend micro\Kopac.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\AMD\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Přidat do součásti Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: Virtuální klávesnice - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Kopac\AppData\Roaming\ICQM\icq.exe (HKCU)
O9 - Extra 'Tools' menuitem: ICQ - {086C8477-4F71-4550-87FB-AF0AE8DF3E98} - C:\Users\Kopac\AppData\Roaming\ICQM\icq.exe (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Služba Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: AVG PC TuneUp Service (TuneUp.UtilitiesSvc) - AVG Technologies - C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe

--
End of file - 6587 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\WebReg psc 1400 series.job - C:\Program Files\HP\Digital Imaging\bin\hpqwrg.exe "psc 1400 series"

=========Mozilla firefox=========

ProfilePath - C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\fbvcbnm5.default-1439685444109

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"url_advisor@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
"virtual_keyboard@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
"content_blocker@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
"anti_banner@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
"online_banking@kaspersky.com"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 18.0.0.232 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@software602.cz/602XML Filler]
"Description"=602XML Filler Plugin
"Path"=C:\Program Files\Software602\602XML\Filler\npfiller.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F}]
Content Blocker Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-02-07 655040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73455575-E40C-433C-9784-C78DC7761455}]
Virtual Keyboard Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16 1265448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9}]
Safe Money Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-02-07 455360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
URL Advisor Plugin - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17 798912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\AMD\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2013-04-30 642304]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\excel.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filler602.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\groove.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msaccess.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msoxmled.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspub.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mstore.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mx3uninstall.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ois.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccompanion.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerpnt.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Winword.exe]
"Debugger=""C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-08-18 14:51:16 ----A---- C:\1.txt
2015-08-17 22:39:24 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-08-17 22:38:58 ----D---- C:\ProgramData\Malwarebytes
2015-08-17 22:38:58 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2015-08-17 22:38:58 ----A---- C:\Windows\system32\drivers\mwac.sys
2015-08-17 22:38:58 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2015-08-17 22:38:58 ----A---- C:\Windows\system32\drivers\mbam.sys
2015-08-17 22:28:34 ----A---- C:\AdwCleaner[C1].txt
2015-08-17 22:26:44 ----A---- C:\AdwCleaner[S1].txt
2015-08-17 22:26:39 ----D---- C:\AdwCleaner
2015-08-17 13:41:47 ----D---- C:\Program Files\trend micro
2015-08-17 13:41:46 ----D---- C:\rsit
2015-08-13 18:10:35 ----HD---- C:\Windows\msdownld.tmp
2015-08-13 00:24:49 ----A---- C:\Windows\system32\ntdll.dll
