VIRY.CZ

Dobrý večer vespolek mám nově darovaný noťas, starší, po neopatrných uživatelích, ráda bych se ujistila, jestli mi tam někde neběhá nějaká zlobivá breberka.

Moc díky za pohled. Noťas jinak šlape bezvadně, ale ještě musím povypínat spoustu věcí, které tam běhaj zbytečně.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Petra at 2015-11-21 18:48:24
Microsoft Windows 7 Home Premium
System drive C: has 120 GB (79%) free of 153 GB
Total RAM: 4095 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:48:28, on 21.11.2015
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\trend micro\Petra.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3201448915-3208623186-2291822294-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3201448915-3208623186-2291822294-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6363 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"LogonUI.exe" /flags:0x1
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\Explorer.EXE
"C:\Windows\system32\Dwm.exe"
"taskhost.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe"

C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\Petra\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\c0wojbzk.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll


C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\c0wojbzk.default\searchplugins\
SweetIM Search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-20 885152]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-09-09 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-20 664184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-09-09 157672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2010-09-17 3054136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
C:\Program Files\CCleaner\CCleaner64.exe [2015-10-19 8551848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2015-11-17 50509440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Syncables]
C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-11-20 7004376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=16

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-11-21 18:48:24 ----D---- C:\rsit
2015-11-21 18:48:24 ----D---- C:\Program Files\trend micro
2015-11-21 16:14:41 ----D---- C:\Program Files (x86)\Microsoft Works
2015-11-21 16:14:17 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2015-11-21 16:14:07 ----D---- C:\Program Files (x86)\Microsoft.NET
2015-11-21 16:12:01 ----D---- C:\ProgramData\Microsoft Help
2015-11-21 16:11:49 ----RHD---- C:\MSOCache
2015-11-21 14:05:22 ----D---- C:\Windows\system32\MRT
2015-11-21 14:05:16 ----A---- C:\Windows\system32\MRT.exe
2015-11-21 14:04:44 ----A---- C:\Windows\system32\ntoskrnl.exe
2015-11-21 14:04:43 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2015-11-21 14:04:43 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2015-11-21 14:04:41 ----A---- C:\Windows\SYSWOW64\poqexec.exe
2015-11-21 14:04:41 ----A---- C:\Windows\system32\poqexec.exe
2015-11-21 13:58:17 ----A---- C:\Windows\system32\wups2.dll
2015-11-21 13:58:17 ----A---- C:\Windows\system32\wucltux.dll
2015-11-21 13:58:17 ----A---- C:\Windows\system32\wuaueng.dll
2015-11-21 13:58:17 ----A---- C:\Windows\system32\wuauclt.exe
2015-11-21 13:58:11 ----A---- C:\Windows\system32\wups.dll
2015-11-21 13:58:11 ----A---- C:\Windows\system32\wudriver.dll
2015-11-21 13:58:10 ----A---- C:\Windows\system32\wuapi.dll
2015-11-21 13:58:06 ----A---- C:\Windows\system32\wuwebv.dll
2015-11-21 13:58:06 ----A---- C:\Windows\system32\wuapp.exe
2015-11-20 20:50:13 ----D---- C:\Users\Petra\AppData\Roaming\IrfanView
2015-11-20 20:50:13 ----D---- C:\Program Files (x86)\IrfanView
2015-11-20 19:53:40 ----D---- C:\Users\Petra\AppData\Roaming\Mozilla
2015-11-20 19:53:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2015-11-20 18:41:52 ----A---- C:\Windows\system32\aswBoot.exe
2015-11-20 18:41:38 ----N---- C:\Windows\system32\MpSigStub.exe
2015-11-20 18:41:07 ----D---- C:\Users\Petra\AppData\Roaming\AVAST Software
2015-11-20 18:40:33 ----A---- C:\Windows\system32\drivers\aswVmm.sys
2015-11-20 18:40:33 ----A---- C:\Windows\system32\drivers\aswStm.sys
2015-11-20 18:40:32 ----A---- C:\Windows\system32\drivers\aswSP.sys
2015-11-20 18:40:32 ----A---- C:\Windows\system32\drivers\aswRvrt.sys
2015-11-20 18:40:31 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2015-11-20 18:40:31 ----A---- C:\Windows\system32\drivers\aswHwid.sys
2015-11-20 18:40:30 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2015-11-20 18:40:29 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2015-11-20 18:40:09 ----A---- C:\Windows\avastSS.scr
2015-11-20 18:39:31 ----D---- C:\Program Files\AVAST Software
2015-11-20 18:39:22 ----D---- C:\ProgramData\AVAST Software
2015-11-20 18:37:12 ----A---- C:\Windows\iun6002.exe
2015-11-20 18:37:08 ----D---- C:\Program Files (x86)\Codec Pack - All In 1
2015-11-19 19:08:02 ----D---- C:\Users\Petra\AppData\Roaming\Skype
2015-11-19 19:07:28 ----RD---- C:\Program Files (x86)\Skype
2015-11-19 19:07:21 ----D---- C:\ProgramData\Skype
2015-11-19 18:55:54 ----D---- C:\Users\Petra\AppData\Roaming\Google
2015-11-19 18:52:10 ----D---- C:\Program Files\CCleaner

