Zpomalený hajzl jeden :-)

Zpráva

pampalini · #1 Příspěvek od **pampalini** » 23 čer 2015 19:01

Občas by u pořítače jeden vyrostl...

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014
Ran by user at 2015-06-23 19:54:07
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Balíček ovladače systému Windows - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0) (HKLM\...\BC15EA930074932BB2C4B4493C9FD4EA95087D1A) (Version: 10/12/2007 6.85.4.0 - Nokia)
Balíček ovladače systému Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - )
CCleaner (HKLM-x32\...\CCleaner) (Version: 2.36 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.1.2.678 - CDBurnerXP)
Dropbox (HKU\S-1-5-21-2540154493-900185529-4106278397-1000\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
Elevated Installer (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Smart Security (HKLM\...\{443D1D0A-17E5-4F61-8074-8801BDB430CC}) (Version: 8.0.304.1 - ESET, spol s r. o.)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
FileZilla Client 3.8.0 (HKLM-x32\...\FileZilla Client) (Version: 3.8.0 - Tim Kosse)
foobar2000 v1.1.11 (HKLM-x32\...\foobar2000) (Version: 1.1.11 - Peter Pawlowski)
Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.48.2.WIN.FullTilt.COM - )
Garmin Express (HKLM-x32\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.1.37.5085 - Gretech Corporation)
Google Chrome (HKU\S-1-5-21-2540154493-900185529-4106278397-1000\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2559 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.6.0.1002 - Intel Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.316 - McAfee, Inc.)
Microsoft .NET Framework 4.5 CSY Language Pack (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 cs) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 cs)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.4.0 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 cs)) (Version: 31.4.0 - Mozilla)
MSVC80_x64 (Version: 1.0.1.0 - Nokia) Hidden
MSVC80_x86 (x32 Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
ON_OFF Charge B11.1102.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PC Connectivity Solution (HKLM-x32\...\{AC599724-5755-48C1-ABE7-ABB857652930}) (Version: 8.15.0.0 - Nokia)
Plus500 (HKLM-x32\...\Plus500) (Version: - )
PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
PokerStars.net (HKLM-x32\...\PokerStars.net) (Version: - PokerStars.net)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6511 - Realtek Semiconductor Corp.)
Samsung PC Studio 7 (HKLM-x32\...\Samsung PC Studio 7) (Version: 7.2.20.9 - Samsung)
Samsung PC Studio 7 (x32 Version: 7.2.20.9 - Samsung) Hidden
SamsungConnectivityCableDriver (HKLM-x32\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
Splashtop Connect for Firefox (HKLM-x32\...\{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}) (Version: 1.1.8.4 - Splashtop Inc.)
Splashtop Connect IE (HKLM-x32\...\{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}) (Version: 1.1.13.1 - Splashtop Inc.)
TNod User & Password Finder (HKLM\...\TNod) (Version: 1.4.2.1 - Tukero[X]Team)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.55a - Ghisler Software GmbH)
Unity Web Player (HKU\S-1-5-21-2540154493-900185529-4106278397-1000\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2540154493-900185529-4106278397-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2540154493-900185529-4106278397-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2540154493-900185529-4106278397-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2540154493-900185529-4106278397-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2540154493-900185529-4106278397-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-2540154493-900185529-4106278397-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2540154493-900185529-4106278397-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2540154493-900185529-4106278397-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2540154493-900185529-4106278397-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2540154493-900185529-4106278397-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\user\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2540154493-900185529-4106278397-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

21-04-2015 08:18:56 Naplánovaný kontrolní bod
28-04-2015 09:17:14 Naplánovaný kontrolní bod
07-05-2015 14:15:00 Naplánovaný kontrolní bod
14-05-2015 14:35:53 Naplánovaný kontrolní bod
22-05-2015 14:05:11 Naplánovaný kontrolní bod
31-05-2015 11:19:07 Naplánovaný kontrolní bod
11-06-2015 09:48:53 Naplánovaný kontrolní bod

