Prosím o kontrolu logu Avast nic nenašel Vyřešeno

[neca]

ComboFix 15-09-07.01 - Administrátor 15.09.2015 19:35:26.1.2 - x86 NETWORK
Spuštěný z: c:\users\Administrátor\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-08-15 do 2015-09-15 )))))))))))))))))))))))))))))))
.
.
2015-09-15 18:24 . 2015-09-15 18:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-15 17:31 . 2015-09-15 17:31 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CD3B140-006B-4A12-8367-6CCD50BDDA62}\offreg.1148.dll
2015-09-15 06:16 . 2015-09-15 05:57 24064 ----a-w- c:\windows\zoek-delete.exe
2015-09-15 06:16 . 2015-09-15 18:24 -------- d-----w- c:\users\Administrátor\AppData\Local\Temp
2015-09-14 15:17 . 2015-09-15 05:40 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-09-14 15:17 . 2015-09-14 16:38 -------- d-----w- c:\programdata\RogueKiller
2015-09-14 12:05 . 2015-07-22 17:53 937984 ----a-w- c:\windows\system32\diagtrack.dll
2015-09-14 12:04 . 2015-06-25 09:25 105408 ----a-w- c:\windows\system32\consent.exe
2015-09-14 12:03 . 2015-08-20 02:18 9234960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CD3B140-006B-4A12-8367-6CCD50BDDA62}\mpengine.dll
2015-09-14 09:37 . 2015-09-14 09:37 -------- d-----w- c:\programdata\Malwarebytes
2015-09-14 09:31 . 2015-09-14 09:31 -------- d-----w- c:\users\Administrátor\AppData\Local\Programs
2015-09-13 19:13 . 2013-09-04 12:57 24040 ----a-w- c:\windows\system32\drivers\gfiutil.sys
2015-09-13 19:13 . 2013-05-23 06:39 43368 ----a-w- c:\windows\system32\drivers\gfiark.sys
2015-09-13 19:10 . 2015-09-14 05:56 -------- d-----w- C:\VIPRERESCUE
2015-09-13 18:23 . 2015-09-13 18:23 -------- d-----w- C:\NPE
2015-09-13 18:06 . 2015-09-13 18:40 -------- d-----w- c:\users\Administrátor\AppData\Local\NPE
2015-09-13 18:06 . 2015-09-13 18:07 -------- d-----w- c:\programdata\Norton
2015-09-06 11:21 . 2015-08-11 13:59 313472 ----a-w- c:\windows\system32\aswBoot.exe
2015-08-17 17:00 . 2015-07-30 13:13 103120 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-17 16:53 . 2015-07-15 02:55 44032 ----a-w- c:\windows\system32\basesrv.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-08-11 13:59 . 2015-02-23 18:26 113592 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-08-11 13:59 . 2015-02-23 18:26 208664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-08-11 13:59 . 2015-02-23 18:26 433264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-08-11 13:59 . 2015-02-23 18:26 49776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-08-11 13:59 . 2015-02-23 18:26 76000 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-08-11 13:59 . 2015-02-23 18:26 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-08-11 13:59 . 2015-02-23 18:26 24016 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-08-11 13:59 . 2015-08-11 13:59 43112 ----a-w- c:\windows\avastSS.scr
2015-08-11 13:58 . 2015-02-23 18:26 788784 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-08-11 13:58 . 2015-08-11 13:59 95112 ----a-w- c:\windows\system32\drivers\ngvss.sys
2015-08-05 17:37 . 2015-09-14 12:06 751616 ----a-w- c:\windows\system32\schedsvc.dll
2015-08-04 17:52 . 2015-09-14 12:06 248832 ----a-w- c:\windows\system32\schannel.dll
2015-08-04 17:52 . 2015-09-14 12:06 141312 ----a-w- c:\windows\system32\rpchttp.dll
2015-07-15 18:46 . 2015-08-17 16:54 2560 ----a-w- c:\windows\system32\drivers\cs-CZ\mountmgr.sys.mui
2015-07-04 17:48 . 2015-07-15 08:05 1414656 ----a-w- c:\windows\system32\ole32.dll
2015-06-23 23:29 . 2015-06-23 23:29 1217192 ----a-w- c:\windows\system32\FM20.DLL
2015-06-23 11:27 . 2014-02-07 19:05 246952 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-08-11 13:59 695096 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-02-21 1183744]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-08-26 6111824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2012-11-05 14:27 89184 ----a-w- c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R0 aswRvrt;avast! Revert; [x]
R0 aswVmm;avast! VM Monitor; [x]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-08-11 788784]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-08-11 433264]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-08-11 24016]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-08-11 76000]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-08-11 113592]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2013-09-30 21504]
R2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-08-11 220752]
R3 athrusb;Atheros Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrusb.sys [2008-07-29 904192]
R3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-08-11 3218624]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys [2013-05-23 43368]
R3 gfiutil;gfiutil;c:\windows\system32\drivers\gfiutil.sys [2013-09-04 24040]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-08-15 102912]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-09-30 14848]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-09-30 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-09-30 27136]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-09-30 1343400]
S0 ngvss;ngvss; [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - NGVSS
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc REG_MULTI_SZ DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-03 14:49 997704 ----a-w- c:\program files\Google\Chrome\Application\45.0.2454.85\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-07 05:42]
.
2015-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-07 05:42]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-Wdf01000.sys
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2015-09-15 20:47:29
ComboFix-quarantined-files.txt 2015-09-15 18:47
.
Před spuštěním: Volných bajtů: 88 196 190 208
Po spuštění: Volných bajtů: 88 079 765 504
.
- - End Of File - - C7253410DE3E976F4DEB075E843C45A3
A36C5E4F47E84449FF07ED3517B43A31

