VIRY.CZ

Zdravím,
prosím o kontrolu logu přítelčina notebooku.
Je totálně zpomalený a před časem jsem tady našel nějaký keylogger

Tisíceré díky


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2016
Ran by Petra (administrator) on PETRA-PC (28-10-2016 21:27:16)
Running from C:\Users\Petra\Desktop
Loaded Profiles: Petra (Available Profiles: Petra)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\Capsosd.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Users\Petra\AppData\Roaming\ICQ\bin\icq.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(CPUID) C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Petra\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\CAPSOSD.EXE [3060776 2010-10-25] (Wistron Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8943520 2010-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\Utility.exe [5117856 2010-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1938728 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [kbdsprt] => [X]
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9083840 2016-10-13] (AVAST Software)
HKLM\...\RunOnce: [20161024] => "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" "C:\Program Files\AVAST Software\Avast\4895b20f-d2b1-444c-820b-461eed9b431e\db5ee937-b8ff-42b6-b69e-b6bbe20875b4.dll",_stage2@16
HKU\S-1-5-21-2353109117-234346251-1123694436-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2353109117-234346251-1123694436-1000\...\Run: [icq.desktop] => C:\Users\Petra\AppData\Roaming\ICQ\bin\icq.exe [26545288 2016-10-22] ()
HKU\S-1-5-21-2353109117-234346251-1123694436-1000\...\MountPoints2: {05ff5f99-c582-11e4-9ae7-f0def1f925ab} - D:\Lenovo_Suite.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-09] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{44717355-4847-4165-996B-A5CB65EA5E3D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83FAD660-B6FF-4E4F-BDF3-A2361F67F63A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113
SearchScopes: HKU\S-1-5-21-2353109117-234346251-1123694436-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={21EC14F0-A3A1-42D3-8FF7-3AA6199C27E4}&mid=c55f0aea1a1147d0b4bb2197b71dcc58-c7f79e43b940d2ce1561c53f53a8e7737642e947&lang=cs&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2016-01-28 17:35:43&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2353109117-234346251-1123694436-1000 -> F776ADF8D75C4D6981D17CC1386B4CD2 URL = hxxp://isearch.avg.com/search?cid={FA4510FD-5294-4B54-B889-47C7B84F28D1}&mid=c55f0aea1a1147d0b4bb2197b71dcc58-c7f79e43b940d2ce1561c53f53a8e7737642e947&lang=cs&ds=AVG&pr=fr&d=2013-01-30 18:59:00&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2353109117-234346251-1123694436-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={21EC14F0-A3A1-42D3-8FF7-3AA6199C27E4}&mid=c55f0aea1a1147d0b4bb2197b71dcc58-c7f79e43b940d2ce1561c53f53a8e7737642e947&lang=cs&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2016-01-28 17:35:43&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: linkscanner - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha7312.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff
FF Extension: (Media View) - C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff [2014-03-10] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-09]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default [2016-10-28]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2016-10-04]
CHR Extension: (YouTube) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Adblock Plus) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Skype) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Bungalow) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkdmggpdfpodahejeckklcncacambmo [2014-07-10]
CHR Extension: (Gmail) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx <not found>
CHR HKLM\...\Chrome\Extension: [jpikpapinmedmjmllbbmccpfilnecdcp] - C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ch\MediaViewV1alpha7312.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66176 2010-11-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [31872 2010-11-11] (Advanced Micro Devices)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R3 cpuz140; C:\Users\Petra\AppData\Local\Temp\cpuz140\cpuz140_x32.sys [45760 2016-10-28] (CPUID)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [226408 2010-11-30] (Realtek Semiconductor Corp.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [196352 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [5888 2010-08-16] (Vimicro Corporation)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-28 21:27 - 2016-10-28 21:27 - 00014997 _____ C:\Users\Petra\Desktop\FRST.txt
2016-10-28 21:26 - 2016-10-28 21:27 - 00000000 ____D C:\FRST
2016-10-28 21:25 - 2016-10-28 21:25 - 01757184 _____ (Farbar) C:\Users\Petra\Desktop\FRST.exe
2016-10-28 21:24 - 2016-10-28 21:24 - 00112640 _____ (forum.viry.cz) C:\Users\Petra\Desktop\FRSTLauncher.exe
2016-10-28 20:58 - 2016-10-28 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-10-28 20:58 - 2016-10-28 20:58 - 00000000 ____D C:\Program Files\CPUID
2016-10-28 20:57 - 2016-10-28 20:57 - 01191360 _____ ( ) C:\Users\Petra\Downloads\hwmonitor_1.30.exe
2016-10-22 16:25 - 2016-10-22 18:58 - 1465150908 _____ C:\Users\Petra\Downloads\Dobrý-Will-Hunting---Good-Will-Hunting-(1997)(CZ).avi
2016-10-17 17:42 - 2016-10-17 17:42 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-10-08 11:40 - 2016-10-08 14:43 - 1646226608 _____ C:\Users\Petra\Downloads\V-zajetí-démonů-2-cz-dabing.avi
2016-10-04 20:30 - 2016-10-04 21:49 - 733863936 _____ C:\Users\Petra\Downloads\Cesta-z-mesta-CZ.avi.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-28 21:01 - 2009-07-14 06:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-28 21:01 - 2009-07-14 06:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-28 21:00 - 2014-04-03 21:04 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4f6f7e7f9f8c.job
2016-10-28 20:26 - 2012-10-10 18:12 - 32194700 _____ C:\Windows\system32\perfh005.dat
2016-10-28 20:26 - 2012-10-10 18:12 - 11374416 _____ C:\Windows\system32\perfc005.dat
2016-10-28 20:26 - 2012-10-10 17:47 - 00394276 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-28 20:26 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-10-28 20:22 - 2013-07-11 14:59 - 00000264 _____ C:\Windows\Tasks\AutoKMS.job
2016-10-28 10:19 - 2012-10-13 20:26 - 00000632 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
2016-10-28 10:02 - 2012-10-11 18:05 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-28 09:18 - 2013-06-08 20:37 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-10-28 09:18 - 2013-05-31 22:13 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-10-28 09:18 - 2013-01-24 17:05 - 00000342 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2016-10-28 09:18 - 2012-10-11 18:05 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-28 09:13 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-24 18:21 - 2016-08-19 13:01 - 00000000 ____D C:\Users\Petra\AppData\Roaming\ICQ
2016-10-24 18:20 - 2013-07-11 14:24 - 00000000 ___RD C:\Program Files\Skype
2016-10-22 21:27 - 2016-07-14 20:18 - 00000000 ____D C:\Users\Petra\AppData\Local\SmartView2
2016-10-22 18:56 - 2013-04-07 13:02 - 00000000 ____D C:\Users\Petra\AppData\Roaming\vlc
2016-10-22 12:49 - 2013-07-11 14:25 - 00000000 ____D C:\Users\Petra\AppData\Roaming\Skype
2016-10-22 12:38 - 2013-07-11 14:24 - 00000000 ____D C:\ProgramData\Skype
2016-10-13 16:01 - 2016-04-10 18:14 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys