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00537E71-A39B-4295-9285-E1B69AA19FE2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-09] (Adobe Systems Incorporated)
Task: {98C62E12-E919-43B5-9078-C050EFB590EF} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe
Task: {AC93182C-488C-48B8-8E04-10D0F98C6B8F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: {B7A381CC-3D3C-4CB0-BA5D-3140E50BE957} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-27] (Facebook Inc.)
Task: {C8E0831D-7057-4865-B417-5EDD38FCF161} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-27] (Facebook Inc.)
Task: {FEFA99FC-FC8C-49CE-8644-F1D3049DF06B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-11] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2008-12-06 03:19 - 2008-12-06 03:19 - 00918016 _____ () C:\Program Files (x86)\Samsung\Samsung PC Studio 7\phonebrowser64.dll
2009-05-16 01:20 - 2009-05-16 01:20 - 01103872 _____ () C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSCM64_Samsung.dll
2012-05-10 22:01 - 2011-10-21 18:49 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-05-10 22:15 - 2008-06-15 15:34 - 00071096 _____ () C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
2013-03-07 22:32 - 2013-03-07 22:32 - 00292272 _____ () C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 21014960 _____ () C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 00179632 _____ () C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
2014-10-26 22:30 - 2014-10-26 22:30 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b2363cf94faf59386ab4778a39c16e2b\IsdiInterop.ni.dll
2012-05-10 22:03 - 2011-05-20 10:05 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2540154493-900185529-4106278397-500 - Administrator - Disabled)
Guest (S-1-5-21-2540154493-900185529-4106278397-501 - Limited - Disabled)
user (S-1-5-21-2540154493-900185529-4106278397-1000 - Administrator - Enabled) => C:\Users\user

==================== Faulty Device Manager Devices =============

Name: Standardní klávesnice PS/2
Description: Standardní klávesnice PS/2
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardní klávesnice)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Myš Microsoft pro port PS/2
Description: Myš Microsoft pro port PS/2
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2015 01:33:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 38.0.5.5623, časové razítko: 0x5563c49a
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.18247, časové razítko: 0x521ea8e7
Kód výjimky: 0xc000000d
Posun chyby: 0x00098519
ID chybujícího procesu: 0x1018
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3

Error: (06/21/2015 01:32:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: plugin-container.exe, verze: 38.0.5.5623, časové razítko: 0x5563c49a
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.18247, časové razítko: 0x521ea8e7
Kód výjimky: 0xc000000d
Posun chyby: 0x00098519
ID chybujícího procesu: 0x1294
Čas spuštění chybující aplikace: 0xplugin-container.exe0
Cesta k chybující aplikaci: plugin-container.exe1
Cesta k chybujícímu modulu: plugin-container.exe2
ID zprávy: plugin-container.exe3

Error: (06/15/2015 10:28:24 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1 se nezdařilo.
Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (06/11/2015 09:42:56 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1 se nezdařilo.
Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (05/31/2015 11:12:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1 se nezdařilo.
Závislé sestavení Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (05/31/2015 10:27:14 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 6.1.7601.17567 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 16c

Čas spuštění: 01d09b7a9960797d

Čas ukončení: 436

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: d4fc8440-076e-11e5-8365-50e549e973fb

Error: (05/31/2015 10:20:05 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 6.1.7601.17567 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 108c

Čas spuštění: 01d09b7a5a55f514

Čas ukončení: 452

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: d2f5a6e6-076d-11e5-8365-50e549e973fb

Error: (05/31/2015 10:18:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 6.1.7601.17567 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: e7c

Čas spuštění: 01d09b7a2e8b7d02

Čas ukončení: 437

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: 9642fd42-076d-11e5-8365-50e549e973fb

Error: (05/31/2015 10:17:06 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 6.1.7601.17567 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1378

Čas spuštění: 01d09b790bb9e51b

Čas ukončení: 453

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: 696deb11-076d-11e5-8365-50e549e973fb

Error: (05/31/2015 10:08:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Explorer.EXE verze 6.1.7601.17567 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 5f0

Čas spuštění: 01d09b6159102763

Čas ukončení: 487

Cesta k aplikaci: C:\Windows\Explorer.EXE

ID hlášení:

System errors:
=============
Error: (06/23/2015 07:07:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (pomocí LRPC)

Error: (06/23/2015 07:07:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (06/23/2015 07:06:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Garmin Device Interaction Service neuspěla při spuštění v důsledku následující chyby:
%%1053

Error: (06/23/2015 07:06:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Garmin Device Interaction Service bylo dosaženo časového limitu (30000 ms).

Error: (06/22/2015 07:10:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (pomocí LRPC)

Error: (06/22/2015 07:10:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (06/21/2015 08:01:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)

Error: (06/21/2015 08:00:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Garmin Device Interaction Service neuspěla při spuštění v důsledku následující chyby:
%%1053

Error: (06/21/2015 08:00:57 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Garmin Device Interaction Service bylo dosaženo časového limitu (30000 ms).