[Reklama]

[jaro3]

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

ClearJavaCache::
KillAll::
File::
c:\windows\system32\drivers\gfiark.sys
c:\windows\system32\drivers\gfiutil.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
c:\users\Administrátor\AppData\Local\NPE
c:\programdata\Norton
c:\program files\Google\Update

Driver::
gfiark
gfiutil
ngvss

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[neca]

Teď nejdou spustit win 7 ani z poslední známé konfigurace je černá obrazovka, jediné co mi to doporučuje je oprava windows.
Co s tím?

[jaro3]

Ten script si udělal?

Dostaneš se do nouz. režimu?

Stáhni a vypal Hirens Boot CD na CD
http://www.slunecnice.cz/sw/hiren-s-boot-cd/stahnout/
Soubor .iso vypal na CD v tomto programu:
http://www.slunecnice.cz/sw/active-iso-burner/

http://www.hirensbootcd.org/download/
Nabootuj z tohoto CD.
Jsou tam programy na otestování PC , zkontroluj tím disky , RAM atd.
http://www.hirensbootcd.org/screenshots/

Máš instalační win7?

[neca]

Ano script jsem udělal. Při opětovném restartu po combofixu, nešli nahodit win 7 ani do nouzáku, nabídlo mi to opravu win tak jsem ji provedl.
Až win proběhl vlastní kontrolu a opravu, systém naběhl. Po opětovném restartu systém nabíhá pravda pomaleji ale naběhne cca za 9 min.
Mám tedy pokračovat programem aswmbr viz. výše?