==================== Files in the root of some directories =======

2014-06-01 18:16 - 2014-06-01 18:16 - 0001535 _____ () C:\Users\Petra\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{67EE70BD-7E12-4F25-93BB-0B36682E1017}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{5BA7E262-2600-497A-A2E0-6106E3EBD670}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4f6f7e7f9f8c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\system32\Adobe\Shockwave 11\SymInstallStub.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Petra\Desktop" je 11184 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\331BigDog
C:\Program Files\USB Camera\VM331_STI.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent
C:\Program Files\BlueStacks\HD-Agent.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq
C:\Users\Petra\AppData\Roaming\ICQM\icq.exe -CU [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamInstall-uninstall:b43441ac6690cb003debc6d1a41aa646
"C:\Users\Petra\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe" -c "C:\Users\Petra\AppData\Roaming\Seznam.cz" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Zdravim

Jak je to s legalitou systemu? Ultimate neni zrovna bezna domaci verze

Jarmil128 píše:***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Petra\Desktop" je 11184 MB.

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku

No plocha je uklizena.
Legálnost je otázka i podle mě, ale přítelkyně trvá na tom že ntb takto se systemem koupila z obchodu, takže legální být musí....

Log po uklizení

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-10-2016
Ran by Petra (administrator) on PETRA-PC (29-10-2016 12:21:27)
Running from C:\Users\Petra\Desktop
Loaded Profiles: Petra (Available Profiles: Petra)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\Capsosd.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\CAPSOSD.EXE [3060776 2010-10-25] (Wistron Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8943520 2010-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\Utility.exe [5117856 2010-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1938728 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [kbdsprt] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9099440 2016-10-28] (AVAST Software)
HKU\S-1-5-21-2353109117-234346251-1123694436-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2353109117-234346251-1123694436-1000\...\MountPoints2: {05ff5f99-c582-11e4-9ae7-f0def1f925ab} - D:\Lenovo_Suite.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-09] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{44717355-4847-4165-996B-A5CB65EA5E3D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83FAD660-B6FF-4E4F-BDF3-A2361F67F63A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113
SearchScopes: HKU\S-1-5-21-2353109117-234346251-1123694436-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={21EC14F0-A3A1-42D3-8FF7-3AA6199C27E4}&mid=c55f0aea1a1147d0b4bb2197b71dcc58-c7f79e43b940d2ce1561c53f53a8e7737642e947&lang=cs&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2016-01-28 17:35:43&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2353109117-234346251-1123694436-1000 -> F776ADF8D75C4D6981D17CC1386B4CD2 URL = hxxp://isearch.avg.com/search?cid={FA4510FD-5294-4B54-B889-47C7B84F28D1}&mid=c55f0aea1a1147d0b4bb2197b71dcc58-c7f79e43b940d2ce1561c53f53a8e7737642e947&lang=cs&ds=AVG&pr=fr&d=2013-01-30 18:59:00&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2353109117-234346251-1123694436-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={21EC14F0-A3A1-42D3-8FF7-3AA6199C27E4}&mid=c55f0aea1a1147d0b4bb2197b71dcc58-c7f79e43b940d2ce1561c53f53a8e7737642e947&lang=cs&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2016-01-28 17:35:43&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: linkscanner - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [ext@MediaViewV1alpha7312.net] - C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff
FF Extension: (Media View) - C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff [2014-03-10] [not signed]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-09]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default [2016-10-29]
CHR Extension: (IObit Surfing Protection & Ads Removal) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd [2016-10-04]