Error: (06/20/2015 08:03:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníSpuštění{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (pomocí LRPC)

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU G620 @ 2.60GHz
Percentage of memory in use: 35%
Total physical RAM: 3990.22 MB
Available physical RAM: 2556.28 MB
Total Pagefile: 7978.62 MB
Available Pagefile: 6139.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:146.39 GB) (Free:92.58 GB) NTFS
Drive e: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (DATA) (Fixed) (Total:319.28 GB) (Free:318.78 GB) NTFS
Drive g: () (Fixed) (Total:48.73 GB) (Free:21.1 GB) NTFS
Drive h: () (Fixed) (Total:100.22 GB) (Free:98.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 444E2B5C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 269DB5AD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#2 Příspěvek od **Rudy** » 23 čer 2015 19:03

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

pampalini · #3 Příspěvek od **pampalini** » 23 čer 2015 19:11

zdehle...

# AdwCleaner v4.105 - Report created 23/06/2015 at 20:07:51
# Updated 08/12/2014 by Xplode
# Database : 2015-06-21.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : SCBackService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plus500
Folder Deleted : C:\Program Files (x86)\Plus500
Folder Deleted : C:\users\user\AppData\Local\Plus500
Folder Deleted : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Plus500
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tgy6j7qt.default\searchplugins\my-web-search.xml

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{d9284e50-81fc-11da-a72b-0800200c9a66}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0DEC13F0-5C8C-4147-8329-6CDFAD9755B7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E97F0FA-3B44-4634-A87E-8B0D5CFD6365}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{951F5841-FD1E-4F1D-8607-67B174DBD753}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1CCB0CC-DA45-4797-93D3-DEE7A13F8177}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCE24E28-D8EF-49BE-BC01-A1DD3B58FCE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E4F7F1A5-490E-4884-A9E3-CBD6A25749E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E8E0178-00EF-413D-9324-E7B3E31572E3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66D59105-FE06-43A4-B292-EB0097E9EB74}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Mozilla Firefox v38.0.5 (x86 cs)

[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=E5AAD150-4F6F-41B5-9631-54D4869A50F9&n=77ee89ae&p2=^HJ^xdm073^YY^cz&si=pconverter");
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.enabled", true);
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.lastGuardTime", -1556465987);
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.hp.numGuards", 1);
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2012121518");
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm073^YY^cz");
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconverter");
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "E5AAD150-4F6F-41B5-9631-54D4869A50F9");
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1355643066000");
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", true);
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", true);
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "videodownloadconverter@mindspark.com");
[tgy6j7qt.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");

-\\ Google Chrome v

[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=5DAD9DED-0B65-4308-AFBC-9FF4D779705E&n=780c0104&ind=2014052612&p2=^RG^chr999^YYA^cz&si=640161
[C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=5DAD9DED-0B65-4308-AFBC-9FF4D779705E&n=780c0104&ind=2014052612&p2=^RG^chr999^YYA^cz&si=640161

*************************

AdwCleaner[R0].txt - [7792 octets] - [23/06/2015 20:06:01]
AdwCleaner[S0].txt - [8035 octets] - [23/06/2015 20:07:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8095 octets] ##########

#4 Příspěvek od **Rudy** » 23 čer 2015 19:43

Dejte nový log FRST.