[neca]

win se asi po vlastní kontrole dal do jiného bodu obnovení neboť mi zmizely z plochy programy hijckthis a combofix.
Dokládám nový log z hijckthisu
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:55:04, on 16.9.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Windows\system32\GWX\GWX.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Administrátor\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

--
End of file - 4500 bytes

[neca]

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2015-09-16 20:04:57
-----------------------------
20:04:58.017 OS Version: Windows 6.1.7601 Service Pack 1
20:04:58.095 Number of processors: 2 586 0xF06
20:04:58.142 ComputerName: DUSKOVI-NB UserName:
20:07:25.936 Initialize success
20:07:26.794 VM: initialized successfully
20:07:26.857 VM: Intel CPU BiosDisabled
20:07:38.557 AVAST engine defs: 15091401
20:15:05.310 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
20:15:05.435 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7BP Size: 114473MB BusType: 11
20:15:05.825 Disk 0 MBR read successfully
20:15:06.012 Disk 0 MBR scan
20:15:06.215 Disk 0 Windows 7 default MBR code
20:15:06.387 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:15:06.652 Disk 0 Boot: NTFS code=2
20:15:06.839 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 114371 MB offset 206848
20:15:07.089 Disk 0 scanning sectors +234438656
20:15:07.604 Disk 0 scanning C:\Windows\system32\drivers
20:17:17.864 Service scanning
20:21:07.028 Modules scanning
20:21:07.387 Disk 0 trace - called modules:
20:21:07.746 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys intelppm.sys
20:21:07.964 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85705030]
20:21:08.229 3 CLASSPNP.SYS[88804a46] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x8560d908]
20:21:12.426 AVAST engine scan C:\Windows
20:21:23.720 AVAST engine scan C:\Windows\system32
20:50:58.863 AVAST engine scan C:\Windows\system32\drivers
20:53:24.333 AVAST engine scan C:\Users\Administrátor
20:54:28.964 AVAST engine scan C:\ProgramData
20:56:38.101 Disk 0 statistics 2613313/0/0 @ 3,25 MB/s
20:56:38.351 Scan finished successfully
21:04:25.743 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
21:04:27.178 The log file has been saved successfully to "E:\aswMBR.txt"

[jaro3]

Co problémy?

[neca]

Win se načítá 9min práce vytížení procesoru kolem 100% pořád stejný problém, ale v nouzáku pc jede jak pila.
Když jsme udělali pár těch prvních kroku oprav a ištění tak do restartu taky jel jak pila.
Teď je to o něco lepší, ale práce je hrozná, čekám na každý úkon moc dlouho. Otevření jenom složky, zabírá skoro dvě minuty. Před tím pravda 17 min.
Tak nevím co dál

[jerabina]

Stáhni si Malwarebytes Anti-Rootkit

Soubor po stažení Spusť a extrahuj na Plochu
Spusť a proveď aktualizaci dle pokynů
Zkontroluj jestli jsou zaškrtnuté všechny 3 možnosti
Klikni na Scan a pokud budou nálezy, všechny označ a klikni na Cleanup, poté nech počítač restartovat
Potom prosím dej log, najdeš ho na Ploše ve složce mbar

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

[neca]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.18015

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2138497024, free: 1333776384

Downloaded database version: v2015.09.18.03
Downloaded database version: v2015.08.16.01
Downloaded database version: v2015.09.16.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
09/18/2015 10:52:57
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\ngvss.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netw5v32.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\bcm4sbxp.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\cpqbttn.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\system32\DRIVERS\athrusb.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\imagehlp.dll
\Windows\System32\psapi.dll
\Windows\System32\nsi.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\user32.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\lpk.dll
\Windows\System32\iertutil.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\userenv.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!

Scan started
Database versions:
main: v2015.09.18.03
rootkit: v2015.08.16.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85705510, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85706020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85705510, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff84824908, DeviceName: \Device\Ide\IdeDeviceP1T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: DABFDABF

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition is bootable
Partition file system is NTFS

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 234231808
Partition is not bootable
Partition file system is NTFS

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition is not bootable

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Done!
File "C:\ProgramData\AVAST Software\Avast\log\AvastSvc.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\AvastUI.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\CommChannel.Protocol.log" is compressed (flags = 1)
File "C:\ProgramData\AVAST Software\Avast\log\GrimeFighter2.log" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-43D1F398A2AB15C3625113F23CD7FE5E5026B872.bin.83" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished


Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2015.09.18.03
rootkit: v2015.08.16.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.18015
Administrátor :: DUSKOVI-NB [administrator]

18.9.2015 11:02:50
mbar-log-2015-09-18 (11-02-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 389650
Time elapsed: 4 hour(s), 37 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-09-2015
Ran by Administrátor (administrator) on DUSKOVI-NB (18-09-2015 16:48:38)
Running from C:\Users\Administrátor\Desktop
Loaded Profiles: Administrátor (Available Profiles: Administrátor)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-09-15] (Synaptics, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-08-26] (AVAST Software)
HKU\S-1-5-21-2263264056-1730683234-1043868198-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-08-11] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0809CAC4-FBB7-4529-86D1-CDFEA0068655}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2D28FA52-143F-424D-BF29-3D752F9FE820}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5B884958-3548-4F00-88C6-9CB163B510F2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{934D2CCF-1C85-427B-83F7-45E2690E411D}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =
SearchScopes: HKU\S-1-5-21-2263264056-1730683234-1043868198-1003 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2263264056-1730683234-1043868198-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-11] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-23]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-02-23]
CHR Extension: (No Name) - C:\Users\Administrátor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [26112 2009-12-03] (LSI Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-08-11] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3218624 2015-08-11] (Avast Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-09-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24016 2015-08-11] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [76000 2015-08-11] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-08-11] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49776 2015-08-11] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788784 2015-08-11] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433264 2015-08-11] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [113592 2015-08-11] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208664 2015-08-11] (AVAST Software)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)
R0 ngvss; C:\Windows\system32\Drivers\ngvss.sys [95112 2015-08-11] (AVAST Software)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-08-11] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-18 16:48 - 2015-09-18 16:56 - 00008818 _____ C:\Users\Administrátor\Desktop\FRST.txt
2015-09-18 16:47 - 2015-09-18 16:49 - 00000000 ____D C:\FRST
2015-09-18 10:53 - 2015-09-18 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-09-18 10:52 - 2015-09-18 10:52 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-18 10:26 - 2015-09-18 10:26 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-09-18 10:24 - 2015-09-18 16:45 - 00000000 ____D C:\Users\Administrátor\Desktop\mbar
2015-09-18 10:22 - 2015-09-18 07:49 - 01695232 _____ (Farbar) C:\Users\Administrátor\Desktop\FRST.exe
2015-09-18 10:21 - 2015-09-18 07:49 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Administrátor\Desktop\mbar-1.09.3.1001.exe
2015-09-16 20:03 - 2015-09-15 21:48 - 05200384 _____ (AVAST Software) C:\Users\Administrátor\Desktop\aswmbr.exe
2015-09-16 20:03 - 2015-09-15 21:06 - 145424032 _____ (Microsoft Corporation) C:\Users\Administrátor\Desktop\msert.exe
2015-09-16 19:55 - 2015-09-16 19:55 - 00004501 _____ C:\Users\Administrátor\Desktop\hijackthis.log
2015-09-16 19:47 - 2015-09-14 09:29 - 00388608 _____ (Trend Micro Inc.) C:\Users\Administrátor\Desktop\HijackThis.exe
2015-09-15 22:10 - 2015-09-16 16:13 - 00000000 ___SD C:\ComboFix
2015-09-15 21:38 - 2015-09-15 21:38 - 00000000 ____D C:\Users\Administrátor\AppData\Local\CrashDumps
2015-09-15 19:13 - 2015-09-15 22:20 - 00000000 ____D C:\Qoobox
2015-09-15 19:09 - 2015-09-16 16:13 - 00000000 ____D C:\Windows\erdnt
2015-09-15 10:27 - 2015-09-15 10:53 - 00000402 _____ C:\DelFix.txt
2015-09-15 10:25 - 2015-09-15 10:11 - 00781312 _____ C:\Users\Administrátor\Desktop\delfix_1.011.exe
2015-09-15 10:22 - 2015-09-15 10:22 - 00000000 ____D C:\Users\Administrátor\Desktop\backups
2015-09-15 10:09 - 2015-09-15 09:58 - 00000448 _____ C:\Users\Administrátor\Desktop\návod.txt
