Preventivní prohlídka počítače

[mykka]

Dobrý večer,

byl bych moc rád, kdyby mi někdo zkontroloval ntb. Při včerejším skenování mi eset našel toto:

C:\Program Files (x86)\DriverDoc\Solvusoftdd.exe varianta infiltrace Win32/Systweak.H potenciáln? necht?ná aplikace smazán - ulo?en do karantény
C:\Users\michal.sir\AppData\Local\Google\Chrome\User Data\Default\File System\010\t\00\00000000 Win32/Somoto.G potenciáln? necht?ná aplikace smazán - ulo?en do karantény
C:\Users\michal.sir\Downloads\HP_(Hewlett_Packard)_Bluetooth_Driver_Update_02-2014.exe varianta infiltrace Win32/Systweak.H potenciáln? necht?ná aplikace smazán - ulo?en do karantény


CHtěl jsem sem přidat ještě log z RSIT, ale nedaří se mi ho vygenerovat, kvůli tomuto (viz obrázek v příloze)

Pomohli byste mi, prosím?

Děkuji, M.

[altrok]

Zdravim

Dejte tedy log z FRST http://forum.viry.cz/viewtopic.php?f=30&t=133101

[mykka]

Děkuji za radu, zde je tedy log z FRST a v příloze je zabalený soubor adition.txt.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by michal.sir (administrator) on NTBMICHAL on 25-02-2015 19:40:47
Running from C:\Users\michal.sir\Desktop
Loaded Profiles: michal.sir (Available profiles: michal.sir)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\HDD Health\HDDHealthService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
() C:\Program Files (x86)\Photodex\ProShow Producer\scsiaccess.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\HP HD Webcam Driver\Monitor.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(PANTERASoft) C:\Program Files (x86)\HDD Health\hddhealth.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\michal.sir\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-03] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [HP HD Webcam Driver_Monitor] => C:\Program Files (x86)\HP HD Webcam Driver\monitor.exe [303480 2012-07-26] ()
HKLM-x32\...\Run: [RemoteControl10] => c:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-06-05] (PDF Complete Inc)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111576 2013-08-05] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [490760 2013-08-07] (CyberLink Corp.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\MountPoints2: {1bab02ea-f583-11e3-bee2-20689d0d0c3a} - "G:\LG_PC_Programs.exe"
HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\MountPoints2: {6c7bead0-8f4c-11e2-be7b-20689d0d0c3a} - "G:\iStudio.exe"
HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\MountPoints2: {70e9b244-9e57-11e3-bec9-20689d0d0c3a} - "G:\LG_PC_Programs.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
ShortcutTarget: HDDHealth.lnk -> C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
Startup: C:\Users\michal.sir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sledovat výstrahy inkoustu - HP Deskjet 2050 J510 series.lnk