======List of files/folders modified in the last 1 month======

2015-11-21 18:48:28 ----D---- C:\Windows\Prefetch
2015-11-21 18:48:26 ----D---- C:\Windows\Temp
2015-11-21 18:48:24 ----RD---- C:\Program Files
2015-11-21 17:47:42 ----D---- C:\Windows\rescache
2015-11-21 16:32:20 ----D---- C:\Windows\system32\config
2015-11-21 16:22:43 ----SD---- C:\Users\Petra\AppData\Roaming\Microsoft
2015-11-21 16:19:00 ----D---- C:\Windows\SysWOW64
2015-11-21 16:19:00 ----D---- C:\Windows\System32
2015-11-21 16:18:51 ----D---- C:\Windows\winsxs
2015-11-21 16:18:36 ----D---- C:\ProgramData\NVIDIA
2015-11-21 16:17:24 ----D---- C:\Windows\system32\cs-CZ
2015-11-21 16:15:52 ----SHD---- C:\Windows\Installer
2015-11-21 16:15:43 ----RSD---- C:\Windows\assembly
2015-11-21 16:14:41 ----RD---- C:\Program Files (x86)
2015-11-21 16:14:19 ----D---- C:\Program Files (x86)\Microsoft Office
2015-11-21 16:14:11 ----RSD---- C:\Windows\Fonts
2015-11-21 16:13:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2015-11-21 16:12:34 ----D---- C:\Program Files\Microsoft Office
2015-11-21 16:12:26 ----D---- C:\Windows\ShellNew
2015-11-21 16:12:01 ----HD---- C:\ProgramData
2015-11-21 14:05:21 ----D---- C:\Windows\debug
2015-11-21 14:05:10 ----D---- C:\Windows\system32\catroot
2015-11-21 14:05:09 ----D---- C:\Windows\system32\catroot2
2015-11-21 14:05:06 ----D---- C:\Windows\SoftwareDistribution
2015-11-21 13:55:26 ----D---- C:\Windows
2015-11-20 21:27:11 ----A---- C:\Windows\system32\PerfStringBackup.INI
2015-11-20 21:16:32 ----D---- C:\Windows\Microsoft.NET
2015-11-20 21:10:15 ----D---- C:\Windows\system32\drivers
2015-11-20 21:09:41 ----D---- C:\Windows\system32\NDF
2015-11-20 21:06:30 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2015-11-20 21:05:32 ----D---- C:\Windows\system32\DriverStore
2015-11-20 21:05:32 ----D---- C:\Windows\inf
2015-11-20 21:05:29 ----D---- C:\Program Files (x86)\ASUS
2015-11-20 21:05:20 ----D---- C:\Windows\system32\Tasks
2015-11-20 21:04:59 ----HD---- C:\Program Files (x86)\Temp
2015-11-20 21:03:52 ----D---- C:\Program Files\ASUS
2015-11-20 21:03:40 ----D---- C:\ProgramData\CyberLink
2015-11-20 21:03:40 ----D---- C:\Program Files (x86)\CyberLink
2015-11-20 21:03:16 ----D---- C:\Users\Petra\AppData\Roaming\SoftGrid Client
2015-11-20 20:41:24 ----D---- C:\Program Files (x86)\AmIcoSingLun
2015-11-20 20:41:04 ----D---- C:\Program Files (x86)\Common Files
2015-11-20 20:40:23 ----D---- C:\Users\Petra\AppData\Roaming\Asus WebStorage
2015-11-20 19:54:59 ----D---- C:\Windows\Tasks
2015-11-20 19:54:54 ----D---- C:\Program Files (x86)\Google
2015-11-20 18:38:26 ----D---- C:\ProgramData\Sony Ericsson
2015-11-20 18:38:25 ----D---- C:\Program Files (x86)\Sony Ericsson
2015-11-20 18:35:37 ----DC---- C:\Windows\system32\DRVSTORE
2015-11-20 18:00:41 ----D---- C:\Program Files\Google
2015-11-19 19:08:32 ----D---- C:\ProgramData\Trend Micro
2015-11-19 19:05:02 ----D---- C:\Program Files (x86)\VideoLAN
2015-11-19 18:54:21 ----D---- C:\ProgramData\GoBoingo
2015-11-19 18:52:44 ----D---- C:\Users\Petra\AppData\Roaming\DAEMON Tools Lite
2015-11-19 18:52:44 ----D---- C:\Users\Petra\AppData\Roaming\BitTorrent
2015-11-19 18:52:41 ----D---- C:\Windows\Panther
2015-11-19 18:52:40 ----D---- C:\Windows\Logs
2015-11-19 18:49:28 ----D---- C:\Program Files (x86)\TornTV.com
2015-11-19 18:33:23 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2015-11-20 65224]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2015-11-20 273784]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2010-04-27 244328]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-09-17 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2013-01-22 564824]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [2015-11-20 93528]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2015-11-20 1059656]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2015-11-20 449992]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswHwid;avast! HardwareID; C:\Windows\system32\drivers\aswHwid.sys [2015-11-20 28656]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [2015-11-20 97648]
R2 aswStm;aswStm; C:\Windows\system32\drivers\aswStm.sys [2015-11-20 154256]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2009-06-28 28704]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 721768]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 269672]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 22376]
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS []
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer; \??\C:\eSupport\eDriver\I386\AsPrOb64.sys [2008-01-04 11320]
S3 cpuz133;cpuz133; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz133\cpuz133_x64.sys []
S3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2013-01-27 14448]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2013-01-27 27760]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 SPUVCbv;SPUVCb Driver Service; C:\Windows\System32\Drivers\SPUVCbv_x64.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-11-20 174416]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-02-10 877856]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-10 1266464]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-19 269000]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

-----------------EOF-----------------

Zdravim

V logu nic nebezpecneho nevidim, ale protoze bohuzel zdaleka neukaze vse, radeji to proverime a smaznem u toho par drobnosti.