2015-09-15 08:16 - 2015-09-15 07:57 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-09-14 17:17 - 2015-09-15 07:40 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-14 17:17 - 2015-09-14 18:38 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-14 14:06 - 2015-09-02 04:37 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-09-14 14:06 - 2015-09-02 04:37 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-14 14:06 - 2015-09-02 04:37 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-09-14 14:06 - 2015-09-02 04:37 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-09-14 14:06 - 2015-09-02 03:35 - 02393600 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-14 14:06 - 2015-09-02 03:32 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-14 14:06 - 2015-08-27 19:51 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-09-14 14:06 - 2015-08-27 19:51 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-09-14 14:06 - 2015-08-27 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-09-14 14:06 - 2015-08-27 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-09-14 14:06 - 2015-08-05 19:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-14 14:06 - 2015-08-05 19:40 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-09-14 14:06 - 2015-08-05 19:37 - 00751616 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-14 14:06 - 2015-08-04 19:59 - 03995584 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-09-14 14:06 - 2015-08-04 19:59 - 03939776 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-09-14 14:06 - 2015-08-04 19:59 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-09-14 14:06 - 2015-08-04 19:59 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-09-14 14:06 - 2015-08-04 19:55 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-09-14 14:06 - 2015-08-04 19:52 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-09-14 14:06 - 2015-08-04 19:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-09-14 14:06 - 2015-08-04 19:52 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-09-14 14:06 - 2015-08-04 19:51 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-09-14 14:06 - 2015-08-04 19:51 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-09-14 14:06 - 2015-08-04 19:51 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-09-14 14:06 - 2015-08-04 19:51 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-09-14 14:06 - 2015-08-04 19:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-09-14 14:06 - 2015-08-04 19:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-09-14 14:06 - 2015-08-04 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-09-14 14:06 - 2015-08-04 19:43 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-09-14 14:06 - 2015-08-04 18:58 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-09-14 14:06 - 2015-08-04 18:46 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-09-14 14:06 - 2015-08-04 18:45 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-09-14 14:06 - 2015-08-04 18:45 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-09-14 14:05 - 2015-08-18 03:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-14 14:05 - 2015-08-15 08:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-14 14:05 - 2015-08-15 07:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-09-14 14:05 - 2015-08-15 07:53 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-09-14 14:05 - 2015-08-15 07:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-14 14:05 - 2015-08-15 07:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-09-14 14:05 - 2015-08-15 07:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-09-14 14:05 - 2015-08-15 07:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-09-14 14:05 - 2015-08-15 07:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-09-14 14:05 - 2015-08-15 07:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-14 14:05 - 2015-08-15 07:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-09-14 14:05 - 2015-08-15 07:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-09-14 14:05 - 2015-08-15 07:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-09-14 14:05 - 2015-08-15 07:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-14 14:05 - 2015-08-15 07:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-09-14 14:05 - 2015-08-15 07:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-09-14 14:05 - 2015-08-15 07:29 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-09-14 14:05 - 2015-08-15 07:24 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-09-14 14:05 - 2015-08-15 07:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-09-14 14:05 - 2015-08-15 07:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-09-14 14:05 - 2015-08-15 07:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-09-14 14:05 - 2015-08-15 07:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-09-14 14:05 - 2015-08-15 07:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-09-14 14:05 - 2015-08-15 07:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-14 14:05 - 2015-08-15 07:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-14 14:05 - 2015-08-15 07:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-14 14:05 - 2015-08-15 07:02 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-14 14:05 - 2015-08-15 07:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-14 14:05 - 2015-08-15 07:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-09-14 14:05 - 2015-08-15 06:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-14 14:05 - 2015-08-15 06:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-14 14:05 - 2015-08-15 06:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-14 14:05 - 2015-07-23 01:57 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-09-14 14:05 - 2015-07-23 01:57 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-14 14:05 - 2015-07-22 19:53 - 00937984 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-14 14:05 - 2015-07-22 18:38 