Kontrola logu

[Al_Capone]

Dobrý den, chtěl bych poprosit o kontrolu logu, mnohokrát děkuji

log z FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Markus (administrator) on MARKUS-PC on 14-09-2014 23:42:44
Running from C:\Users\Markus\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Dropbox, Inc.) C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Markus\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3087565063-3138112446-2371135280-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-10-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-10-29] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 10.102.0.252 10.102.0.253

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-19]

Chrome:
=======
CHR NewTab: Default -> "chrome-extension://llaficoajjainaijghjlofdfmbjpebpa/newtab.html"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-19]
CHR Extension: (Disk Google) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-19]
CHR Extension: (Vyhledávání Google) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-19]
CHR Extension: (AdBlock) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-19]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2014-06-19]
CHR Extension: (Peněženka Google) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-17] (AVAST Software)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-19] (IObit)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S4 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-17] ()
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-06-13] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-06-13] (Ericsson AB)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-10-29] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-19] (Duplex Secure Ltd.)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
U3 a9llkbr4; C:\Windows\System32\Drivers\a9llkbr4.sys [0 ] (Advanced Micro Devices)
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 23:42 - 2014-09-14 23:42 - 00015327 _____ () C:\Users\Markus\Desktop\LM.bat
2014-09-14 23:42 - 2014-09-14 23:42 - 00012004 _____ () C:\Users\Markus\Desktop\FRST.txt
2014-09-14 23:42 - 2014-09-14 23:42 - 00000000 ____D () C:\FRST
2014-09-14 23:36 - 2014-09-14 23:42 - 00029696 _____ () C:\Users\Markus\AppData\Local\MSGBOX.EXE
2014-09-14 23:34 - 2014-09-14 23:33 - 02105856 _____ (Farbar) C:\Users\Markus\Desktop\FRST64.exe
2014-09-14 23:34 - 2014-09-14 23:33 - 00112640 _____ (forum.viry.cz) C:\Users\Markus\Desktop\FRSTLauncher.exe
2014-09-14 23:11 - 2014-09-14 23:11 - 00339960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 23:11 - 2014-09-14 23:11 - 00085368 _____ () C:\Users\Markus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 22:58 - 2014-09-14 23:23 - 00000410 _____ () C:\Windows\setupact.log
2014-09-14 22:58 - 2014-09-14 22:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 03:19 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:19 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 03:14 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 03:14 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 03:14 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 03:14 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 03:14 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 03:14 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 03:14 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 03:14 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 03:14 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 20:58 - 2014-09-08 20:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-08 20:58 - 2014-09-08 20:58 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Local\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Local\Apple
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files\iPod
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-08 20:58 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\ProgramData\Apple
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-04 21:38 - 2014-09-04 21:38 - 00000037 ___SH () C:\Users\Markus\AppData\Local\70149b02515b3bb20dd492.47983420
2014-09-04 11:52 - 2014-09-04 11:52 - 00008686 _____ () C:\Users\Markus\Downloads\inssider3.htm
2014-09-04 11:46 - 2014-09-04 11:46 - 00000000 __SHD () C:\Users\Markus\AppData\Local\icsxml
2014-09-04 11:45 - 2014-09-04 11:45 - 00000037 ___SH () C:\Users\Markus\AppData\Local\69ff07055291669bb2b218.72821112
2014-09-03 17:08 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-03 17:08 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-03 17:08 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-03 17:08 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-03 17:08 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-03 17:08 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-03 17:08 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-03 17:08 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-03 17:08 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-03 17:08 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-03 17:08 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-03 17:08 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-31 12:30 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 12:30 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-31 12:30 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-29 18:30 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-29 18:30 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-25 08:43 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-25 08:43 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-25 08:43 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-25 08:43 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-25 08:43 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-25 08:43 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-25 08:43 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-25 08:43 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-24 21:40 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-24 21:40 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-24 21:40 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-24 21:40 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-24 21:40 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-24 21:40 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-24 21:40 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-24 21:40 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-24 21:40 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-24 21:40 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-24 21:40 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-24 21:40 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 23:42 - 2014-09-14 23:42 - 00015327 _____ () C:\Users\Markus\Desktop\LM.bat
2014-09-14 23:42 - 2014-09-14 23:42 - 00012004 _____ () C:\Users\Markus\Desktop\FRST.txt
2014-09-14 23:42 - 2014-09-14 23:42 - 00000000 ____D () C:\FRST
2014-09-14 23:42 - 2014-09-14 23:36 - 00029696 _____ () C:\Users\Markus\AppData\Local\MSGBOX.EXE
2014-09-14 23:33 - 2014-09-14 23:34 - 02105856 _____ (Farbar) C:\Users\Markus\Desktop\FRST64.exe
2014-09-14 23:33 - 2014-09-14 23:34 - 00112640 _____ (forum.viry.cz) C:\Users\Markus\Desktop\FRSTLauncher.exe
2014-09-14 23:23 - 2014-09-14 22:58 - 00000410 _____ () C:\Windows\setupact.log
2014-09-14 23:20 - 2009-07-14 06:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 23:20 - 2009-07-14 06:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 23:17 - 2014-06-19 08:38 - 00645554 _____ () C:\Windows\system32\perfh005.dat
2014-09-14 23:17 - 2014-06-19 08:38 - 00131918 _____ () C:\Windows\system32\perfc005.dat
2014-09-14 23:17 - 2009-07-14 07:13 - 01517684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 23:16 - 2014-08-08 18:40 - 01158864 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 23:13 - 2014-06-19 12:09 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Dropbox
2014-09-14 23:13 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 23:11 - 2014-09-14 23:11 - 00339960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 23:11 - 2014-09-14 23:11 - 00085368 _____ () C:\Users\Markus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 22:58 - 2014-09-14 22:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-14 22:55 - 2014-06-19 09:04 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\AIMP3
2014-09-14 22:49 - 2014-06-19 12:09 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-12 03:22 - 2014-06-19 08:50 - 01496906 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:20 - 2014-06-19 17:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:19 - 2014-06-19 17:05 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-08 20:58 - 2014-09-08 20:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-08 20:58 - 2014-09-08 20:58 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Local\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Local\Apple
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files\iPod
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\ProgramData\Apple
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-08 20:31 - 2014-06-19 12:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-04 21:38 - 2014-09-04 21:38 - 00000037 ___SH () C:\Users\Markus\AppData\Local\70149b02515b3bb20dd492.47983420
2014-09-04 11:52 - 2014-09-04 11:52 - 00008686 _____ () C:\Users\Markus\Downloads\inssider3.htm
2014-09-04 11:46 - 2014-09-04 11:46 - 00000000 __SHD () C:\Users\Markus\AppData\Local\icsxml
2014-09-04 11:45 - 2014-09-04 11:45 - 00000037 ___SH () C:\Users\Markus\AppData\Local\69ff07055291669bb2b218.72821112
2014-09-04 10:48 - 2014-07-03 10:57 - 00049396 _____ () C:\QcOSD.txt
2014-09-04 09:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-24 12:42 - 2014-06-19 12:21 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-23 04:07 - 2014-08-31 12:30 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-31 12:30 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-31 12:30 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Markus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfjd4ok.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 00:25