Neni aktualizovany system, meli ho majitele legalni?


Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Dobrý večer, děkuji za odpověď. Windows jsou v notebooku legální, zakoupené přímo s tímto notebookem (nálepka). Taky mě překvapilo, že tam není nastahovaný service pack 1 atd., ještě to musím vyzkoumat, pže autom. aktualizace zapnuté jsou...

V průběhu provozu se ale už objevuje divné tuhnutí, kdy třeba patnáct minut je vše bez reakce. Předtím jen náznak, teď natvrdo, přitom spuštěný mám jen internet - tj. něco žere moc provoz paměti. Stalo se to po další aktualizaci windowsů...takže.... mám k těm aktualizacím ambivalentní postoj. Service Packy se hodí, ale to ostatní mi přijde zbytečné.

Co byste doporučil Vy, nechat automatické aktualizace nebo?

Vkládám ADWcleaner a MBAM musím spustit zítra, už to dneska nestíhám nechat běžet dlouho, ale neobjevil za 37 min. nic

Díky za Váš čas, příspěvek na fórum po výplatě je samozřejmostí.

# AdwCleaner v5.022 - Logfile created 22/11/2015 at 21:23:17
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium (x64)
# Username : Petra - DARKWELL
# Running from : C:\Users\Petra\Downloads\adwcleaner_5.022.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[#] Folder Deleted : C:\Program Files (x86)\TornTV.com
[#] Folder Deleted : C:\ProgramData\Partner

***** [ Files ] *****

[-] File Deleted : C:\Users\Petra\AppData\LocalLow\SkwConfig.bin
[-] File Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\c0wojbzk.default\searchplugins\SweetIM Search.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\1ClickDownload
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\SweetIM
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKU\.DEFAULT\Software\WNLT
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
[!] Key Not Deleted : HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2214 bytes] ##########

Ja bych automaticke aktualizace nechal. U sebe je zapnute mam. Ale samozrejme zalezi na vas

Za pripadny prispevek samozrejme dekujeme!

K MBAM mi pridejte i log z CDI...
Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

ADWCLEANER

# AdwCleaner v5.022 - Logfile created 22/11/2015 at 21:23:17
# Updated 22/11/2015 by Xplode
# Database : 2015-11-22.2 [Server]
# Operating system : Windows 7 Home Premium (x64)
# Username : Petra - DARKWELL
# Running from : C:\Users\Petra\Downloads\adwcleaner_5.022.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[#] Folder Deleted : C:\Program Files (x86)\TornTV.com
[#] Folder Deleted : C:\ProgramData\Partner

***** [ Files ] *****

[-] File Deleted : C:\Users\Petra\AppData\LocalLow\SkwConfig.bin
[-] File Deleted : C:\Users\Petra\AppData\Roaming\Mozilla\Firefox\Profiles\c0wojbzk.default\searchplugins\SweetIM Search.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{21FA44EF-376D-4D53-9B0F-8A89D3229068}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\1ClickDownload
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\SweetIM
[-] Key Deleted : HKLM\SOFTWARE\PIP
[-] Key Deleted : HKLM\SOFTWARE\SweetIM
[-] Key Deleted : HKU\.DEFAULT\Software\ImInstaller
[-] Key Deleted : HKU\.DEFAULT\Software\WNLT
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
[!] Key Not Deleted : HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2214 bytes] ##########

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 24.11.2015
Čas skenování: 18:06
Protokol: malware.txt
Správce: Ano

Verze: 2.2.0.1024
Databáze malwaru: v2015.11.24.05
Databáze rootkitů: v2015.11.23.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: Petra

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 463665
Uplynulý čas: 2 hod, 22 min, 48 sek

Paměť: Vypnuto
Po spuštění: Vypnuto
Souborový systém: Zapnuto
Archivy: Vypnuto
Rootkity: Zapnuto
Sken hloubkových rootkitů: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 1
PUP.Optional.Incredibar, HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}, , [4d88d8a9305b0f277affd8adf11246ba],

Hodnoty registru: 1
PUP.Optional.Incredibar, HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}|URL, http://mystart.incredibar.com/mb201/?se ... GTYWU&i=26, , [4d88d8a9305b0f277affd8adf11246ba]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

crystal disk
----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Home Premium Edition SP1 [6.1 Build 7601] (x64)
Date : 2015/11/24 20:36:03

-- Controller Map ----------------------------------------------------------
+ NVIDIA nForce Serial ATA Controller [ATA]
- Hitachi HTS547564A9E SCSI Disk Device
- HL-DT-ST DVDRAM GT32N SCSI CdRom Device

-- Disk List ---------------------------------------------------------------
(1) Hitachi HTS547564A9E384 : 640,1 GB [0/0/0, sm]