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-14 14:05 - 2015-07-09 19:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-09-14 14:05 - 2015-07-09 19:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-09-14 14:04 - 2015-08-26 19:56 - 02953728 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-14 14:04 - 2015-08-26 19:56 - 02061824 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-14 14:04 - 2015-08-26 19:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-14 14:04 - 2015-08-26 19:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-14 14:04 - 2015-08-26 19:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-14 14:04 - 2015-08-26 19:56 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-09-14 14:04 - 2015-08-26 19:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-09-14 14:04 - 2015-08-26 19:55 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-14 14:04 - 2015-08-26 19:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-09-14 14:04 - 2015-08-26 19:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-14 14:04 - 2015-08-26 19:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-09-14 14:04 - 2015-07-15 04:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-09-14 14:04 - 2015-06-25 11:25 - 00105408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-14 14:04 - 2015-06-25 11:20 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-14 14:04 - 2015-06-25 11:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-09-14 13:47 - 2015-09-14 13:47 - 00006773 _____ C:\Users\Administrátor\Desktop\Mal.txt
2015-09-14 12:08 - 2015-09-14 12:08 - 00000000 _____ C:\Users\Administrátor\AppData\Local\AtStart.txt
2015-09-14 12:01 - 2015-09-15 08:19 - 00001192 _____ C:\Windows\PFRO.log
2015-09-14 11:37 - 2015-09-18 11:00 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-13 21:13 - 2013-09-04 14:57 - 00024040 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiutil.sys
2015-09-13 21:13 - 2013-05-23 08:39 - 00043368 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-09-13 21:10 - 2015-09-14 07:56 - 00000000 ____D C:\VIPRERESCUE
2015-09-13 20:23 - 2015-09-13 20:23 - 00000000 ____D C:\NPE
2015-09-13 20:06 - 2015-09-16 16:13 - 00000000 ____D C:\ProgramData\Norton
2015-09-13 20:06 - 2015-09-13 20:40 - 00000000 ____D C:\Users\Administrátor\AppData\Local\NPE
2015-09-07 07:28 - 2015-09-18 06:46 - 00004474 _____ C:\Windows\setupact.log
2015-09-07 07:28 - 2015-09-07 07:28 - 00000000 _____ C:\Windows\setuperr.log
2015-09-06 13:21 - 2015-08-11 15:59 - 00313472 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-18 16:47 - 2014-02-07 21:20 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-18 16:19 - 2014-02-07 20:14 - 01745057 _____ C:\Windows\WindowsUpdate.log
2015-09-18 13:00 - 2009-07-14 06:34 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-18 13:00 - 2009-07-14 06:34 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-18 10:30 - 2010-11-20 23:01 - 01583214 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-18 07:47 - 2014-02-07 21:20 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-18 06:47 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-16 16:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\wfp
2015-09-16 16:13 - 2015-04-04 12:42 - 00000000 ___SD C:\Windows\system32\GWX
2015-09-16 16:13 - 2014-02-07 21:20 - 00000000 ____D C:\Program Files\Google
2015-09-16 16:13 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2015-09-16 15:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2015-09-16 06:18 - 2015-02-10 19:07 - 00000000 ____D C:\Users\Administrátor
2015-09-15 23:10 - 2009-07-14 04:03 - 55050240 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-09-15 23:10 - 2009-07-14 04:03 - 14155776 _____ C:\Windows\system32\config\SYSTEM.bak
2015-09-15 23:10 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak
2015-09-15 23:10 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2015-09-15 23:10 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2015-09-15 08:14 - 2014-05-09 12:09 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2015-09-15 08:14 - 2014-05-09 12:09 - 00000000 ____D C:\Users\Guest\AppData\Local\Comodo
2015-09-15 07:03 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2015-09-15 06:57 - 2009-07-14 06:33 - 00340408 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-15 06:54 - 2011-04-12 04:24 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-14 21:04 - 2014-02-07 21:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-14 20:55 - 2014-02-07 21:00 - 00000000 ____D C:\Windows\system32\MRT
2015-09-14 16:49 - 2015-03-15 10:00 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-09-14 15:08 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-09-14 12:08 - 2015-02-10 19:08 - 00000000 _____ C:\Users\Administrátor\AppData\Local\QSwitch.txt
2015-09-14 12:08 - 2015-02-10 19:08 - 00000000 _____ C:\Users\Administrátor\AppData\Local\DSwitch.txt
2015-09-06 08:11 - 2009-07-14 06:53 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-26 18:36 - 2014-02-07 21:00 - 132039072 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-26 11:27 - 2015-04-22 20:29 - 00002003 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-08-23 12:31 - 2015-02-23 19:49 - 00000000 ____D C:\Program Files\CCleaner