==================== End Of Log ============================

[Al_Capone]

[Rudy]

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

[Al_Capone]

Log:

# AdwCleaner v3.310 - Report created 16/09/2014 at 08:13:49
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Markus - MARKUS-PC
# Running from : D:\Stažené\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [787 octets] - [16/09/2014 08:12:43]
AdwCleaner[S0].txt - [709 octets] - [16/09/2014 08:13:49]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [768 octets] ##########

[Rudy]

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2014-06-19]
C:\Users\Markus\AppData\Local\70149b02515b3bb20dd492.47983420
C:\Users\Markus\AppData\Local\69ff07055291669bb2b218.72821112
C:\Users\Markus\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Al_Capone]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Markus at 2014-09-17 17:52:08 Run:1
Running from C:\Users\Markus\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2014-06-19]
C:\Users\Markus\AppData\Local\70149b02515b3bb20dd492.47983420
C:\Users\Markus\AppData\Local\69ff07055291669bb2b218.72821112
C:\Users\Markus\AppData\Local\Temp
End
*****************

"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key Deleted successfully.
C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa => Moved successfully.
C:\Users\Markus\AppData\Local\70149b02515b3bb20dd492.47983420 => Moved successfully.
C:\Users\Markus\AppData\Local\69ff07055291669bb2b218.72821112 => Moved successfully.