2015-08-13 00:24:49 ----A---- C:\Windows\system32\msmmsp.dll
2015-08-13 00:24:49 ----A---- C:\Windows\system32\drivers\mountmgr.sys
2015-08-13 00:24:49 ----A---- C:\Windows\system32\drivers\ecache.sys
2015-08-13 00:24:49 ----A---- C:\Windows\system32\csrsrv.dll
2015-08-13 00:24:48 ----A---- C:\Windows\system32\ntkrnlpa.exe
2015-08-13 00:24:48 ----A---- C:\Windows\system32\emdmgmt.dll
2015-08-13 00:24:46 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-08-13 00:20:46 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 00:19:37 ----A---- C:\Windows\system32\drivers\srv.sys
2015-08-13 00:17:34 ----A---- C:\Windows\system32\mstscax.dll
2015-08-13 00:16:27 ----A---- C:\Windows\system32\shell32.dll
2015-08-13 00:15:27 ----SHD---- C:\Config.Msi
2015-08-12 22:13:04 ----ASH---- C:\hiberfil.sys
2015-08-12 21:39:52 ----D---- C:\b8cbd75376ff666d79
2015-08-12 21:36:13 ----A---- C:\Windows\system32\basesrv.dll
2015-08-12 21:27:18 ----A---- C:\Windows\system32\msxml6.dll
2015-08-12 21:27:18 ----A---- C:\Windows\system32\msxml3.dll
2015-08-12 21:24:27 ----A---- C:\Windows\system32\d3d10level9.dll
2015-08-12 21:24:27 ----A---- C:\Windows\system32\d3d10core.dll
2015-08-12 21:24:27 ----A---- C:\Windows\system32\d3d10_1core.dll
2015-08-12 21:24:27 ----A---- C:\Windows\system32\d3d10_1.dll
2015-08-12 21:24:26 ----A---- C:\Windows\system32\win32k.sys
2015-08-12 21:24:26 ----A---- C:\Windows\system32\d3d10warp.dll
2015-08-12 21:24:26 ----A---- C:\Windows\system32\d3d10.dll
2015-08-12 21:24:26 ----A---- C:\Windows\system32\d2d1.dll
2015-08-12 21:24:26 ----A---- C:\Windows\system32\atmlib.dll
2015-08-12 21:24:26 ----A---- C:\Windows\system32\atmfd.dll
2015-08-12 21:24:25 ----A---- C:\Windows\system32\FntCache.dll
2015-08-12 21:24:25 ----A---- C:\Windows\system32\DWrite.dll
2015-08-12 21:22:46 ----A---- C:\Windows\system32\WebClnt.dll
2015-08-12 21:22:24 ----A---- C:\Windows\system32\notepad.exe
2015-08-12 21:22:24 ----A---- C:\Windows\notepad.exe
2015-08-12 10:09:12 ----A---- C:\Windows\system32\urlmon.dll
2015-08-12 10:09:12 ----A---- C:\Windows\system32\mshta.exe
2015-08-12 10:09:12 ----A---- C:\Windows\system32\msfeedsbs.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\vbscript.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\url.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\msfeeds.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\jscript.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\ieUnatt.exe
2015-08-12 10:09:11 ----A---- C:\Windows\system32\iertutil.dll
2015-08-12 10:09:11 ----A---- C:\Windows\system32\dxtmsft.dll
2015-08-12 10:09:10 ----A---- C:\Windows\system32\jsproxy.dll
2015-08-12 10:09:09 ----A---- C:\Windows\system32\msfeedssync.exe
2015-08-12 10:09:07 ----A---- C:\Windows\system32\wininet.dll
2015-08-12 10:09:07 ----A---- C:\Windows\system32\mshtmled.dll
2015-08-12 10:09:07 ----A---- C:\Windows\system32\jscript9.dll
2015-08-12 10:09:07 ----A---- C:\Windows\system32\ieui.dll
2015-08-12 10:09:07 ----A---- C:\Windows\system32\dxtrans.dll
2015-08-12 10:09:06 ----A---- C:\Windows\system32\ieframe.dll
2015-08-12 10:09:04 ----A---- C:\Windows\system32\mshtml.dll
2015-08-09 16:29:53 ----D---- C:\Users\Kopac\AppData\Roaming\dvdcss
2015-08-05 00:03:08 ----A---- C:\Windows\system32\msvcr120_clr0400.dll
2015-08-05 00:03:08 ----A---- C:\Windows\system32\msvcp120_clr0400.dll
2015-08-04 14:46:23 ----D---- C:\Users\Kopac\AppData\Roaming\Bigasoft Total Video Converter 5
2015-08-04 14:46:01 ----D---- C:\Program Files\Bigasoft
2015-08-04 14:24:15 ----D---- C:\Users\Kopac\AppData\Roaming\avidemux
2015-08-04 14:17:30 ----D---- C:\Users\Kopac\AppData\Roaming\Nico Mak Computing
2015-08-03 15:35:38 ----D---- C:\Program Files\Common Files\InstallShield
2015-07-21 09:39:28 ----A---- C:\Windows\system32\TURegOpt.exe
2015-07-21 09:39:27 ----A---- C:\Windows\system32\authuitu.dll