==================== Files in the root of some directories =======

2015-09-14 12:08 - 2015-09-14 12:08 - 0000000 _____ () C:\Users\Administrátor\AppData\Local\AtStart.txt
2015-02-10 19:08 - 2015-09-14 12:08 - 0000000 _____ () C:\Users\Administrátor\AppData\Local\DSwitch.txt
2015-02-10 19:08 - 2015-09-14 12:08 - 0000000 _____ () C:\Users\Administrátor\AppData\Local\QSwitch.txt

Some files in TEMP:
====================
C:\Users\Administrátor\AppData\Local\temp\ERUNT.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-14 15:00

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-09-2015
Ran by Administrátor (2015-09-18 17:09:53)
Running from C:\Users\Administrátor\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2014-02-07 18:50:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2263264056-1730683234-1043868198-500 - Administrator - Disabled)
Administrátor (S-1-5-21-2263264056-1730683234-1043868198-1003 - Administrator - Enabled) => C:\Users\Administrátor
Guest (S-1-5-21-2263264056-1730683234-1043868198-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2263264056-1730683234-1043868198-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.12) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.3.2225 - AVAST Software)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Google Chrome (HKLM\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.28.13 - Google Inc.) Hidden
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
K-Lite Codec Pack 10.1.5 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 10.1.5 - )
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
Microsoft .NET Framework 4.5.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 10.0.13.2 - Synaptics)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

15-09-2015 10:46:54 End of disinfection

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-09-15 10:23 - 00000813 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10EFF965-994D-4326-99A4-136B3E09651C} - System32\Tasks\Program k provádění aktualizací online Adobe => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2850E2FF-779D-459A-B817-ECE1415C8FCB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {4347CB17-5602-42FE-9663-AA59BF9A9AF7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {6E8A22EB-AA7E-4FEE-9C17-B29055321706} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {E6EE50EA-B4A7-4DCE-9F76-7A7C92FE8135} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F20FC2FB-5C3B-4FAD-8F97-F1B6F525AC01} - \AutoKMS -> No File <==== ATTENTION
Task: {F28DC41A-9115-4D71-B1E6-FDC7F6EE8F7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {FC73FCCD-DC3E-42AD-BC0B-D33508D68FC3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-11] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-11 15:59 - 2015-08-11 15:59 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-11 15:59 - 2015-08-11 15:59 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-14 20:39 - 2015-09-14 20:39 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091401\algo.dll
2015-09-18 11:04 - 2015-09-18 11:04 - 02965504 _____ () C:\Program Files\AVAST Software\Avast\defs\15091800\algo.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2015-04-22 20:16 - 2015-04-22 20:16 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR501 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2263264056-1730683234-1043868198-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrátor\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{104C343E-5A82-4E23-BD93-2E5402018833}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{096C3104-75DC-4C4A-B3CC-44DAD41DD221}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{3DB42729-1ADB-4B2D-9EFA-58F0D78DA806}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{069F71ED-A62C-4925-85DC-6AA05862EB31}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3C1C161E-9EBD-4C9D-A071-941FB33E72DB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D345203E-243E-495C-A6F8-909941B3BD29}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2015 12:48:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\Windows\system32\svchost.exe -k netsvcs; Popis = Windows Update; Chyba = 0x81000101).