----------------------------------------------------------------------------
(1) Hitachi HTS547564A9E384
----------------------------------------------------------------------------
Model : Hitachi HTS547564A9E384
Firmware : JEDOA60A
Serial Number : J2130053G9YY5A
Disk Size : 640,1 GB (8,4/137,4/640,1)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 1250263728
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : SATA/300
Power On Hours : 2082 hod.
Power On Count : 1243 krát
Temparature : 35 C (95 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 4080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _62 000000000000 Počet chyb čtení
02 100 100 _40 000000000000 Průchodnost disku
03 211 211 _33 001100000001 Čas na roztočení ploten
04 _99 _99 __0 000000000700 Počet spuštění/zastavení
05 100 100 __5 000000000000 Počet přemapovaných sektorů
07 100 100 _67 000000000000 Počet chybných hledání
08 100 100 _40 000000000000 Čas potřebný na vyhledání
09 _96 _96 __0 000000000822 Hodin v činnosti
0A 100 100 _60 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 0000000004DB Počet cyklů zapnutí zařízení
BF 100 100 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 00000000003F Počet vypnutí disku
C1 _96 _96 __0 00000000B60C Počet cyklů načítání/vymazání
C2 171 171 __0 002C00080023 Teplota
C4 100 100 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
DF 100 100 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 045A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 4A32 3133 3533 3533 4739 5959 3541
020: 0003 4000 0004 4A45 444F 3041 3041 4869 7461 6368
030: 6920 4854 5335 3437 3536 3945 3945 3338 3420 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 1706 1706 0000 005E 0040
080: 01FC 0028 746B 7D69 6163 BC49 BC49 6163 407F 005D
090: 005E 4080 FFFE 0000 0000 0000 0000 0000 0000 0000
100: 82B0 4A85 0000 0000 0000 6003 6003 826C 5000 CCA6
110: 43C4 87BC 0000 0000 0000 0000 0000 0000 0000 4018
120: 4018 0000 0000 0000 0000 0000 0000 0000 0021 000B
130: 0000 0000 2182 1CF1 FA00 4000 4000 0400 0108 0000
140: 0000 0706 0608 0606 0509 0000 0000 0000 0000 0000
150: 0000 0000 4433 4436 0000 0000 0000 5DAD 2518 8000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 003D 003D 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 101F 0021 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 14A5

Nalezy MBAM nechte odstranit (pokud jste ho zavrela, mel by je znovu najit i Sken hrozeb - je rychlejsi), pak muzete MBAM odinstalovat.

Dejte novy log z RSIT

a k tomu

Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach

Zdravím, zprávy byly bohužel příliš dlouhé, u všeho jsem překračovala maximum znaků takže dávám nakonec všechno v RAR, snad to není přílišná komplikace.

dle MBAM vymazáno.

Díky a omlouvám se za zpoždění, bohužel notebook při spuštěném internetu nepochopitelně tuhne a už se s ním nedá vůbec nic dělat, než se vybije baterie... fakt by mě zajímalo, kde může být problém. Má to být herní notebook a nakonec neutáhne ani internet...

Zkuste, jestli to tuhne i v nouzovem rezimu s praci v siti.


Zkontrolujte velikost adresare plochy.


Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Obávám se, že přeceňujete mé IT schopnosti v nouzovém režimu se sítí neumím pracovat. Ale asi vím v čem je problém, odinstalovala jsem úplně všechny utility ASUS.... nu...

Zatím hledám jak zobrazit velikost adresáře plochy

Fix result of Farbar Recovery Scan Tool (x64) Version:25-11-2015 02
Ran by Petra (2015-11-27 18:48:34) Run:1
Running from C:\Users\Petra\Desktop
Loaded Profiles: Petra & UpdatusUser (Available Profiles: Petra & UpdatusUser)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-21-3201448915-3208623186-2291822294-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\...\Run: [msnmsgr] => ~"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)

SearchScopes: HKU\S-1-5-21-3201448915-3208623186-2291822294-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3201448915-3208623186-2291822294-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-20] (AVAST Software)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-21] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-20] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-21] (Oracle Corporation)

FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-11-20] <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-07-09 327296]

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.
HKU\S-1-5-21-3201448915-3208623186-2291822294-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully
HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr => value not found.
HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value not found.
"HKU\S-1-5-21-3201448915-3208623186-2291822294-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-3201448915-3208623186-2291822294-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully
"HKCR\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
C:\Program Files (x86)\mozilla firefox\firefox.cfg => moved successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype => key removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched => key removed successfully
SkypeUpdate => service removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 947 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:49:27 ====

nereide píše:v nouzovém režimu se sítí neumím pracovat

Neni to nic tezkeho
Do nouzoveho rezimu se dostanete takto:
restartujte pc, mackejte klavesu F8 - pripadne jinou, zalezi na typu stroje - a zvolte moznost nouzovy rezim s praci v siti.
Kdyby to neslo, zde je jiny postup http://forum.viry.cz/viewtopic.php?f=46&t=7554

nereide píše:Zatím hledám jak zobrazit velikost adresáře plochy

Kliknete na Pocitac - Disk C - Users - Petra. Ve slozce Petra by mela byt slozka Plocha (pripadne Desktop). Na tu kliknete pravym mysidlem a levym kliknete na Vlastnosti. Zobrazi se okno a tam se objevi i velikost.

nereide píše:Ale asi vím v čem je problém, odinstalovala jsem úplně všechny utility ASUS

To je taky moznost. Pokud to predtim slo normalne...





Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Zdravím, OTL jel několik hodin plus vložené okopírované od Vás, ale skousl se na několika souborech. Tak jsem udělala ještě rychlou kontrolu bez vložených souborů, abych mohla aspoň částečně splnit zadání.