CHR Extension: (YouTube) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Adblock Plus) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Skype) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Bungalow) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkdmggpdfpodahejeckklcncacambmo [2014-07-10]
CHR Extension: (Gmail) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx <not found>
CHR HKLM\...\Chrome\Extension: [jpikpapinmedmjmllbbmccpfilnecdcp] - C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ch\MediaViewV1alpha7312.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66176 2010-11-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [31872 2010-11-11] (Advanced Micro Devices)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [226408 2010-11-30] (Realtek Semiconductor Corp.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [196352 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [5888 2010-08-16] (Vimicro Corporation)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-29 12:21 - 2016-10-29 12:21 - 00000000 ____D C:\Users\Petra\Desktop\FRST-OlderVersion
2016-10-29 11:32 - 2016-10-29 11:32 - 00003302 _____ C:\Users\Petra\Documents\cc_20161029_113216.reg
2016-10-29 11:26 - 2016-10-29 11:26 - 00001841 _____ C:\Users\Petra\Desktop\Věci z plochy.lnk
2016-10-29 11:22 - 2016-10-29 11:23 - 00000000 ____D C:\Users\Petra\Documents\Věci z plochy
2016-10-28 22:24 - 2016-10-28 22:25 - 00000000 ____D C:\rsit
2016-10-28 22:24 - 2016-10-28 22:25 - 00000000 ____D C:\Program Files\trend micro
2016-10-28 22:24 - 2016-10-28 22:24 - 01107968 _____ C:\Users\Petra\Desktop\RSIT.exe
2016-10-28 21:28 - 2016-10-28 21:29 - 00009215 _____ C:\Users\Petra\Desktop\Addition.txt
2016-10-28 21:27 - 2016-10-29 12:21 - 00013976 _____ C:\Users\Petra\Desktop\FRST.txt
2016-10-28 21:26 - 2016-10-28 21:27 - 00000000 ____D C:\FRST
2016-10-28 21:25 - 2016-10-29 12:21 - 01757696 _____ (Farbar) C:\Users\Petra\Desktop\FRST.exe
2016-10-28 20:58 - 2016-10-28 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-10-28 20:58 - 2016-10-28 20:58 - 00000000 ____D C:\Program Files\CPUID
2016-10-28 20:57 - 2016-10-28 20:57 - 01191360 _____ ( ) C:\Users\Petra\Downloads\hwmonitor_1.30.exe
2016-10-22 16:25 - 2016-10-22 18:58 - 1465150908 _____ C:\Users\Petra\Downloads\Dobrý-Will-Hunting---Good-Will-Hunting-(1997)(CZ).avi
2016-10-17 17:42 - 2016-10-17 17:42 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-10-08 11:40 - 2016-10-08 14:43 - 1646226608 _____ C:\Users\Petra\Downloads\V-zajetí-démonů-2-cz-dabing.avi
2016-10-04 20:30 - 2016-10-04 21:49 - 733863936 _____ C:\Users\Petra\Downloads\Cesta-z-mesta-CZ.avi.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-29 12:17 - 2013-06-08 20:37 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-10-29 12:17 - 2013-05-31 22:13 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-10-29 12:17 - 2013-01-24 17:05 - 00000342 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2016-10-29 12:17 - 2012-10-11 18:05 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-29 12:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2016-10-29 12:16 - 2013-07-11 14:59 - 00000264 _____ C:\Windows\Tasks\AutoKMS.job
2016-10-29 12:16 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-29 11:36 - 2012-11-01 17:43 - 00000000 ____D C:\ProgramData\Win7codecs
2016-10-29 11:29 - 2009-07-14 06:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-29 11:29 - 2009-07-14 06:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-28 23:00 - 2014-04-03 21:04 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4f6f7e7f9f8c.job
2016-10-28 20:26 - 2012-10-10 18:12 - 32194700 _____ C:\Windows\system32\perfh005.dat
2016-10-28 20:26 - 2012-10-10 18:12 - 11374416 _____ C:\Windows\system32\perfc005.dat
2016-10-28 20:26 - 2012-10-10 17:47 - 00394276 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-28 10:19 - 2012-10-13 20:26 - 00000632 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
2016-10-28 10:02 - 2012-10-11 18:05 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 18:21 - 2016-08-19 13:01 - 00000000 ____D C:\Users\Petra\AppData\Roaming\ICQ
2016-10-24 18:20 - 2013-07-11 14:24 - 00000000 ___RD C:\Program Files\Skype
2016-10-22 21:27 - 2016-07-14 20:18 - 00000000 ____D C:\Users\Petra\AppData\Local\SmartView2
2016-10-22 18:56 - 2013-04-07 13:02 - 00000000 ____D C:\Users\Petra\AppData\Roaming\vlc
2016-10-22 12:49 - 2013-07-11 14:25 - 00000000 ____D C:\Users\Petra\AppData\Roaming\Skype
2016-10-22 12:38 - 2013-07-11 14:24 - 00000000 ____D C:\ProgramData\Skype
2016-10-13 16:01 - 2016-04-10 18:14 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys

==================== Files in the root of some directories =======

2014-06-01 18:16 - 2014-06-01 18:16 - 0001535 _____ () C:\Users\Petra\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-26 17:50

==================== End of FRST.txt ============================

Pro usnadnění a zrychlení sem notes projel AdwCenerem ....


# AdwCleaner v6.030 - Logfile created 29/10/2016 at 12:53:14
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-28.2 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X86)
# Username : Petra - PETRA-PC
# Running from : C:\Users\Petra\Desktop\adwcleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\ProgramData\Avg_Update_0814tb
[-] Folder deleted: C:\Users\Petra\AppData\Local\genienext
[-] Folder deleted: C:\Users\Petra\AppData\Local\Mobogenie
[-] Folder deleted: C:\Users\Petra\AppData\Local\SwvUpdater
[-] Folder deleted: C:\Users\Petra\AppData\LocalLow\AVG Secure Search
[-] Folder deleted: C:\Users\Petra\AppData\Roaming\newnext.me
[-] Folder deleted: C:\ProgramData\AVG Security Toolbar
[#] Folder deleted on reboot: C:\ProgramData\Application Data\AVG Security Toolbar
[-] Folder deleted: C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
[-] Folder deleted: C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bbmegnmpleoagolcnjnejdacakedpcgd


***** [ Files ] *****

[-] File deleted: C:\Users\Petra\daemonprocess.txt


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\Updater.AmiUpd
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key deleted: HKU\.DEFAULT\Software\AVG Secure Search
[-] Key deleted: HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\Conduit
[-] Key deleted: HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\SweetIM
[-] Key deleted: HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\wscontb
[-] Key deleted: HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\DC3_FEXEC
[-] Key deleted: HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\Mail.Ru
[-] Key deleted: HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\AppDataLow\Software\adawarebp
[-] Key deleted: HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\AppDataLow\Software\Mail.Ru
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2353109117-234346251-1123694436-1000\Software\SweetIM
[#] Key deleted on reboot: HKU\S-1-5-18\Software\AVG Secure Search
[#] Key deleted on reboot: HKCU\Software\Conduit
[#] Key deleted on reboot: HKCU\Software\SweetIM
[#] Key deleted on reboot: HKCU\Software\wscontb
[#] Key deleted on reboot: HKCU\Software\DC3_FEXEC
[#] Key deleted on reboot: HKCU\Software\Mail.Ru
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\adawarebp
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Mail.Ru
[-] Key deleted: HKLM\SOFTWARE\Conduit
[-] Key deleted: HKLM\SOFTWARE\SweetIM
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
[-] Key deleted: HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\Microsoft\Internet Explorer\SearchScopes\F776ADF8D75C4D6981D17CC1386B4CD2
[-] Key deleted: HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\F776ADF8D75C4D6981D17CC1386B4CD2
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj


***** [ Web browsers ] *****

[-] [C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bbmegnmpleoagolcnjnejdacakedpcgd
[-] [C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: jcdgjdiieiljkfkdcloehkohchhpekkn
[-] [C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ndibdjnfmopecpmkdieinmbadjfpblof
[-] [C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: nfengeggddojhakldhlpjdlddgkkjkdd
[-] [C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ogccgbmabaphcakpiclgcnmcnimhokcj


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5436 Bytes] - [29/10/2016 12:53:14]
C:\AdwCleaner\AdwCleaner[S0].txt - [5350 Bytes] - [29/10/2016 12:50:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5582 Bytes] ##########

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 30.10.2016
Čas skenování: 13:14
Protokol: Test.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.10.30.06
Databáze rootkitů: v2016.09.26.02
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Petra

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 394313
Uplynulý čas: 3 hod, 22 min, 42 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 2
PUP.Optional.MediaView, HKLM\SOFTWARE\MediaViewV1alpha7312, , [e8765d426337cd69b9063178d13260a0],
PUP.Optional.MediaView, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\JPIKPAPINMEDMJMLLBBMCCPFILNECDCP, , [f06e910e5248989e407eaefb82819769],

Hodnoty registru: 2
PUP.Optional.MediaView, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\jpikpapinmedmjmllbbmccpfilnecdcp|path, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ch\MediaViewV1alpha7312.crx, , [f06e910e5248989e407eaefb82819769]
PUP.Optional.MediaView, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|ext@MediaViewV1alpha7312.net, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff, , [c995920d9efc96a0b20ed0d9e221ad53]

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 8
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ch, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff\chrome, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff\chrome\content, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff\chrome\content\icons, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff\chrome\content\icons\default, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ie, , [65f9eeb1bedc0135760e7146f80ae31d],

Soubory: 15
PUP.Optional.Conduit, C:\Users\Petra\AppData\Roaming\uTorrent\ism.exe, , [de80a0ff2773eb4b97c50b1f61a0f30d],
Adware.MoboGenie, C:\AdwCleaner\quarantine\files\rqhudxojhoznwipkmduiimaxahzxhvij\Version\OldVersion\Mobogenie\aapt.exe, , [da84752aa2f87bbbfd8fc90043beab55],
Adware.MoboGenie, C:\AdwCleaner\quarantine\files\rqhudxojhoznwipkmduiimaxahzxhvij\Version\OldVersion\Mobogenie\CrashReport.exe, , [0a54940bb3e7f244bf18694459a8e51b],
Adware.MoboGenie, C:\AdwCleaner\quarantine\files\rqhudxojhoznwipkmduiimaxahzxhvij\Version\OldVersion\Mobogenie\DriverInstall_x64.exe, , [66f8e7b81d7d290de6a69d2c7a87c43c],
Adware.MoboGenie, C:\AdwCleaner\quarantine\files\rqhudxojhoznwipkmduiimaxahzxhvij\Version\OldVersion\Mobogenie\DriverInstall_x86.exe, , [92cc742bdfbb68cea2ea4e7bce33c040],
Adware.MoboGenie, C:\AdwCleaner\quarantine\files\rqhudxojhoznwipkmduiimaxahzxhvij\Version\OldVersion\Mobogenie\lsusb.exe, , [203e534c96042c0a127a13b605fcbf41],
Adware.MoboGenie, C:\AdwCleaner\quarantine\files\rqhudxojhoznwipkmduiimaxahzxhvij\Version\OldVersion\Mobogenie\mgadb.exe, , [63fbe5bab9e150e6a3e9bb0e41c09b65],
Adware.MoboGenie, C:\AdwCleaner\quarantine\files\rqhudxojhoznwipkmduiimaxahzxhvij\Version\OldVersion\Mobogenie\mgusb.exe, , [84da524d8119ae884646cbfefb060df3],
Adware.MoboGenie, C:\AdwCleaner\quarantine\files\rqhudxojhoznwipkmduiimaxahzxhvij\Version\OldVersion\Mobogenie\OutlookOperatorC.exe, , [c59979265842c96d8a029336b051a65a],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff\chrome.manifest, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff\install.rdf, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff\chrome\content\ffMediaViewV1alpha7312.js, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff\chrome\content\overlay.xul, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff\chrome\content\icons\Thumbs.db, , [65f9eeb1bedc0135760e7146f80ae31d],
PUP.Optional.MediaView, C:\Program Files\MediaViewV1\MediaViewV1alpha7312\ff\chrome\content\icons\default\MediaViewV1alpha7312_32.png, , [65f9eeb1bedc0135760e7146f80ae31d],