Error: (09/18/2015 06:50:29 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/17/2015 07:36:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2015 09:31:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2015 09:13:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2015 07:31:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/16/2015 06:36:04 AM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (3768) Windows: Pro soubor C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk nelze zapsat stínové záhlaví. Chyba -1032

Error: (09/16/2015 06:36:04 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (3768) Windows: Pokus o otevření souboru C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (09/16/2015 06:35:40 AM) (Source: ESENT) (EventID: 439) (User: )
Description: Windows (3768) Windows: Pro soubor C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk nelze zapsat stínové záhlaví. Chyba -1032

Error: (09/16/2015 06:35:40 AM) (Source: ESENT) (EventID: 490) (User: )
Description: Windows (3768) Windows: Pokus o otevření souboru C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).


System errors:
=============
Error: (09/18/2015 06:50:18 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053AvastVBoxSvc{F319F1B8-7587-4146-AF9C-0D6D77819BF1}

Error: (09/18/2015 06:50:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba AvastVBox COM Service neuspěla při spuštění v důsledku následující chyby:
%%1053

Error: (09/18/2015 06:49:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby AvastVBox COM Service bylo dosaženo časového limitu (30000 ms).

Error: (09/18/2015 06:46:12 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (20:21:28, ‎17.‎9.‎2015) bylo neočekávané.

Error: (09/17/2015 07:44:17 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (09/17/2015 07:41:17 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT AUTHORITY)
Description: Nepodařilo se inicializovat klienta CBS. Poslední chyba: 0x80080005

Error: (09/17/2015 07:41:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (09/17/2015 07:40:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku následující chyby:
%%1053

Error: (09/17/2015 07:40:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Služba Google Update (gupdate) bylo dosaženo časového limitu (30000 ms).

Error: (09/17/2015 07:40:05 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Microsoft .NET Framework NGEN v4.0.30319_X86 bylo dosaženo časového limitu (30000 ms).


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz
Percentage of memory in use: 37%
Total physical RAM: 2039.43 MB
Available physical RAM: 1266.71 MB
Total Virtual: 4078.86 MB
Available Virtual: 3108.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:81.12 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or (Size: 111.8 GB) (Disk ID: DABFDABF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Co dál?

[jerabina]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:

HKU\S-1-5-21-2263264056-1730683234-1043868198-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)

SearchScopes: HKLM -> DefaultScope {80c554b9-c7f8-4a21-9471-06d606da78a2} URL =

FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)

CHR dev: Chrome dev build detected! <======= ATTENTION

S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [43368 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [24040 2013-09-04] (ThreatTrack Security)

C:\Windows\System32\drivers\gfiark.sys
C:\Windows\System32\drivers\gfiutil.sys

C:\Users\Administrátor\AppData\Local\AtStart.txt
C:\Users\Administrátor\AppData\Local\DSwitch.txt
C:\Users\Administrátor\AppData\Local\QSwitch.txt

Task: {10EFF965-994D-4326-99A4-136B3E09651C} - System32\Tasks\Program k provádění aktualizací online Adobe => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {2850E2FF-779D-459A-B817-ECE1415C8FCB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {6E8A22EB-AA7E-4FEE-9C17-B29055321706} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {E6EE50EA-B4A7-4DCE-9F76-7A7C92FE8135} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F20FC2FB-5C3B-4FAD-8F97-F1B6F525AC01} - \AutoKMS -> No File <==== ATTENTION
Task: {F28DC41A-9115-4D71-B1E6-FDC7F6EE8F7E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.