Zároveň se omlouvám, budu on-line až 7.12. (dovolená), tudíž s odpovědí není třeba spěchat, ale téma prosím Vás nezavírejte, potřebuji to dořešit. Děkuji moc. To extras log zobrazuje asi dost problémů

OTL logfile created on: 11/27/2015 11:02:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petra\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17843)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 37.80% Memory free
8.00 Gb Paging File | 5.44 Gb Available in Paging File | 68.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 106.03 Gb Free Space | 71.14% Space Free | Partition Type: NTFS
Drive D: | 427.59 Gb Total Space | 426.96 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: DARKWELL | User Name: Petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/11/27 20:11:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Petra\Downloads\OTL.exe
PRC - [2015/11/20 18:40:09 | 007,004,376 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2015/11/20 18:40:08 | 000,174,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2015/11/20 18:40:10 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2015/11/20 18:40:09 | 000,466,448 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\ffl2.dll
MOD - [2015/11/20 18:40:09 | 000,103,888 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
MOD - [2015/11/20 18:40:08 | 000,125,512 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll


========== Services (SafeList) ==========

SRV:64bit: - [2015/11/24 20:39:07 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2015/11/20 18:40:08 | 000,174,416 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2015/11/21 21:42:30 | 000,269,000 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/02/10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/02/09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2015/11/20 18:40:12 | 000,449,992 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2015/11/20 18:40:12 | 000,273,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2015/11/20 18:40:12 | 000,154,256 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2015/11/20 18:40:12 | 000,097,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2015/11/20 18:40:12 | 000,093,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2015/11/20 18:40:12 | 000,065,224 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2015/11/20 18:40:12 | 000,028,656 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2015/11/20 18:40:03 | 001,059,656 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2015/10/05 09:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/27 16:47:12 | 000,027,760 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2013/01/27 16:47:12 | 000,014,448 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2013/01/22 15:09:19 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/12/19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/10/15 10:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/10/05 02:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/20 18:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 17:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 13:14:13 | 000,011,320 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\eSupport\eDriver\I386\ASPROB64.SYS -- (ASUSProcObsrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=i ... lz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=s ... earchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=s ... earchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
IE - HKCU\..\SearchScopes,DefaultScope = {E9410C70-B6AE-41FF-AB71-32F4B279EA5F}
IE - HKCU\..\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}: "URL" = https://www.google.com/search?trackid=s ... earchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.countryCode: "CZ"
FF - prefs.js..browser.search.region: "CZ"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.66.2: C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/11/20 18:41:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\sp@avast.com: C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015/11/20 18:41:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 42.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2015/11/20 19:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petra\AppData\Roaming\mozilla\Extensions
[2015/11/20 20:04:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Petra\AppData\Roaming\mozilla\Firefox\Profiles\c0wojbzk.default\extensions
[2015/11/20 19:53:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/11/20 19:53:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2015/11/27 18:48:35 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 16
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F329D31-ABB8-4CF8-B7CF-4D85539B5560}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCF72ADC-1A50-4434-8CF0-DECE8FB2DF80}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{81831cc0-649e-11e2-b483-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{81831cc0-649e-11e2-b483-806e6f6e6963}\Shell\AutoRun\command - "" = F:\INSTALL.EXE
O33 - MountPoints2\{8e54418a-649f-11e2-b18a-20cf30541808}\Shell - "" = AutoRun
O33 - MountPoints2\{8e54418a-649f-11e2-b18a-20cf30541808}\Shell\AutoRun\command - "" = F:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/11/27 19:11:04 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2015/11/27 18:48:26 | 002,348,544 | ---- | C] (Farbar) -- C:\Users\Petra\Desktop\FRST64.exe
[2015/11/26 00:02:23 | 000,000,000 | ---D | C] -- C:\FRST
[2015/11/22 22:15:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2015/11/22 22:15:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2015/11/22 21:28:43 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/11/22 21:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/11/22 21:28:21 | 000,109,272 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/11/22 21:28:20 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/11/22 21:28:20 | 000,025,816 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/11/22 21:28:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/11/22 21:28:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/11/22 21:28:05 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\Programs
[2015/11/22 21:20:16 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2015/11/22 21:18:00 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2015/11/22 21:17:20 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2015/11/21 23:18:40 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2015/11/21 23:18:38 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2015/11/21 23:18:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2015/11/21 21:43:05 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\Macromedia
[2015/11/21 21:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/11/21 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Sun
[2015/11/21 21:22:08 | 000,000,000 | ---D | C] -- C:\Users\Petra\.oracle_jre_usage
[2015/11/21 21:21:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/11/21 21:21:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2015/11/21 18:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2015/11/21 18:48:24 | 000,000,000 | ---D | C] -- C:\rsit
[2015/11/21 16:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2015/11/21 16:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2015/11/21 16:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2015/11/21 16:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2015/11/21 16:12:04 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\Microsoft Help
[2015/11/21 16:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2015/11/21 16:11:49 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2015/11/21 14:05:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2015/11/20 20:50:15 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2015/11/20 20:50:13 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\IrfanView
[2015/11/20 20:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2015/11/20 19:53:40 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Mozilla
[2015/11/20 19:53:40 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\Mozilla
[2015/11/20 19:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/11/20 18:41:52 | 000,386,096 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/11/20 18:41:07 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\AVAST Software
[2015/11/20 18:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2015/11/20 18:40:33 | 000,273,784 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/11/20 18:40:33 | 000,154,256 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/11/20 18:40:32 | 000,449,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/11/20 18:40:32 | 000,065,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/11/20 18:40:31 | 000,097,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2015/11/20 18:40:31 | 000,028,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/11/20 18:40:30 | 000,093,528 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/11/20 18:40:29 | 001,059,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2015/11/20 18:40:09 | 000,043,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/11/20 18:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2015/11/20 18:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2015/11/20 18:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codec Pack
[2015/11/20 18:37:12 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2015/11/20 18:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Codec Pack - All In 1
[2015/11/19 19:08:16 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Local\Skype
[2015/11/19 19:08:02 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Skype
[2015/11/19 19:07:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2015/11/19 19:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2015/11/19 19:07:28 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2015/11/19 19:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2015/11/19 18:55:54 | 000,000,000 | ---D | C] -- C:\Users\Petra\AppData\Roaming\Google
[2015/11/19 18:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/11/19 18:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