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=CMNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
HKU\S-1-5-21-2211805086-445478240-3207990257-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-2211805086-445478240-3207990257-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=CMNTDFJS
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.seznam.cz/
CHR StartupUrls: Default -> "hxxp://www.seznam.cz/"
CHR Profile: C:\Users\michal.sir\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\michal.sir\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows (R) Win 7 DDK provider) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 HDDHealth; C:\Program Files (x86)\HDD Health\HDDHealthService.exe [17760 2013-03-08] () [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-11-04] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-11-04] (Intel Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-06-05] (PDF Complete Inc)
R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2013-07-09] ()
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2013-06-03] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [37088 2014-11-03] (Advanced Micro Devices, Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [29184 2013-04-18] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [36352 2013-06-28] (LG Electronics Inc.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-15] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-15] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1064184 2013-06-03] (Sunplus)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 getbus; \??\C:\Users\michal.sir\AppData\Local\Temp\getbus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 19:40 - 2015-02-25 19:41 - 00016280 _____ () C:\Users\michal.sir\Desktop\FRST.txt
2015-02-25 19:40 - 2015-02-25 19:40 - 00000000 ____D () C:\FRST
2015-02-25 19:38 - 2015-02-25 19:38 - 00112640 _____ (forum.viry.cz) C:\Users\michal.sir\Desktop\FRSTLauncher.exe
2015-02-25 19:37 - 2015-02-25 19:37 - 00000000 __SHD () C:\Users\michal.sir\AppData\Local\EmieUserList
2015-02-25 19:37 - 2015-02-25 19:37 - 00000000 __SHD () C:\Users\michal.sir\AppData\Local\EmieSiteList
2015-02-25 19:37 - 2015-02-25 19:37 - 00000000 __SHD () C:\Users\michal.sir\AppData\Local\EmieBrowserModeList
2015-02-25 19:36 - 2015-02-25 19:36 - 00112640 _____ (forum.viry.cz) C:\Users\michal.sir\Downloads\Nepotvrzeno 253063.crdownload
2015-02-25 19:35 - 2015-02-25 19:35 - 02087936 _____ (Farbar) C:\Users\michal.sir\Desktop\FRST64.exe
2015-02-25 19:00 - 2015-02-25 19:00 - 00000000 ___RD () C:\Users\michal.sir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-02-24 20:34 - 2015-02-24 20:34 - 01222144 _____ () C:\Users\michal.sir\Downloads\RSITx64 (1).exe
2015-02-24 06:26 - 2015-02-24 06:26 - 00000503 _____ () C:\Users\michal.sir\Desktop\karantena.txt
2015-02-23 21:46 - 2015-02-25 19:31 - 00237043 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-23 21:08 - 2015-02-23 21:08 - 02347384 _____ (ESET) C:\Users\michal.sir\Downloads\esetsmartinstaller_csy.exe
2015-02-23 21:08 - 2015-02-23 21:08 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-02-21 22:02 - 2015-02-21 22:02 - 00034308 _____ () C:\Users\michal.sir\Downloads\paddington.(2014).cze.1cd.(6052139).zip
2015-02-21 21:37 - 2015-02-21 23:07 - 1531977728 _____ () C:\Users\michal.sir\Downloads\Paddington.2014.HC.HDRip.XviD.AC3-EVO.avi
2015-02-12 10:17 - 2015-02-12 10:17 - 10929152 _____ () C:\Users\michal.sir\Desktop\katalog Hrastnik 2015 konečná verze.xls
2015-02-12 09:59 - 2015-02-12 09:59 - 10927616 _____ () C:\Users\michal.sir\Downloads\katalog Hrastnik 2015 konečná verze.xls
2015-02-11 18:25 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-11 18:25 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-11 11:07 - 2015-02-11 11:07 - 00097280 _____ () C:\Users\michal.sir\Downloads\OBJEDNÁVKOVÝ+FORMULÁŘ+-+HRASTNIK+-+CENOVÉ+OZNAČENÍ_2014-úprava (2)
2015-02-11 11:06 - 2015-02-11 11:06 - 00097280 _____ () C:\Users\michal.sir\Downloads\OBJEDNÁVKOVÝ+FORMULÁŘ+-+HRASTNIK+-+CENOVÉ+OZNAČENÍ_2014-úprava (1)
2015-02-11 11:05 - 2015-02-11 11:05 - 00097280 _____ () C:\Users\michal.sir\Downloads\OBJEDNÁVKOVÝ+FORMULÁŘ+-+HRASTNIK+-+CENOVÉ+OZNAČENÍ_2014-úprava
2015-02-11 10:02 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 10:02 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 10:02 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 10:02 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 10:02 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 10:02 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 10:02 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 10:02 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 10:02 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 10:02 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-10 22:22 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-10 22:22 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-10 22:22 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-10 22:22 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-10 22:22 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-10 22:22 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-10 22:22 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-10 22:22 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-10 22:22 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-10 22:22 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-10 22:22 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-10 22:22 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-10 22:22 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-10 22:22 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-10 22:22 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-10 22:22 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-10 22:22 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-10 22:22 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-10 22:22 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-10 22:22 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-10 22:22 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-10 22:22 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-10 22:22 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-10 22:22 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-10 22:21 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-10 22:21 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-10 22:21 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-10 22:21 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-10 22:21 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-10 22:21 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-10 22:21 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-10 22:21 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-10 22:21 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-10 22:21 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-10 22:21 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-10 22:21 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-10 22:21 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-10 22:21 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-10 22:21 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-10 22:21 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-10 22:21 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-10 22:21 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-10 22:21 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-10 22:21 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-10 22:21 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-10 22:21 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-10 22:21 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-10 22:21 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-10 22:21 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-10 22:21 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-10 22:21 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-10 22:21 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-10 22:21 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-10 22:21 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-10 22:21 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-10 22:21 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-10 22:21 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-10 22:21 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-10 22:21 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-10 22:21 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-10 22:21 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-09 17:28 - 2015-02-09 17:28 - 00000913 _____ () C:\Users\michal.sir\Desktop\Stažené soubory – zástupce.lnk
2015-02-05 11:11 - 2015-02-05 11:13 - 00001044 _____ () C:\Users\michal.sir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk
2015-02-05 08:38 - 2015-02-06 12:23 - 00000000 ____D () C:\Users\michal.sir\AppData\Local\LogMeInIgnition
2015-01-28 16:10 - 2015-02-12 09:57 - 00000000 ____D () C:\Users\michal.sir\Downloads\Pani Halamová - katalog