======List of files/folders modified in the last 1 month======

2015-08-19 11:28:45 ----D---- C:\Windows\Temp
2015-08-19 11:28:00 ----D---- C:\ProgramData\Kaspersky Lab
2015-08-19 11:18:09 ----D---- C:\Filmy
2015-08-19 11:12:51 ----SHD---- C:\System Volume Information
2015-08-19 00:56:34 ----D---- C:\Users\Kopac\AppData\Roaming\vlc
2015-08-18 21:56:30 ----D---- C:\Users\Kopac\AppData\Roaming\MiniLyrics
2015-08-18 17:24:36 ----D---- C:\Windows\system32\drivers
2015-08-18 17:24:36 ----D---- C:\Windows\Speech
2015-08-18 17:21:19 ----D---- C:\Windows
2015-08-18 16:06:49 ----D---- C:\Windows\Prefetch
2015-08-18 11:08:16 ----D---- C:\Instal
2015-08-17 22:38:58 ----RD---- C:\Program Files
2015-08-17 22:38:58 ----HD---- C:\ProgramData
2015-08-17 22:28:36 ----D---- C:\Windows\System32
2015-08-17 15:35:16 ----D---- C:\Windows\system32\catroot2
2015-08-17 11:04:42 ----D---- C:\Program Files\Opera
2015-08-17 11:04:13 ----D---- C:\Users\Kopac\AppData\Roaming\Opera Software
2015-08-16 08:05:41 ----D---- C:\Program Files\Mozilla Maintenance Service
2015-08-16 02:36:27 ----D---- C:\Program Files\Mozilla Firefox
2015-08-14 14:51:02 ----D---- C:\Hry
2015-08-13 19:37:25 ----D---- C:\Windows\Microsoft.NET
2015-08-13 19:35:13 ----RSD---- C:\Windows\assembly
2015-08-13 18:51:22 ----D---- C:\Windows\system32\directx
2015-08-13 18:10:33 ----D---- C:\Windows\Logs
2015-08-13 18:08:40 ----D---- C:\Windows\inf
2015-08-13 08:29:23 ----D---- C:\Windows\Debug
2015-08-13 08:21:31 ----D---- C:\Windows\system32\XPSViewer
2015-08-13 00:25:36 ----D---- C:\Windows\winsxs
2015-08-13 00:25:33 ----D---- C:\Windows\system32\catroot
2015-08-13 00:24:37 ----SHD---- C:\Windows\Installer
2015-08-13 00:23:55 ----D---- C:\Program Files\Microsoft Silverlight
2015-08-13 00:19:28 ----D---- C:\ProgramData\Microsoft Help
2015-08-12 22:02:36 ----D---- C:\Windows\system32\migration
2015-08-12 22:02:36 ----D---- C:\Program Files\Internet Explorer
2015-08-12 21:42:58 ----D---- C:\Windows\system32\MRT
2015-08-12 21:42:20 ----A---- C:\Windows\system32\mrt.exe
2015-08-12 12:05:35 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2015-08-10 15:53:16 ----D---- C:\Windows\Minidump
2015-08-10 12:30:24 ----D---- C:\Mp3
2015-08-06 12:39:52 ----D---- C:\Windows\system32\Tasks
2015-08-06 10:47:04 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-08-04 14:42:07 ----D---- C:\Program Files\FormatFactory
2015-08-04 14:34:38 ----D---- C:\FFOutput
2015-08-04 14:18:00 ----D---- C:\Windows\Tasks
2015-08-04 14:14:28 ----D---- C:\Program Files\Format Factory
2015-08-03 15:37:02 ----HD---- C:\Program Files\InstallShield Installation Information
2015-08-03 15:35:38 ----D---- C:\Program Files\Common Files
2015-08-02 19:22:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2015-08-02 19:21:50 ----D---- C:\Program Files\AGEIA Technologies
2015-07-21 09:47:40 ----D---- C:\Program Files\Mozilla Thunderbird