========== Files - Modified Within 30 Days ==========

[2015/11/27 23:00:01 | 000,001,769 | ---- | M] () -- C:\Windows\Language_trs.ini
[2015/11/27 21:46:03 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2015/11/27 21:26:17 | 000,015,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/11/27 21:26:17 | 000,015,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/11/27 21:24:47 | 000,000,095 | ---- | M] () -- C:\Users\Petra\.accessibility.properties
[2015/11/27 21:01:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/11/27 21:01:29 | 3220,647,936 | -HS- | M] () -- C:\hiberfil.sys
[2015/11/27 19:11:08 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2015/11/27 18:48:35 | 000,000,035 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2015/11/26 22:31:47 | 001,270,586 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2015/11/26 22:31:47 | 000,847,902 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/11/26 22:31:47 | 000,342,590 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2015/11/26 22:31:47 | 000,320,764 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/11/26 22:31:47 | 000,005,502 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/11/26 00:02:22 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/11/26 00:01:50 | 002,348,544 | ---- | M] (Farbar) -- C:\Users\Petra\Desktop\FRST64.exe
[2015/11/24 22:17:47 | 000,181,594 | ---- | M] () -- C:\Users\Petra\Documents\www_IE11.jpg
[2015/11/24 22:16:27 | 000,205,966 | ---- | M] () -- C:\Users\Petra\Documents\www_mozilla.jpg
[2015/11/24 20:54:46 | 000,348,176 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/11/24 20:39:18 | 000,016,303 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2015/11/24 20:39:10 | 000,016,303 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2015/11/24 20:38:26 | 000,120,736 | ---- | M] () -- C:\Users\Petra\Documents\Clipboard01.jpg
[2015/11/24 20:38:26 | 000,078,182 | ---- | M] () -- C:\Users\Petra\Documents\crystal.jpg
[2015/11/24 20:37:43 | 001,301,310 | ---- | M] () -- C:\Users\Petra\Documents\crystaldisk.bmp
[2015/11/22 21:28:24 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/20 20:50:15 | 000,001,004 | ---- | M] () -- C:\Users\Petra\Desktop\IrfanView.lnk
[2015/11/20 20:49:24 | 098,035,444 | ---- | M] () -- C:\Users\Petra\Desktop\propetru.zip
[2015/11/20 20:33:39 | 002,089,815 | ---- | M] () -- C:\Users\Petra\Documents\eva_strasidlo.jpg
[2015/11/20 20:33:28 | 002,217,480 | ---- | M] () -- C:\Users\Petra\Documents\anicka_ivka_ja2.jpg
[2015/11/20 20:33:28 | 001,328,510 | ---- | M] () -- C:\Users\Petra\Documents\anicka_ivka_ja.jpg
[2015/11/20 20:33:27 | 001,622,979 | ---- | M] () -- C:\Users\Petra\Documents\anicka_ivka.jpg
[2015/11/20 20:33:11 | 000,307,011 | ---- | M] () -- C:\Users\Petra\Documents\jaajaponci.jpg
[2015/11/20 19:53:32 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/11/20 18:40:52 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/11/20 18:40:12 | 000,449,992 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2015/11/20 18:40:12 | 000,386,096 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2015/11/20 18:40:12 | 000,273,784 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswVmm.sys
[2015/11/20 18:40:12 | 000,154,256 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2015/11/20 18:40:12 | 000,097,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2015/11/20 18:40:12 | 000,093,528 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2015/11/20 18:40:12 | 000,065,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2015/11/20 18:40:12 | 000,028,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswHwid.sys
[2015/11/20 18:40:09 | 000,043,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2015/11/20 18:40:03 | 001,059,656 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2015/11/20 18:36:36 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2015/11/19 21:55:38 | 000,108,096 | ---- | M] () -- C:\Users\Petra\Documents\bookmarks.html
[2015/11/19 19:07:30 | 000,002,731 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/11/19 18:53:07 | 000,078,292 | ---- | M] () -- C:\Users\Petra\Documents\cc_20151119_185258.reg
[2015/11/19 18:52:11 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2015/11/27 23:00:01 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2015/11/27 20:19:27 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2015/11/27 19:11:08 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2015/11/24 22:17:47 | 000,181,594 | ---- | C] () -- C:\Users\Petra\Documents\www_IE11.jpg
[2015/11/24 22:16:27 | 000,205,966 | ---- | C] () -- C:\Users\Petra\Documents\www_mozilla.jpg
[2015/11/24 20:39:18 | 000,016,303 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2015/11/24 20:39:10 | 000,016,303 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2015/11/24 20:38:26 | 000,120,736 | ---- | C] () -- C:\Users\Petra\Documents\Clipboard01.jpg
[2015/11/24 20:38:26 | 000,078,182 | ---- | C] () -- C:\Users\Petra\Documents\crystal.jpg
[2015/11/24 20:37:43 | 001,301,310 | ---- | C] () -- C:\Users\Petra\Documents\crystaldisk.bmp
[2015/11/22 21:28:24 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/11/22 21:19:36 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2015/11/22 21:16:45 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2015/11/22 21:16:07 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2015/11/22 21:16:07 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2015/11/22 21:15:14 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2015/11/20 20:50:15 | 000,001,004 | ---- | C] () -- C:\Users\Petra\Desktop\IrfanView.lnk
[2015/11/20 20:49:10 | 098,035,444 | ---- | C] () -- C:\Users\Petra\Desktop\propetru.zip
[2015/11/20 19:53:32 | 000,001,165 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2015/11/20 19:53:32 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2015/11/20 19:48:47 | 000,108,096 | ---- | C] () -- C:\Users\Petra\Documents\bookmarks.html
[2015/11/20 18:40:52 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2015/11/19 23:50:06 | 002,217,480 | ---- | C] () -- C:\Users\Petra\Documents\anicka_ivka_ja2.jpg
[2015/11/19 23:50:06 | 002,089,815 | ---- | C] () -- C:\Users\Petra\Documents\eva_strasidlo.jpg
[2015/11/19 23:50:06 | 001,622,979 | ---- | C] () -- C:\Users\Petra\Documents\anicka_ivka.jpg
[2015/11/19 23:50:06 | 001,328,510 | ---- | C] () -- C:\Users\Petra\Documents\anicka_ivka_ja.jpg
[2015/11/19 23:50:04 | 000,307,011 | ---- | C] () -- C:\Users\Petra\Documents\jaajaponci.jpg
[2015/11/19 19:07:30 | 000,002,731 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2015/11/19 18:53:00 | 000,078,292 | ---- | C] () -- C:\Users\Petra\Documents\cc_20151119_185258.reg
[2015/11/19 18:52:11 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/26 19:47:57 | 000,000,095 | ---- | C] () -- C:\Users\Petra\.accessibility.properties
[2010/09/17 01:27:50 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 14:27:25 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 13:21:19 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2015/11/20 20:40:23 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\Asus WebStorage
[2015/11/20 18:41:07 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\AVAST Software
[2015/11/19 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\BitTorrent
[2015/11/19 18:52:44 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\DAEMON Tools Lite
[2013/03/21 16:49:12 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\GHISLER
[2015/11/20 20:50:13 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\IrfanView
[2015/11/20 21:03:16 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\SoftGrid Client
[2012/12/17 11:32:01 | 000,000,000 | ---D | M] -- C:\Users\Petra\AppData\Roaming\TP