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-25 19:28 - 2013-02-18 22:21 - 00000980 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-25 19:02 - 2014-01-25 23:26 - 00003994 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3A13A4F5-52CA-47A6-B041-C86BBAA993AA}
2015-02-25 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-25 18:59 - 2014-01-07 23:00 - 00000000 __RDO () C:\Users\michal.sir\SkyDrive
2015-02-25 18:59 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-24 21:49 - 2014-07-10 19:58 - 00000000 ____D () C:\Program Files\trend micro
2015-02-24 06:30 - 2014-01-07 22:18 - 00000000 ____D () C:\Users\michal.sir
2015-02-23 23:09 - 2014-03-10 19:19 - 00000000 ____D () C:\Program Files (x86)\DriverDoc
2015-02-23 20:42 - 2013-02-08 00:55 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2211805086-445478240-3207990257-1002
2015-02-23 20:20 - 2014-01-09 19:26 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-23 20:20 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-23 20:20 - 2012-09-09 06:14 - 00000000 ____D () C:\ProgramData\PDFC
2015-02-23 20:17 - 2013-02-08 00:55 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-02-22 08:07 - 2013-04-09 14:39 - 00000000 ____D () C:\Users\michal.sir\AppData\Roaming\vlc
2015-02-21 22:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-21 21:34 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-20 21:29 - 2013-02-18 22:21 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-20 19:43 - 2013-04-23 15:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-17 12:55 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-17 12:54 - 2012-08-02 22:20 - 00000000 ____D () C:\swsetup
2015-02-12 10:16 - 2013-02-08 00:48 - 00000000 ____D () C:\Users\michal.sir\AppData\Local\Packages
2015-02-12 08:34 - 2013-11-14 13:40 - 01934988 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-12 08:34 - 2013-11-14 13:24 - 00802206 _____ () C:\WINDOWS\system32\perfh005.dat
2015-02-12 08:34 - 2013-11-14 13:24 - 00183700 _____ () C:\WINDOWS\system32\perfc005.dat
2015-02-11 13:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-02-11 13:41 - 2013-02-08 00:50 - 00000000 ____D () C:\Users\michal.sir\AppData\Local\PDFC
2015-02-11 11:12 - 2013-08-25 20:01 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-11 11:09 - 2014-12-12 00:37 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 11:09 - 2014-07-10 19:46 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 11:09 - 2013-02-19 19:35 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-11 11:07 - 2013-02-08 00:48 - 00000000 ____D () C:\Users\michal.sir\AppData\Roaming\Adobe
2015-02-11 09:41 - 2013-02-19 18:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 09:13 - 2013-08-22 15:44 - 05039712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-10 22:29 - 2014-04-15 15:51 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 21:20 - 2013-03-04 20:19 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-02-09 17:28 - 2014-03-11 21:02 - 00000000 ____D () C:\Users\michal.sir\Desktop\Monča koláže
2015-02-08 10:23 - 2013-02-18 22:21 - 00003952 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 10:23 - 2013-02-18 22:20 - 00003716 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-08 10:23 - 2013-02-18 22:20 - 00000976 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 10:12 - 2014-10-17 21:19 - 00000000 ____D () C:\Program Files (x86)\Java
2015-02-08 10:12 - 2014-01-13 16:24 - 00000000 ____D () C:\ProgramData\Oracle
2015-02-08 10:11 - 2014-10-17 21:19 - 00272296 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2015-02-08 10:11 - 2014-10-17 21:19 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2015-02-08 10:11 - 2014-10-17 21:19 - 00176552 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2015-02-08 10:11 - 2014-10-17 21:19 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-02-05 11:16 - 2014-01-18 15:36 - 00000000 ____D () C:\Users\michal.sir\AppData\Local\LogMeIn Client
2015-02-03 20:31 - 2014-05-14 22:22 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-05-14 22:22 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-10-19 14:03 - 2014-10-19 14:03 - 0000057 _____ () C:\ProgramData\Ament.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-23 20:42