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2014-02-07 135776]
R0 secdir;Folder Security Personal; C:\Windows\system32\secdir.sys [2005-05-08 70233]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2014-02-07 243128]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2014-03-20 576608]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2013-10-20 25696]
R1 klpd;klpd; C:\Windows\system32\DRIVERS\klpd.sys [2013-04-12 14432]
R1 kltdi;kltdi; C:\Windows\system32\DRIVERS\kltdi.sys [2013-05-14 45024]
R1 kneps;kneps; C:\Windows\system32\DRIVERS\kneps.sys [2014-02-07 144992]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2013-04-30 10070016]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2013-04-30 290304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2012-02-23 83984]
R3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-10 22528]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-18 92160]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-06-17 30208]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 klkbdflt;Kaspersky Lab KLKBDFLT; C:\Windows\system32\DRIVERS\klkbdflt.sys [2014-02-17 25184]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2013-10-20 25696]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2015-06-18 23256]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-10 148992]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-03-04 261152]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [2015-06-25 30632]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2011-02-11 25728]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-21 508416]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2012-03-08 39272]
S3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2015-06-18 51928]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 qcusbnet;Qualcomm USB-NDIS miniport; C:\Windows\system32\DRIVERS\qcusbnet.sys [2012-10-26 136192]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication; C:\Windows\system32\DRIVERS\qcusbser.sys [2012-10-26 110080]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 35328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2013-04-30 217088]
R2 AVP;Služba Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-20 214512]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2015-06-29 2446648]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-04-12 103608]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2015-06-18 1133880]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12 269000]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2012-03-08 1492840]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S4 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2014-04-12 45744]
S4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2015-03-28 89840]
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2015-08-13 149160]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2014-04-12 139944]
S4 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S4 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S4 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2014-04-12 772296]