========== Purity Check ==========



< End of report >



OTL Extras logfile created on: 11/27/2015 11:02:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Petra\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17843)
Locale: 00000409 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 37.80% Memory free
8.00 Gb Paging File | 5.44 Gb Available in Paging File | 68.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 106.03 Gb Free Space | 71.14% Space Free | Partition Type: NTFS
Drive D: | 427.59 Gb Total Space | 426.96 Gb Free Space | 99.85% Space Free | Partition Type: NTFS

Computer Name: DARKWELL | User Name: Petra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{068695ED-118B-4DC4-B652-4B3A118872A2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{16C5CCB4-4337-4889-8ECD-03C9F6BE1A77}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1D79A161-3A2F-48C9-9717-94560FB711A8}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary |
"{20B69D72-7114-4BA9-912E-C5233FBF3800}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary |
"{256CEA0D-5BC8-4EBB-8676-36214012AD1C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2D3E7013-D080-48A2-8FD3-8BEB78DD05D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3305287A-D80C-404B-BD75-29DF16493820}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46749772-AFAF-4DCC-83F7-FED4180397E2}" = lport=139 | protocol=6 | dir=in | app=system |
"{4A0E7B2D-EE67-4C07-BA1D-6E03970269C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{5C9093BE-6676-4AD7-99F9-EE9844082E64}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5FF752B7-2942-4C2B-A146-196AB40777B0}" = lport=445 | protocol=6 | dir=in | app=system |
"{7C670C5E-7C3F-46A9-B861-6728B762E02E}" = lport=138 | protocol=17 | dir=in | app=system |
"{7F97A998-E52B-4A99-A9E1-F7028448A978}" = rport=138 | protocol=17 | dir=out | app=system |
"{81E8FE8E-DDEE-45BB-A925-4742B9731586}" = rport=10243 | protocol=6 | dir=out | app=system |
"{94ADE4EC-17E5-4B26-A903-FAAA3E4F1565}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9CC99C01-4AB0-40F8-9584-AFA235B64267}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A151EE2E-4BFD-4B83-957D-100BEFF2D7B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A3CAA940-3E04-4D0D-9D08-BB57D9FB9EB9}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0EEF59E-FA1C-44E8-8509-32ABB313AE5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D35E427B-36FF-416B-92F0-041269238A91}" = lport=137 | protocol=17 | dir=in | app=system |
"{DBE79618-C41C-4266-A3E1-0C62CE0C17B7}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9B933B4-19F3-462C-A9D3-2B373728F92A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1489DD9-3B81-4D26-ABFA-5176D60FF8C3}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{002DF4C4-BE9E-40C6-86F3-C27419EAD1DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C51AB98-85AD-4156-8E1B-AD9D35D44AFA}" = protocol=6 | dir=out | app=system |
"{1B0122DD-5ABE-45FE-8AD8-3A19B0CB0570}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{235893EB-C3E0-4E20-ADDF-530A94DD7958}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{351BD1FD-AD92-4312-A082-95C0A94CA22C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{50EBB3C0-DEC0-4C56-AB84-7AAD1B7C8A2A}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{50F0E1D1-824B-4B9A-BB27-E7AA4CC7BEAA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5FFE5913-0780-4576-8579-0AAADAD38E9F}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"{6B239292-CC52-476B-9F90-959A133EB973}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C39C465-F5D8-420B-9C2E-7734B4BBCAA2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8BF54C4A-9E64-4842-B3CF-B373F9281D02}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8F1BDA2A-662A-47A8-B62D-7A4F2C6504C5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{95455C13-5354-4A88-AF85-F3A7D503FE1A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A4F1922E-AEFD-4006-A792-E0E36139914E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A51F99E4-1EA5-4707-9F4D-0A82BDA23D7E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AC430691-00AA-4A31-8C37-519C4E5B216D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC5E9858-C1CD-4191-A3FA-9E250001B74C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DAB0E71E-24A1-4454-9ED7-9DE410435C5A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DCC93680-CAEA-407F-A3F5-60815A1088FD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E3783748-25CD-4D2A-9DE3-73B36E0BECB0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E76BD8F4-90B1-4623-AB1D-E506C160AED7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F6E42368-0B3B-4A44-A065-FF87E3781339}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2007
"{90140000-006D-0405-1000-0000000FF1CE}" = Microsoft Office Klikni a spusť 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{26A24AE4-039D-4CA4-87B4-2F83218066F0}" = Java 8 Update 66
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6A0549A9-1B96-498C-ACBC-3943001FEB19}" = Skype™ 7.15
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 19 ActiveX
"Adobe Flash Player NPAPI" = Adobe Flash Player 19 NPAPI
"ASUS_Screensaver" = ASUS_Screensaver
"Avast" = Avast Free Antivirus
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"IrfanView" = IrfanView (remove only)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware verze 2.2.0.1024
"Mozilla Firefox 42.0 (x86 cs)" = Mozilla Firefox 42.0 (x86 cs)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klikni a spusť 2010
"PROPLUS" = Microsoft Office Professional Plus 2007
"The KMPlayer" = The KMPlayer (remove only)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/26/2015 5:06:59 PM | Computer Name = Darkwell | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu SMSvcHost 4.0.0.0 (SMSvcHost
4.0.0.0) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód chyby.