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (OS) (Fixed) (Total:682.16 GB) (Free:448.32 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) FAT32
Drive f: (HP_RECOVERY) (Fixed) (Total:12.94 GB) (Free:2.06 GB) NTFS

Available physical RAM: 2088.8 MB
Total physical RAM: 3979.05 MB
Percentage of memory in use: 47%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 698.6 GB) (Disk ID: A50E1C7D)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Users\michal.sir\SkyDrive:ms-properties

==================== Security Center ==================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\michal.sir\Desktop" je 7839 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[altrok]

Jsou s PC nejake konkretni problemy? Jak casto pocitac do modrych smrti (BSOD) pada? Sken z ESET Online Scanneru neco nasel/mazal?

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Zabalte slozku C:\WINDOWS\Minidump do raru/zipu a upnete ji na leteckaposta.cz - link ke stazeni dejte do pristiho postu.

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

• ukoncete vsechny programy
• kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
• kliknete na Scan, pote na Cleaning
• po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

[mykka]

Konkrétní problémy nejsou. Do modré smrti mi počítač spadne cca 2x do měsíce. Eset online scanner našel C: Win32/Systweak.H Win32/Somoto.G. Složku C:/WINDOWS/Minidump mi nejde zabalit do RARu, píše mi to, že byl přístup odepřen.

Dále je log z Adw.Cleaneru:

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 19:21:51
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.1 [Server]
# Operating system : Windows 8.1 (x64)
# Username : michal.sir - NTBMICHAL
# Running from : C:\Users\michal.sir\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\michal.sir\AppData\Roaming\Solvusoft

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKCU\Software\Solvusoft
Key Deleted : HKLM\SOFTWARE\Solvusoft

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Google Chrome v40.0.2214.115


*************************

AdwCleaner[R0].txt - [995 bytes] - [02/03/2015 19:20:29]
AdwCleaner[S0].txt - [888 bytes] - [02/03/2015 19:21:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [946 bytes] ##########

[altrok]

Doporucuju zmenit antivir - Windows Defender ma cca 50% uspesnost detekce ve srovnani s free alternativami napr. avastem nebo avirou viz http://forum.viry.cz/viewtopic.php?f=14 ... 3#p1377913

Velikost plochy by nemela presahovat 200 MB. Zpomaluje se pak start i samotny chod celeho PC.

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [] => [X]
  HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
  HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\MountPoints2: {1bab02ea-f583-11e3-bee2-20689d0d0c3a} - "G:\LG_PC_Programs.exe"
  HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\MountPoints2: {6c7bead0-8f4c-11e2-be7b-20689d0d0c3a} - "G:\iStudio.exe"
  HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\MountPoints2: {70e9b244-9e57-11e3-bec9-20689d0d0c3a} - "G:\LG_PC_Programs.exe" 
  S3 getbus; \??\C:\Users\michal.sir\AppData\Local\Temp\getbus.sys [X]
  
  2015-02-25 19:38 - 2015-02-25 19:38 - 00112640 _____ (forum.viry.cz) C:\Users\michal.sir\Desktop\FRSTLauncher.exe
  2015-02-25 19:36 - 2015-02-25 19:36 - 00112640 _____ (forum.viry.cz) C:\Users\michal.sir\Downloads\Nepotvrzeno 253063.crdownload
  2015-02-24 20:34 - 2015-02-24 20:34 - 01222144 _____ () C:\Users\michal.sir\Downloads\RSITx64 (1).exe
  2015-02-24 21:49 - 2014-07-10 19:58 - 00000000 ____D () C:\Program Files\trend micro
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  C:\Users\michal.sir\AppData\Local\Temp
  End
  