-----------------EOF-----------------

Kopac · #11 Příspěvek od **Kopac** » 19 srp 2015 10:38

FRST
-----------
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2015
Ran by Kopac (administrator) on KOPAC-PC (19-08-2015 11:34:36)
Running from C:\Users\Kopac\Desktop
Loaded Profiles: Kopac (Available Profiles: Kopac & Ostatní)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(AVG Technologies) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\Kopac\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\AMD\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
IFEO\excel.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\filler602.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\mx3uninstall.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\pccompanion.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\Winword.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-02-07] (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-12-16] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-02-07] (Kaspersky Lab ZAO)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-02-17] (Kaspersky Lab ZAO)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2014-02-06] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{62190150-41CE-4D59-AFD3-1CDAFFB9A237}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\fbvcbnm5.default-1439685444109
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Software602\602XML\Filler\npfiller.dll [2012-08-06] (Software602 a.s.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-27] (Adobe Systems Inc.)
FF Extension: uBlock Origin - C:\Users\Kopac\AppData\Roaming\Mozilla\Firefox\Profiles\fbvcbnm5.default-1439685444109\Extensions\uBlock0@raymondhill.net.xpi [2015-08-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-02-06]
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-02-07]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-02-07]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-02-07]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-02-07]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-02-07]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/deta ... ddbepgkeaa
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-20]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-20]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-20]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-20]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-20] (Kaspersky Lab ZAO)
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S4 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S4 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [2446648 2015-06-29] (AVG Technologies)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25728 2011-02-11] (Google Inc)
R3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdLH3.sys [83984 2012-02-23] (Advanced Micro Devices)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-02-07] (Disc Soft Ltd)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2014-02-07] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-20] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-20] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2014-02-07] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S3 qcusbnet; C:\Windows\System32\DRIVERS\qcusbnet.sys [136192 2012-10-26] (QUALCOMM Incorporated)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [110080 2012-10-26] (QUALCOMM Incorporated)
R0 secdir; C:\Windows\System32\secdir.sys [70233 2005-05-08] (Y0YS Software) [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys [30632 2015-06-25] (TuneUp Software)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [94304 2014-03-20] (Kaspersky Lab ZAO)
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 11:34 - 2015-08-19 11:35 - 00013854 _____ C:\Users\Kopac\Desktop\FRST.txt
2015-08-19 11:34 - 2015-08-19 11:34 - 00000000 ____D C:\FRST
2015-08-19 11:33 - 2015-08-19 11:33 - 00112640 _____ (forum.viry.cz) C:\Users\Kopac\Desktop\FRSTLauncher.exe
2015-08-19 11:33 - 2015-08-19 11:33 - 00029696 _____ C:\Users\Kopac\AppData\Local\MSGBOX.EXE
2015-08-19 11:33 - 2015-08-19 11:33 - 00015327 _____ C:\Users\Kopac\Desktop\LM.bat
2015-08-19 11:30 - 2015-08-19 11:30 - 01677312 _____ (Farbar) C:\Users\Kopac\Desktop\FRST.exe
2015-08-19 11:22 - 2015-08-19 11:30 - 92477728 _____ C:\Users\Kopac\Downloads\Kana.part2.rar
2015-08-18 21:54 - 2015-08-18 22:44 - 209715200 _____ C:\Users\Kopac\Downloads\Kana.part1.rar
2015-08-18 14:51 - 2015-08-18 14:51 - 00002755 _____ C:\1.txt
2015-08-17 22:39 - 2015-08-18 17:35 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-17 22:39 - 2015-08-17 22:39 - 00000899 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-17 22:39 - 2015-08-17 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-17 22:38 - 2015-08-17 22:39 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-08-17 22:38 - 2015-08-17 22:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-17 22:38 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-08-17 22:38 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-08-17 22:38 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-08-17 22:28 - 2015-08-17 22:28 - 00002577 _____ C:\AdwCleaner[C1].txt
2015-08-17 22:26 - 2015-08-17 22:28 - 00000000 ____D C:\AdwCleaner
2015-08-17 22:26 - 2015-08-17 22:27 - 00002267 _____ C:\AdwCleaner[S1].txt
2015-08-17 13:41 - 2015-08-19 11:28 - 00000000 ____D C:\Program Files\trend micro
2015-08-17 13:41 - 2015-08-17 13:43 - 00000000 ____D C:\rsit