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)

Vsechny nalezy nechte odstranit. Po odstraneni a restartu pc test s MBAM zopakujte, at vime, jestli se to nevraci. Napiste vysledek testu a podle nej zvolim dalsi postup.

Opětovné test čisté

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 31.10.2016
Čas skenování: 17:37
Protokol: Test2.txt
Správce: Ano

Verze: 2.2.1.1043
Databáze malwaru: v2016.10.31.08
Databáze rootkitů: v2016.09.26.02
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x86
Souborový systém: NTFS
Uživatel: Petra

Typ skenu: Vlastní sken
Výsledek: Dokončeno
Prohledaných objektů: 394706
Uplynulý čas: 3 hod, 8 min, 52 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Zapnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 0
(Nenalezeny žádné škodlivé položky)

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)


(end)


Odezva se lehce zlepšíla ale furt to není asi to co by to mělo být...

To byla hruba sila, ted to teprve zkusime doladit.


Dejte nove logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach
(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2016
Ran by Petra (administrator) on PETRA-PC (01-11-2016 19:40:05)
Running from C:\Users\Petra\Desktop
Loaded Profiles: Petra (Available Profiles: Petra)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Wistron Corp.) C:\Program Files\CapsLK OSD\Capsosd.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Petra\Desktop\FRST-OlderVersion\FRSTLauncher.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [{BA1E422A-80A8-4AA0-B67B-CAA3D04C5162}] => C:\Program Files\CapsLK OSD\CAPSOSD.EXE [3060776 2010-10-25] (Wistron Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files\Lenovo\Energy Management\Energy Management.exe [8943520 2010-11-24] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files\Lenovo\Energy Management\Utility.exe [5117856 2010-11-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1938728 2010-10-21] (Synaptics Incorporated)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [kbdsprt] => [X]
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9099440 2016-10-28] (AVAST Software)
HKU\S-1-5-21-2353109117-234346251-1123694436-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6495144 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-2353109117-234346251-1123694436-1000\...\MountPoints2: {05ff5f99-c582-11e4-9ae7-f0def1f925ab} - D:\Lenovo_Suite.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-10-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-09] (AVAST Software)
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{44717355-4847-4165-996B-A5CB65EA5E3D}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{83FAD660-B6FF-4E4F-BDF3-A2361F67F63A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2353109117-234346251-1123694436-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-10-24] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
Handler: linkscanner - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-09-09]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-09-09]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-02] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-09-04] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP&dt=071113"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default [2016-11-01]
CHR Extension: (YouTube) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-30]
CHR Extension: (Adblock Plus) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-26]
CHR Extension: (Vyhledávání Google) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Skype) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-24]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Bungalow) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogkdmggpdfpodahejeckklcncacambmo [2014-07-10]
CHR Extension: (Gmail) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR Extension: (Chrome Media Router) - C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-28]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx <not found>
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [294400 2011-06-07] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-09] (AVAST Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation)
R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [66176 2010-11-11] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [31872 2010-11-11] (Advanced Micro Devices)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [91232 2016-09-09] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-23] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118664 2016-09-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
S3 cpuz140; C:\Users\Petra\AppData\Local\Temp\cpuz140\cpuz140_x32.sys [45760 2016-10-30] (CPUID)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [226408 2010-11-30] (Realtek Semiconductor Corp.)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [196352 2010-10-21] (Vimicro Corporation)