[mykka]

nainstaloval jsem si free verzi Avira
plochu jsem zmenšil na cca 4MB

zde je log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by michal.sir at 2015-03-03 19:51:56 Run:1
Running from C:\Users\michal.sir\Desktop
Loaded Profiles: michal.sir (Available profiles: michal.sir)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-29] (Piriform Ltd)
HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\MountPoints2: {1bab02ea-f583-11e3-bee2-20689d0d0c3a} - "G:\LG_PC_Programs.exe"
HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\MountPoints2: {6c7bead0-8f4c-11e2-be7b-20689d0d0c3a} - "G:\iStudio.exe"
HKU\S-1-5-21-2211805086-445478240-3207990257-1002\...\MountPoints2: {70e9b244-9e57-11e3-bec9-20689d0d0c3a} - "G:\LG_PC_Programs.exe"
S3 getbus; \??\C:\Users\michal.sir\AppData\Local\Temp\getbus.sys [X]

2015-02-25 19:38 - 2015-02-25 19:38 - 00112640 _____ (forum.viry.cz) C:\Users\michal.sir\Desktop\FRSTLauncher.exe
2015-02-25 19:36 - 2015-02-25 19:36 - 00112640 _____ (forum.viry.cz) C:\Users\michal.sir\Downloads\Nepotvrzeno 253063.crdownload
2015-02-24 20:34 - 2015-02-24 20:34 - 01222144 _____ () C:\Users\michal.sir\Downloads\RSITx64 (1).exe
2015-02-24 21:49 - 2014-07-10 19:58 - 00000000 ____D () C:\Program Files\trend micro
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\michal.sir\AppData\Local\Temp
End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS6ServiceManager => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-21-2211805086-445478240-3207990257-1002\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value deleted successfully.
"HKU\S-1-5-21-2211805086-445478240-3207990257-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bab02ea-f583-11e3-bee2-20689d0d0c3a}" => Key deleted successfully.
HKCR\CLSID\{1bab02ea-f583-11e3-bee2-20689d0d0c3a} => Key not found.
"HKU\S-1-5-21-2211805086-445478240-3207990257-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6c7bead0-8f4c-11e2-be7b-20689d0d0c3a}" => Key deleted successfully.
HKCR\CLSID\{6c7bead0-8f4c-11e2-be7b-20689d0d0c3a} => Key not found.
"HKU\S-1-5-21-2211805086-445478240-3207990257-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{70e9b244-9e57-11e3-bec9-20689d0d0c3a}" => Key deleted successfully.
HKCR\CLSID\{70e9b244-9e57-11e3-bec9-20689d0d0c3a} => Key not found.
getbus => Service deleted successfully.
"C:\Users\michal.sir\Desktop\FRSTLauncher.exe" => File/Directory not found.
"C:\Users\michal.sir\Downloads\Nepotvrzeno 253063.crdownload" => File/Directory not found.
C:\Users\michal.sir\Downloads\RSITx64 (1).exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Users\michal.sir\AppData\Local\Temp => Moved successfully.


The system needed a reboot.

==== End of Fixlog 19:51:58 ====

[altrok]

Takze jeste uklidime.

• Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
• Oznacte jen moznost "Remove disinfection tools"
• kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

[mykka]

Mockrát děkuju za Vaší pomoc. Ten závěrečný úklid byl perfektní . Jednoduše všechny pryč. Ještě jednou děkuji. Lze Vám dát nějaké ohodnocení?

S pozdravem
Michal

[altrok]

Nemate zac, rad jsem pomohl

Muj bankovni ucet je xxxxxxxx/xxxx Ale ted vazne... Vase spokojenost a dekuji je pro me dostatecne ohodnoceni
Pripadne je mozne prispet na provoz fora http://forum.viry.cz/viewtopic.php?f=7&t=78175

[mykka]

Můžu tedy ještě jednu otázku? Rád bych smazal zástupce FRST a Adwancecleaneru z plochy, ale při mazání mi vyskočí, že to již není uložené na ploše a nutí mě to přeskočit nebo akci opakovat. Jak se zbavím těchto zástupců?

děkuji

[altrok]

Pokud Vas otazek napada vic, smele do toho.
Odpoved je az hnusne jednoducha... restartem pocitace