2015-08-16 02:36 - 2015-08-16 02:36 - 00000858 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-08-14 14:58 - 2015-08-14 14:59 - 00000000 ____D C:\Users\Kopac\Documents\NFS Most Wanted
2015-08-14 12:23 - 2015-08-14 12:23 - 00000000 ____D C:\Users\Kopac\Documents\Criterion Games
2015-08-13 18:12 - 2015-08-13 18:12 - 00000000 ____D C:\Users\Kopac\AppData\Local\CrashRpt
2015-08-13 18:10 - 2015-08-13 18:51 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-08-13 08:21 - 2015-08-18 19:06 - 00293228 _____ C:\Windows\PFRO.log
2015-08-13 00:24 - 2015-07-21 22:55 - 01206192 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 00:24 - 2015-07-21 18:07 - 03605440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-08-13 00:24 - 2015-07-21 18:07 - 03553216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 00:24 - 2015-07-21 18:07 - 00140224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-13 00:24 - 2015-07-21 18:07 - 00056256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 00:24 - 2015-07-21 18:03 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-13 00:24 - 2015-07-21 18:03 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 00:24 - 2015-07-21 18:03 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-13 00:20 - 2015-07-31 21:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 00:19 - 2015-07-09 16:20 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-13 00:17 - 2015-07-10 21:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 00:16 - 2015-07-11 17:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-12 21:39 - 2015-08-12 21:42 - 00000000 ____D C:\b8cbd75376ff666d79
2015-08-12 21:36 - 2015-07-18 18:03 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-12 21:27 - 2015-07-10 21:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-12 21:27 - 2015-07-10 21:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-12 21:24 - 2015-08-01 00:08 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-12 21:24 - 2015-07-31 23:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-12 21:24 - 2015-07-31 23:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-12 21:24 - 2015-07-31 23:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-12 21:24 - 2015-07-31 23:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-12 21:24 - 2015-07-31 22:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-12 21:24 - 2015-07-31 22:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-12 21:24 - 2015-07-31 22:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-12 21:24 - 2015-07-31 22:33 - 02066944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-12 21:24 - 2015-07-31 22:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-12 21:24 - 2015-07-31 22:33 - 00802304 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-12 21:24 - 2015-07-31 22:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-12 21:22 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-12 21:22 - 2015-07-09 16:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-12 21:22 - 2015-07-01 17:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-12 10:09 - 2015-07-22 22:54 - 12386816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-12 10:09 - 2015-07-22 22:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-12 10:09 - 2015-07-22 22:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-12 10:09 - 2015-07-22 22:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-12 10:09 - 2015-07-22 22:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-12 10:09 - 2015-07-22 22:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-12 10:09 - 2015-07-22 22:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-12 10:09 - 2015-07-22 22:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-12 10:09 - 2015-07-22 22:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-12 10:09 - 2015-07-22 22:44 - 01804288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-12 10:09 - 2015-07-22 22:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-12 10:09 - 2015-07-22 22:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-12 10:09 - 2015-07-22 22:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-12 10:09 - 2015-07-22 22:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-12 10:09 - 2015-07-22 22:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-12 10:09 - 2015-07-22 22:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-12 10:09 - 2015-07-22 22:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-12 10:09 - 2015-07-22 22:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-12 10:09 - 2015-07-22 22:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-12 10:09 - 2015-07-22 22:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-12 10:09 - 2015-07-22 22:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-12 10:09 - 2015-07-22 22:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-09 16:29 - 2015-08-09 16:32 - 00000000 ____D C:\Users\Kopac\AppData\Roaming\dvdcss
2015-08-06 10:47 - 2015-08-12 11:11 - 00000000 ____D C:\Users\Ostatní\Documents\GTA San Andreas User Files
2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2015-08-04 14:48 - 2015-08-04 15:55 - 00000000 ____D C:\Users\Kopac\Documents\Bigasoft Total Video Converter
2015-08-04 14:46 - 2015-08-04 14:46 - 00000000 ____D C:\Users\Kopac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bigasoft
2015-08-04 14:46 - 2015-08-04 14:46 - 00000000 ____D C:\Users\Kopac\AppData\Roaming\Bigasoft Total Video Converter 5
2015-08-04 14:46 - 2015-08-04 14:46 - 00000000 ____D C:\Program Files\Bigasoft
2015-08-04 14:24 - 2015-08-10 15:53 - 00000000 ____D C:\Users\Kopac\AppData\Roaming\avidemux