Error - 11/26/2015 5:07:00 PM | Computer Name = Darkwell | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error - 11/26/2015 5:07:00 PM | Computer Name = Darkwell | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error - 11/26/2015 5:07:00 PM | Computer Name = Darkwell | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu MSDTC Bridge 4.0.0.0 (MSDTC
Bridge 4.0.0.0) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód
chyby.

Error - 11/26/2015 5:07:00 PM | Computer Name = Darkwell | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error - 11/26/2015 5:07:00 PM | Computer Name = Darkwell | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error - 11/26/2015 5:07:00 PM | Computer Name = Darkwell | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu MSDTC Bridge 4.0.0.0 (MSDTC
Bridge 4.0.0.0) se nezdařilo. První hodnota DWORD v datové oblasti obsahuje kód
chyby.

Error - 11/26/2015 5:31:44 PM | Computer Name = Darkwell | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error - 11/26/2015 5:31:44 PM | Computer Name = Darkwell | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Hodnota řetězce výkonu v registru výkonu je poškozena, pokud proces
Performance zprostředkovatele čítače rozšíření. Hodnotu BaseIndex z registru výkonu
obsahuje první hodnota DWORD datové části. Hodnotu LastCounter obsahuje druhá hodnota
DWORD a hodnotu LastHelp obsahuje třetí hodnota DWORD datové části.

Error - 11/26/2015 5:31:44 PM | Computer Name = Darkwell | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Uvolnění řetězců čítačů výkonu pro službu WmiApRpl (WmiApRpl) se nezdařilo.
První hodnota DWORD v datové oblasti obsahuje kód chyby.

[ System Events ]
Error - 11/23/2015 4:00:51 PM | Computer Name = Darkwell | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Update Service Daemon byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 11/23/2015 4:00:54 PM | Computer Name = Darkwell | Source = Service Control Manager | ID = 7000
Description = Služba Avast Antivirus neuspěla při spuštění v důsledku následující
chyby: %%109

Error - 11/23/2015 4:04:54 PM | Computer Name = Darkwell | Source = DCOM | ID = 10016
Description =

Error - 11/24/2015 3:53:06 PM | Computer Name = Darkwell | Source = Service Control Manager | ID = 7031
Description = Služba Microsoft .NET Framework NGEN v4.0.30319_X86 byla nečekaně
ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund:
Restartovat službu.

Error - 11/24/2015 3:53:06 PM | Computer Name = Darkwell | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Stereoscopic 3D Driver Service byla neočekávaně ukončena.
Tento stav nastal již 1krát.

Error - 11/24/2015 3:53:11 PM | Computer Name = Darkwell | Source = Service Control Manager | ID = 7031
Description = Služba Avast Antivirus byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error - 11/24/2015 3:53:11 PM | Computer Name = Darkwell | Source = Service Control Manager | ID = 7034
Description = Služba Application Virtualization Service Agent byla neočekávaně ukončena.
Tento stav nastal již 1krát.

Error - 11/24/2015 3:53:13 PM | Computer Name = Darkwell | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Update Service Daemon byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 11/24/2015 3:53:19 PM | Computer Name = Darkwell | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Avast Antivirus bylo dosaženo časového
limitu (30000 ms).

Error - 11/24/2015 3:53:19 PM | Computer Name = Darkwell | Source = Service Control Manager | ID = 7000
Description = Služba Avast Antivirus neuspěla při spuštění v důsledku následující
chyby: %%1053


< End of report >

nereide píše:Tak jsem udělala ještě rychlou kontrolu bez vložených souborů, abych mohla aspoň částečně splnit zadání.

Bohuzel bez vlozeni toho textu je ten log nedostacujici

Spustte ho pak podle stejneho navodu jeste jednou, ale s timto upravenym skriptem
A k tomu pridejte i aktualni log z RSIT

nový log OTL i se vyčištěním dle Vaší poslední instrukce přikládám v příloze, protože příliš velký počet znaků