"C:\Users\Markus\AppData\Local\Temp" directory move:

C:\Users\Markus\AppData\Local\Temp\AdobeARM.log => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\AdwCleaner.jpg => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\Cleaning.ico => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\Donate.ico => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfbjnih.dll => Moved successfully.
Could not move "C:\Users\Markus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfbjnih.lck" => Scheduled to move on reboot.
C:\Users\Markus\AppData\Local\Temp\EULA.txt => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\qtsingleapp-smplay-ca73-1-lockfile => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\Report.ico => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\Scan.ico => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\Uninstall.ico => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\~9AA9.tmp => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\~A025.tmp => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir456_27688\Cookies => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir456_27688\Cookies-journal => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3924_23268\Cookies => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3924_23268\Cookies-journal => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3924_23268\data_0 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3924_23268\data_1 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3924_23268\data_2 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3924_23268\data_3 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3924_23268\index => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3204_16845\Cookies => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3204_16845\Cookies-journal => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3204_16845\data_0 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3204_16845\data_1 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3204_16845\data_2 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3204_16845\data_3 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3204_16845\index => Moved successfully.
Could not move "C:\Users\Markus\AppData\Local\Temp\scoped_dir3124_23520\Cookies" => Scheduled to move on reboot.
Could not move "C:\Users\Markus\AppData\Local\Temp\scoped_dir3124_23520\Cookies-journal" => Scheduled to move on reboot.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3124_23520\data_0 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3124_23520\data_1 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3124_23520\data_2 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3124_23520\data_3 => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3124_23520\index => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\Excel\zadaniubytky (Pietro Ouředník's conflicted copy 2013-12-17).xls => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\Excel\zadaniubytky.xls => Moved successfully.
C:\Users\Markus\AppData\Local\Temp\.jpf-shadow\uloz.to@1.1.5.frp => Moved successfully.
Could not move "C:\Users\Markus\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-17 17:53:26)<=

C:\Users\Markus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfbjnih.lck => Is moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3124_23520\Cookies => Is moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir3124_23520\Cookies-journal => Is moved successfully.
C:\Users\Markus\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

[Rudy]

Dejte nový log FRST.

[Al_Capone]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Markus (administrator) on MARKUS-PC on 17-09-2014 18:17:38
Running from C:\Users\Markus\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3087565063-3138112446-2371135280-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-10-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-10-29] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Markus\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 10.102.0.252 10.102.0.253

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-19]