2015-08-04 14:17 - 2015-08-04 22:17 - 00000000 ____D C:\Users\Kopac\AppData\Roaming\Nico Mak Computing
2015-08-03 16:37 - 2015-08-03 19:42 - 00000000 ____D C:\Users\Kopac\Documents\GTA San Andreas User Files
2015-08-03 15:37 - 2015-08-03 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2015-08-03 15:35 - 2015-08-03 15:35 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2015-07-21 09:39 - 2015-07-21 09:39 - 00001901 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015.lnk
2015-07-21 09:39 - 2015-07-21 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2015
2015-07-21 09:39 - 2015-06-29 10:24 - 00037176 _____ (AVG Technologies) C:\Windows\system32\TURegOpt.exe
2015-07-21 09:39 - 2015-06-29 10:23 - 00025912 _____ (AVG Technologies) C:\Windows\system32\authuitu.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-19 11:32 - 2006-11-02 14:52 - 01264024 _____ C:\Windows\WindowsUpdate.log
2015-08-19 11:31 - 2014-02-07 12:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-19 11:18 - 2014-02-06 15:49 - 00044032 _____ C:\Users\Kopac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-19 11:18 - 2014-02-06 13:58 - 00000000 ____D C:\Filmy
2015-08-19 11:12 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-19 11:12 - 2006-11-02 14:47 - 00004896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-19 11:12 - 2006-11-02 14:47 - 00004896 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-19 00:57 - 2014-02-06 12:48 - 00001076 _____ C:\Windows\bthservsdp.dat
2015-08-19 00:57 - 2006-11-02 15:01 - 00032636 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-19 00:56 - 2014-02-07 00:38 - 00000000 ____D C:\Users\Kopac\AppData\Roaming\vlc
2015-08-19 00:05 - 2014-02-06 13:19 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-18 22:07 - 2014-02-06 16:05 - 00000000 ____D C:\Users\Kopac\AppData\Local\Last.fm
2015-08-18 21:56 - 2014-02-06 14:04 - 00000000 ____D C:\Users\Kopac\AppData\Roaming\MiniLyrics
2015-08-18 17:24 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Speech
2015-08-18 11:08 - 2014-02-07 13:10 - 00000000 ____D C:\Instal
2015-08-17 11:04 - 2015-01-17 23:26 - 00000000 ____D C:\Users\Kopac\AppData\Roaming\Opera Software
2015-08-17 11:04 - 2015-01-17 23:26 - 00000000 ____D C:\Users\Kopac\AppData\Local\Opera Software
2015-08-17 11:04 - 2015-01-17 23:25 - 00000000 ____D C:\Program Files\Opera
2015-08-17 10:43 - 2015-05-24 18:53 - 00000000 ____D C:\Users\Kopac\Documents\My Scans
2015-08-16 08:05 - 2015-07-11 17:42 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-08-16 02:36 - 2015-01-28 13:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-08-14 14:51 - 2014-02-07 15:52 - 00000000 ____D C:\Hry
2015-08-14 12:35 - 2014-02-06 15:46 - 00000000 ____D C:\Users\Kopac\Documents\Seznamy
2015-08-13 19:37 - 2006-11-02 13:18 - 00000000 ____D C:\Windows\Microsoft.NET
2015-08-13 18:51 - 2014-02-06 15:04 - 00000000 ____D C:\Windows\system32\directx
2015-08-13 08:21 - 2006-11-02 14:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2015-08-13 00:24 - 2014-02-11 19:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-13 00:23 - 2014-02-11 19:37 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-13 00:19 - 2014-02-07 14:10 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 22:18 - 2006-11-02 14:47 - 00377216 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-12 21:42 - 2014-02-06 14:19 - 00000000 ____D C:\Windows\system32\MRT
2015-08-12 21:42 - 2006-11-02 12:24 - 129304528 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-12 12:05 - 2014-02-06 13:19 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-08-12 12:05 - 2014-02-06 13:19 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-08-10 15:53 - 2015-07-13 21:10 - 00000000 ____D C:\Windows\Minidump
2015-08-10 12:33 - 2014-02-06 14:10 - 00386223 _____ C:\Users\Kopac\Documents\all.m3u
2015-08-10 12:30 - 2014-02-06 13:58 - 00000000 ____D C:\Mp3
2015-08-09 16:03 - 2014-03-06 20:09 - 00000000 ____D C:\Users\Kopac\AppData\Local\NFS Underground 2
2015-08-06 10:47 - 2006-11-02 12:33 - 01574886 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-06 10:13 - 2006-11-02 14:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-08-06 10:04 - 2014-02-06 17:36 - 00102736 _____ C:\Users\Ostatní\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-06 09:56 - 2015-05-27 13:48 - 00002111 _____ C:\Users\Ostatní\Desktop\Ochrana financí.lnk
2015-08-04 14:42 - 2015-01-22 18:15 - 00000000 ____D C:\Program Files\FormatFactory
2015-08-04 14:34 - 2015-02-25 16:50 - 00000000 ____D C:\FFOutput
2015-08-04 14:14 - 2015-03-16 14:22 - 00000000 ____D C:\Program Files\Format Factory
2015-08-03 15:37 - 2014-02-06 14:36 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-08-03 08:02 - 2014-02-06 16:02 - 00000000 ____D C:\Users\Kopac\Documents\something
2015-08-02 19:26 - 2014-02-11 20:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2015-08-02 19:22 - 2014-02-27 19:14 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2015-08-02 19:21 - 2014-02-27 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-08-02 19:21 - 2014-02-27 19:14 - 00000000 ____D C:\Program Files\AGEIA Technologies
2015-07-29 19:14 - 2014-02-06 15:45 - 00000000 ____D C:\Users\Kopac\Documents\Škola
2015-07-29 10:04 - 2014-02-06 12:56 - 00000000 ____D C:\Users\Kopac
2015-07-26 12:46 - 2014-10-12 12:18 - 00000000 ____D C:\Users\Kopac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder
2015-07-21 09:47 - 2014-06-24 10:42 - 00000000 ____D C:\Program Files\Mozilla Thunderbird