R3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [5888 2010-08-16] (Vimicro Corporation)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-01 19:40 - 2016-11-01 19:40 - 00011968 _____ C:\Users\Petra\Desktop\FRST.txt
2016-10-31 20:46 - 2016-10-31 20:46 - 00001158 _____ C:\Users\Petra\Desktop\Test2.txt
2016-10-30 16:37 - 2016-10-30 16:37 - 00005006 _____ C:\Users\Petra\Desktop\Test.txt
2016-10-30 13:11 - 2016-10-31 17:37 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-30 13:11 - 2016-10-30 13:11 - 00001060 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-30 13:11 - 2016-10-30 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-30 13:11 - 2016-10-30 13:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-30 13:11 - 2016-10-30 13:11 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-30 13:11 - 2016-03-10 14:09 - 00053120 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-30 13:11 - 2016-03-10 14:08 - 00126336 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-30 13:11 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-30 13:10 - 2016-10-30 13:10 - 22851472 _____ (Malwarebytes ) C:\Users\Petra\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-29 11:47 - 2016-10-29 11:53 - 00000000 ____D C:\AdwCleaner
2016-10-29 11:41 - 2016-10-29 11:42 - 03910208 _____ C:\Users\Petra\Desktop\adwcleaner_6.030.exe
2016-10-29 11:21 - 2016-11-01 19:39 - 00000000 ____D C:\Users\Petra\Desktop\FRST-OlderVersion
2016-10-29 10:32 - 2016-10-29 10:32 - 00003302 _____ C:\Users\Petra\Documents\cc_20161029_113216.reg
2016-10-29 10:26 - 2016-10-29 10:26 - 00001841 _____ C:\Users\Petra\Desktop\Věci z plochy.lnk
2016-10-29 10:22 - 2016-10-29 10:23 - 00000000 ____D C:\Users\Petra\Documents\Věci z plochy
2016-10-28 21:24 - 2016-10-28 21:25 - 00000000 ____D C:\rsit
2016-10-28 21:24 - 2016-10-28 21:25 - 00000000 ____D C:\Program Files\trend micro
2016-10-28 21:24 - 2016-10-28 21:24 - 01107968 _____ C:\Users\Petra\Desktop\RSIT.exe
2016-10-28 20:26 - 2016-11-01 19:40 - 00000000 ____D C:\FRST
2016-10-28 20:25 - 2016-11-01 19:39 - 01758208 _____ (Farbar) C:\Users\Petra\Desktop\FRST.exe
2016-10-28 19:58 - 2016-10-28 19:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-10-28 19:58 - 2016-10-28 19:58 - 00000000 ____D C:\Program Files\CPUID
2016-10-28 19:57 - 2016-10-28 19:57 - 01191360 _____ ( ) C:\Users\Petra\Downloads\hwmonitor_1.30.exe
2016-10-22 15:25 - 2016-10-22 17:58 - 1465150908 _____ C:\Users\Petra\Downloads\Dobrý-Will-Hunting---Good-Will-Hunting-(1997)(CZ).avi
2016-10-17 16:42 - 2016-10-17 16:42 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-10-08 10:40 - 2016-10-08 13:43 - 1646226608 _____ C:\Users\Petra\Downloads\V-zajetí-démonů-2-cz-dabing.avi
2016-10-04 19:30 - 2016-10-04 20:49 - 733863936 _____ C:\Users\Petra\Downloads\Cesta-z-mesta-CZ.avi.avi

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-01 19:20 - 2012-10-13 19:26 - 00000632 ____H C:\Windows\Tasks\Norton Product InstallerIdle.job
2016-11-01 19:14 - 2009-07-14 05:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-01 19:14 - 2009-07-14 05:34 - 00014416 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-01 19:08 - 2012-10-10 17:12 - 32245948 _____ C:\Windows\system32\perfh005.dat
2016-11-01 19:08 - 2012-10-10 17:12 - 11392752 _____ C:\Windows\system32\perfc005.dat
2016-11-01 19:08 - 2012-10-10 16:47 - 00394276 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-01 19:08 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-11-01 19:04 - 2013-07-11 13:59 - 00000264 _____ C:\Windows\Tasks\AutoKMS.job
2016-11-01 19:04 - 2013-06-08 19:37 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2016-11-01 19:04 - 2013-05-31 21:13 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-11-01 19:04 - 2013-01-24 16:05 - 00000342 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2016-11-01 19:04 - 2012-10-11 17:05 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-11-01 19:04 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-31 22:00 - 2014-04-03 20:04 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4f6f7e7f9f8c.job
2016-10-30 20:11 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Web
2016-10-30 20:10 - 2014-03-10 19:21 - 00000000 ____D C:\Program Files\MediaViewV1
2016-10-30 17:47 - 2013-04-07 12:02 - 00000000 ____D C:\Users\Petra\AppData\Roaming\vlc
2016-10-29 11:52 - 2012-10-10 16:42 - 00000000 ____D C:\Users\Petra
2016-10-29 11:35 - 2012-10-11 17:04 - 00000000 ____D C:\Users\Petra\AppData\Local\Google
2016-10-29 10:36 - 2012-11-01 16:43 - 00000000 ____D C:\ProgramData\Win7codecs
2016-10-28 09:02 - 2012-10-11 17:05 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-24 17:21 - 2016-08-19 12:01 - 00000000 ____D C:\Users\Petra\AppData\Roaming\ICQ
2016-10-24 17:20 - 2013-07-11 13:24 - 00000000 ___RD C:\Program Files\Skype
2016-10-22 20:27 - 2016-07-14 19:18 - 00000000 ____D C:\Users\Petra\AppData\Local\SmartView2
2016-10-22 11:49 - 2013-07-11 13:25 - 00000000 ____D C:\Users\Petra\AppData\Roaming\Skype
2016-10-22 11:38 - 2013-07-11 13:24 - 00000000 ____D C:\ProgramData\Skype
2016-10-13 15:01 - 2016-04-10 17:14 - 00224752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys

==================== Files in the root of some directories =======

2014-06-01 17:16 - 2014-06-01 17:16 - 0001535 _____ () C:\Users\Petra\AppData\Local\recently-used.xbel

Some files in TEMP:
====================
C:\Users\Petra\AppData\Local\Temp\libeay32.dll
C:\Users\Petra\AppData\Local\Temp\msvcr120.dll
C:\Users\Petra\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{67EE70BD-7E12-4F25-93BB-0B36682E1017}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{5BA7E262-2600-497A-A2E0-6106E3EBD670}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf4f6f7e7f9f8c.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Windows\system32\Adobe\Shockwave 11\SymInstallStub.exe
Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Petra\Desktop" je 8 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\331BigDog
C:\Program Files\USB Camera\VM331_STI.EXE

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync
"C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent
C:\Program Files\BlueStacks\HD-Agent.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner.exe" /MONITOR [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq
C:\Users\Petra\AppData\Roaming\ICQM\icq.exe -CU [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq.desktop
"C:\Users\Petra\AppData\Roaming\ICQ\bin\icq.exe" /startup [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SeznamInstall-uninstall:b43441ac6690cb003debc6d1a41aa646
"C:\Users\Petra\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe" -c "C:\Users\Petra\AppData\Roaming\Seznam.cz" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype
"C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

vyosek píše: DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.

Tze odezva je celkově lepší, asi to tak necháme
Je dost možný že už to lepší byt nemůže ale já su zvyklé na SSD
Každopádně tisíceré díky za pomoc. Musím se tady začít pohybovat častěji a zkusit něco pochytit

Jenom bych měl dotaz....vzhledem k otázce legálnosti tohoto OS sem se díval na ceny systémů a zaráží mě nabídky různých firem na přeprodeje licencí na windows za někdy i řádově třetinové ceny.
Jaký je na to váš názor? Nemyslím si osobně že to je úplně legální a v souladu s podmínkami MS.

Jarmil128 píše:Tze odezva je celkově lepší, asi to tak necháme
Je dost možný že už to lepší byt nemůže ale já su zvyklé na SSD

Pokud napisete presneji, co zlobi, muzeme udelat hlubsi kontrolu, treba ho jeste zrychlime. Havet tam uz neni, ale treba jeste nejake to smeti vyplave

Nemate zac! Klidne se tu pohybujte

Abych rekl pravdu, moc se v tom nevyznam. Pro mne je vzhledem k pravidlum fora dulezite, ze se v techto zakladnich lozich neobjevil crack/aktivator. To sice jeste neznamena, ze system je legalni (protoze mohl byt schvalne z logu vymazan, nebo byly stopy smazany hned po jeho pouziti), ale ja to nejak aktivne proverovat nebudu a nikdo z nas to tady nedela. Samozrejme kdyz vyplave na povrch nahodne v nejakem logu, musime pravidla dodrzovat a nemuzeme pokracovat.
Pokud se chcete zeptat na ty licence, zadejte dotaz do Vsehochuti, nekteri kolegove, pripadne i navstevnici, se v tom urcite orientuji lepe nez ja a daji vam nejakou smysluplnou odpoved

Vy se tedy rozmyslete, jestli vam to takhle staci a tema uzavreme, nebo popiste presneji co jeste zlobi, nebo neni uplne jak by melo a ja podle toho zvolim dalsi postup