Chrome:
=======
CHR HomePage: Default ->
CHR NewTab: Default -> "chrome-extension://llaficoajjainaijghjlofdfmbjpebpa/newtab.html"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-19]
CHR Extension: (Disk Google) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-19]
CHR Extension: (Vyhledávání Google) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-19]
CHR Extension: (AdBlock) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-06-19]
CHR Extension: (Speed Dial [FVD] - New Tab Page, 3D, Sync...) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa [2014-09-17]
CHR Extension: (Peněženka Google) - C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-17] (AVAST Software)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-03-20] (Lenovo.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2175264 2014-06-19] (IObit)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
S4 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
S4 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-17] ()
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-06-13] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-06-13] (Ericsson AB)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-10-29] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-06-19] (Duplex Secure Ltd.)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [268840 2011-08-12] (Ericsson AB)
U3 aik9fe3r; C:\Windows\System32\Drivers\aik9fe3r.sys [0 ] (Microsoft Corporation)
S3 NSNDIS5; \??\C:\Windows\system32\NSNDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 17:53 - 2014-09-17 17:53 - 00043008 _____ () C:\Windows\SysWOW64\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqwhioy.dll
2014-09-17 17:53 - 2014-09-17 17:53 - 00001742 _____ () C:\Windows\SysWOW64\dropbox_errorijjm1w.txt
2014-09-17 17:53 - 2014-09-17 17:53 - 00000000 ____D () C:\Windows\SysWOW64\comtypes_cache
2014-09-17 17:53 - 2014-09-17 17:53 - 00000000 _____ () C:\Windows\SysWOW64\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqwhioy.lck
2014-09-16 08:49 - 2014-09-16 08:49 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-16 08:39 - 2014-09-16 08:39 - 00000888 _____ () C:\Users\Markus\Desktop\Half-Life 2.lnk
2014-09-16 08:38 - 2014-09-16 08:38 - 00001118 _____ () C:\Windows\DirectX.log
2014-09-16 08:34 - 2014-09-16 08:34 - 00000000 ____D () C:\Program Files\Valve
2014-09-16 08:34 - 2014-09-16 08:34 - 00000000 ____D () C:\Program Files\Steam
2014-09-16 08:18 - 2014-09-16 08:18 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-16 08:13 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-16 08:12 - 2014-09-16 08:13 - 00000000 ____D () C:\AdwCleaner
2014-09-14 23:43 - 2014-09-14 23:43 - 00023195 _____ () C:\Users\Markus\Desktop\Addition.txt
2014-09-14 23:42 - 2014-09-17 18:17 - 00010376 _____ () C:\Users\Markus\Desktop\FRST.txt
2014-09-14 23:42 - 2014-09-17 18:17 - 00000000 ____D () C:\FRST
2014-09-14 23:34 - 2014-09-14 23:33 - 02105856 _____ (Farbar) C:\Users\Markus\Desktop\FRST64.exe
2014-09-14 23:11 - 2014-09-14 23:11 - 00339960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 23:11 - 2014-09-14 23:11 - 00085368 _____ () C:\Users\Markus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 22:58 - 2014-09-17 18:02 - 00001677 _____ () C:\Windows\setupact.log
2014-09-14 22:58 - 2014-09-14 22:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 03:19 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-12 03:19 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 03:14 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-12 03:14 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-12 03:14 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 03:14 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-12 03:14 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-12 03:14 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-12 03:14 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-12 03:14 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-12 03:14 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-08 20:58 - 2014-09-08 20:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-08 20:58 - 2014-09-08 20:58 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Local\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Local\Apple
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files\iPod
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-08 20:58 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\ProgramData\Apple
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-04 11:52 - 2014-09-04 11:52 - 00008686 _____ () C:\Users\Markus\Downloads\inssider3.htm
2014-09-04 11:46 - 2014-09-04 11:46 - 00000000 __SHD () C:\Users\Markus\AppData\Local\icsxml
2014-09-03 17:08 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-03 17:08 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-03 17:08 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-03 17:08 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-03 17:08 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-03 17:08 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-03 17:08 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-03 17:08 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-03 17:08 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-03 17:08 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-03 17:08 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-03 17:08 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-31 12:30 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-31 12:30 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-31 12:30 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-29 18:30 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-29 18:30 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-25 08:43 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-25 08:43 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-25 08:43 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-25 08:43 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-25 08:43 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-25 08:43 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-25 08:43 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-25 08:43 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-24 21:40 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-24 21:40 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-24 21:40 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-24 21:40 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-24 21:40 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-24 21:40 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-24 21:40 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-24 21:40 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-24 21:40 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-24 21:40 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-24 21:40 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-24 21:40 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-17 18:17 - 2014-09-14 23:42 - 00010376 _____ () C:\Users\Markus\Desktop\FRST.txt
2014-09-17 18:17 - 2014-09-14 23:42 - 00000000 ____D () C:\FRST
2014-09-17 18:02 - 2014-09-14 22:58 - 00001677 _____ () C:\Windows\setupact.log
2014-09-17 17:59 - 2009-07-14 06:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 17:59 - 2009-07-14 06:45 - 00021904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-17 17:58 - 2014-06-19 12:09 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Dropbox
2014-09-17 17:57 - 2014-08-08 18:40 - 01266062 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 17:57 - 2014-06-19 08:38 - 00645554 _____ () C:\Windows\system32\perfh005.dat
2014-09-17 17:57 - 2014-06-19 08:38 - 00131918 _____ () C:\Windows\system32\perfc005.dat
2014-09-17 17:57 - 2009-07-14 07:13 - 01517684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-17 17:53 - 2014-09-17 17:53 - 00043008 _____ () C:\Windows\SysWOW64\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqwhioy.dll
2014-09-17 17:53 - 2014-09-17 17:53 - 00001742 _____ () C:\Windows\SysWOW64\dropbox_errorijjm1w.txt
2014-09-17 17:53 - 2014-09-17 17:53 - 00000000 ____D () C:\Windows\SysWOW64\comtypes_cache
2014-09-17 17:53 - 2014-09-17 17:53 - 00000000 _____ () C:\Windows\SysWOW64\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqwhioy.lck
2014-09-17 17:53 - 2014-06-19 12:09 - 00000000 ____D () C:\ProgramData\ProductData
2014-09-17 17:53 - 2014-06-19 12:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-17 17:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 12:13 - 2014-07-03 10:57 - 00065128 _____ () C:\QcOSD.txt
2014-09-16 08:49 - 2014-09-16 08:49 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-09-16 08:39 - 2014-09-16 08:39 - 00000888 _____ () C:\Users\Markus\Desktop\Half-Life 2.lnk
2014-09-16 08:38 - 2014-09-16 08:38 - 00001118 _____ () C:\Windows\DirectX.log
2014-09-16 08:34 - 2014-09-16 08:34 - 00000000 ____D () C:\Program Files\Valve
2014-09-16 08:34 - 2014-09-16 08:34 - 00000000 ____D () C:\Program Files\Steam
2014-09-16 08:18 - 2014-09-16 08:18 - 00000310 _____ () C:\Windows\PFRO.log
2014-09-16 08:13 - 2014-09-16 08:12 - 00000000 ____D () C:\AdwCleaner
2014-09-15 17:13 - 2014-06-19 09:04 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\AIMP3
2014-09-14 23:43 - 2014-09-14 23:43 - 00023195 _____ () C:\Users\Markus\Desktop\Addition.txt
2014-09-14 23:33 - 2014-09-14 23:34 - 02105856 _____ (Farbar) C:\Users\Markus\Desktop\FRST64.exe
2014-09-14 23:11 - 2014-09-14 23:11 - 00339960 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-14 23:11 - 2014-09-14 23:11 - 00085368 _____ () C:\Users\Markus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-14 22:58 - 2014-09-14 22:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-12 03:22 - 2014-06-19 08:50 - 01496906 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 03:20 - 2014-06-19 17:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 03:19 - 2014-06-19 17:05 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-08 20:58 - 2014-09-08 20:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-08 20:58 - 2014-09-08 20:58 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Local\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Users\Markus\AppData\Local\Apple
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files\iPod
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-08 20:58 - 2014-09-08 20:58 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\ProgramData\Apple
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-08 20:57 - 2014-09-08 20:57 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-04 11:52 - 2014-09-04 11:52 - 00008686 _____ () C:\Users\Markus\Downloads\inssider3.htm
2014-09-04 11:46 - 2014-09-04 11:46 - 00000000 __SHD () C:\Users\Markus\AppData\Local\icsxml
2014-09-04 09:03 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-24 12:42 - 2014-06-19 12:21 - 00000000 ____D () C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-23 04:07 - 2014-08-31 12:30 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-31 12:30 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-31 12:30 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\Markus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdpgee8.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 01:00