==================== Files in the root of some directories =======

2014-02-06 15:08 - 2013-06-16 12:32 - 0433664 _____ () C:\Users\Kopac\AppData\Roaming\setup.msi
2015-08-09 09:53 - 2015-08-09 09:53 - 0024206 _____ () C:\Users\Kopac\AppData\Roaming\UserTile.png
2014-02-06 12:56 - 2015-07-13 21:16 - 0001356 _____ () C:\Users\Kopac\AppData\Local\d3d9caps.dat
2014-02-06 15:49 - 2015-08-19 11:18 - 0044032 _____ () C:\Users\Kopac\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-19 11:33 - 2015-08-19 11:33 - 0029696 _____ () C:\Users\Kopac\AppData\Local\MSGBOX.EXE

Some files in TEMP:
====================
C:\Users\Kopac\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-19 11:30

==================== End of log ============================

#12 Příspěvek od **Márty84** » 19 srp 2015 11:49

Vypnete trvale Windows Defender.

Napiste mi velikost adresare plochy (C:\Users\Kopac\Plocha)

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
IFEO\excel.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\filler602.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\mx3uninstall.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\pccompanion.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\Winword.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"

2015-08-13 18:10 - 2015-08-13 18:51 - 00000000 ___HD C:\Windows\msdownld.tmp

Task: {B5D2CC9A-EA07-4CD0-9CB6-132139E24670} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-04-03] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12 269000]

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Kopac · #13 Příspěvek od **Kopac** » 19 srp 2015 12:20

plocha má 1,06 gb (mp3, pdf...)
----------------------------------
Fix result of Farbar Recovery Scan Tool (x86) Version:17-08-2015
Ran by Kopac (2015-08-19 13:10:08) Run:1
Running from C:\Users\Kopac\Desktop
Loaded Profiles: Kopac (Available Profiles: Kopac & Ostatní)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
IFEO\excel.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\filler602.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\mstore.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\mx3uninstall.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\ois.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\pccompanion.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"
IFEO\Winword.exe: [Debugger] "C:\Program Files\AVG\AVG PC TuneUp\TUAutoReactivator32.exe"

2015-08-13 18:10 - 2015-08-13 18:51 - 00000000 ___HD C:\Windows\msdownld.tmp

Task: {B5D2CC9A-EA07-4CD0-9CB6-132139E24670} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-04-03] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2015-07-07 82128]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12 269000]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => value removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\excel.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\filler602.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\groove.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msaccess.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\msoxmled.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mspub.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mstore.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\mx3uninstall.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\ois.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pccompanion.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\powerpnt.exe" => key removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\Winword.exe" => key removed successfully.
C:\Windows\msdownld.tmp => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B5D2CC9A-EA07-4CD0-9CB6-132139E24670}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D2CC9A-EA07-4CD0-9CB6-132139E24670}" => key removed successfully.
C:\Windows\System32\Tasks\AutoKMS => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully.
AdobeARMservice => service removed successfully.
AdobeFlashPlayerUpdateSvc => service removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 485.2 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 13:12:59 ====

#14 Příspěvek od **Márty84** » 19 srp 2015 12:56

Kopac píše:plocha má 1,06 gb (mp3, pdf...)

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/
Stahnete a spustte

Ponechte zatrzitkou pouze u volby Remove disinfection tools

Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.

Pak napiste, jak to s pc vypada.

Kopac · #15 Příspěvek od **Kopac** » 25 srp 2015 07:13

No, vypadá to stejně jako předtím...

VIRY.CZ

Prosím o kontrolu logu RSIT

Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT

Re: Prosím o kontrolu logu RSIT