==================== End Of Log ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
C:\Users\Markus\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Al_Capone]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Markus at 2014-09-21 20:27:57 Run:2
Running from C:\Users\Markus\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
C:\Users\Markus\AppData\Local\Temp
End
*****************

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.

"C:\Users\Markus\AppData\Local\Temp" directory move:

C:\Users\Markus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpde5wj8.dll => Moved successfully.
Could not move "C:\Users\Markus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpde5wj8.lck" => Scheduled to move on reboot.
C:\Users\Markus\AppData\Local\Temp\_iu14D2N.tmp => Moved successfully.
Could not move "C:\Users\Markus\AppData\Local\Temp\scoped_dir4308_12835\Cookies" => Scheduled to move on reboot.
Could not move "C:\Users\Markus\AppData\Local\Temp\scoped_dir4308_12835\Cookies-journal" => Scheduled to move on reboot.
Could not move "C:\Users\Markus\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-21 20:29:15)<=

C:\Users\Markus\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpde5wj8.lck => Is moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir4308_12835\Cookies => Is moved successfully.
C:\Users\Markus\AppData\Local\Temp\scoped_dir4308_12835\Cookies-journal => Is moved successfully.
C:\Users\Markus\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

[Rudy]

Vše smazáno.

[Al_Capone]

Děkuji za pomoc

[Rudy]

Rádo se stalo!