pampalini · #5 Příspěvek od **pampalini** » 24 čer 2015 18:33

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by user (administrator) on USER-PC on 24-06-2015 19:30:34
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Facebook) C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\user\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Google Inc.) C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13370472 2011-11-18] (Realtek Semiconductor)
HKLM\...\Run: [OODefragTray] => C:\Program Files\OO Software\Defrag\oodtray.exe
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-03-04] (Splashtop Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ZyngaGamesAgent] => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-11] (Google Inc.)
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-27] (Facebook Inc.)
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\...\Run: [S60 PC Suite Tray] => C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PCSuite.exe [699392 2008-12-06] ()
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\...\Run: [GarminExpressTrayApp] => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\...\MountPoints2: {bd757dcb-9ad9-11e1-a609-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-18\...\Run: [Samsung.PCSync] => C:\Program Files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe [1294336 2008-09-18] (Time Information Services Ltd.)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\tray.exe [1010008 2015-04-08] (Garmin Ltd. or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2012-05-10]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk [2012-12-23]
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2540154493-900185529-4106278397-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2540154493-900185529-4106278397-1000 -> {383A3A7E-5110-4d46-8D56-D00162403727} URL = http://uk.search.yahoo.com/search?p={se ... ype=IEBDSV
SearchScopes: HKU\S-1-5-21-2540154493-900185529-4106278397-1000 -> {54787263-34FD-49d5-8094-9C7DE36D5BF5} URL = http://www.google.com/cse?cx=partner-pu ... earchTerms}
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\tgy6j7qt.default
FF DefaultSearchEngine: Seznam
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=E5AAD150-4F6F-41B5-9631-54D4869A50F9&n=77ee89ae&ind=2012121518&p2=^HJ^xdm073^YY^cz&si=pconverter&searchfor=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-24] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2540154493-900185529-4106278397-1000: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2540154493-900185529-4106278397-1000: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-2540154493-900185529-4106278397-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-26] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2540154493-900185529-4106278397-1000: facebook.com/fbDesktopPlugin -> C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-06-02]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-05-13]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKU\S-1-5-21-2540154493-900185529-4106278397-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-11]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-11]
CHR Extension: (SiteAdvisor) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2013-07-01]
CHR Extension: (Retrogamer) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihncljabjemfknlkjmhcmhlajcnigaik [2014-05-26]
CHR Extension: (Skype Click to Call) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-05-15]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-15]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-05-11]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
StartMenuInternet: Google Chrome - C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155368 2015-06-04] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2008-06-15] ()
S3 ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [430592 2008-04-07] (Nokia.) [File not signed]
R2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-24] (Splashtop Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21616 2011-11-02] ()
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-10-10] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-10-10] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-10-10] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2014-10-10] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2014-10-10] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-10-10] (ESET)
S3 nmwcdsacjx64; C:\Windows\System32\drivers\nmwcdsacjx64.sys [17408 2007-05-02] (Nokia)
S3 nmwcdsacx64; C:\Windows\System32\drivers\nmwcdsacx64.sys [12288 2007-05-02] (Nokia)
S3 nmwcdsax64; C:\Windows\System32\drivers\nmwcdsax64.sys [171008 2007-05-02] (Nokia)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 19:30 - 2015-06-24 19:31 - 00016550 _____ C:\Users\user\Desktop\FRST.txt
2015-06-24 19:28 - 2015-06-24 19:28 - 00000000 ____D C:\Users\user\Desktop\FRST-OlderVersion
2015-06-23 20:05 - 2015-06-23 20:07 - 00000000 ____D C:\AdwCleaner
2015-06-23 19:56 - 2015-06-23 19:57 - 00000000 ____D C:\havět
2015-06-23 19:52 - 2015-06-24 19:30 - 00000000 ____D C:\FRST
2015-06-23 19:28 - 2015-06-23 19:38 - 00000000 ____D C:\Users\user\Desktop\100OLYMP
2015-06-23 19:16 - 2014-12-20 15:11 - 02166272 _____ C:\Users\user\Desktop\adwcleaner_4.105.exe
2015-06-23 19:15 - 2015-06-24 19:28 - 02109952 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2015-06-23 19:13 - 2015-06-23 19:13 - 00000638 _____ C:\Users\Public\Desktop\Total Commander.lnk
2015-06-23 19:13 - 2015-06-23 19:13 - 00000000 ____D C:\Users\user\AppData\Roaming\GHISLER
2015-06-23 19:13 - 2015-06-23 19:13 - 00000000 ____D C:\totalcmd
2015-06-23 19:13 - 2015-06-23 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2015-06-23 19:13 - 2010-07-07 07:55 - 00000545 _____ C:\Windows\UC.PIF
2015-06-23 19:13 - 2010-07-07 07:55 - 00000545 _____ C:\Windows\RAR.PIF
2015-06-23 19:13 - 2010-07-07 07:55 - 00000545 _____ C:\Windows\PKZIP.PIF
2015-06-23 19:13 - 2010-07-07 07:55 - 00000545 _____ C:\Windows\PKUNZIP.PIF
2015-06-23 19:13 - 2010-07-07 07:55 - 00000545 _____ C:\Windows\NOCLOSE.PIF
2015-06-23 19:13 - 2010-07-07 07:55 - 00000545 _____ C:\Windows\LHA.PIF
2015-06-23 19:13 - 2010-07-07 07:55 - 00000545 _____ C:\Windows\ARJ.PIF
2015-06-22 07:12 - 2015-06-24 06:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-06-03 10:28 - 2015-06-03 10:29 - 00000000 ____D C:\Users\user\Desktop\aaa
2015-06-02 20:49 - 2015-06-03 07:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-05-31 18:32 - 2015-05-31 18:32 - 01089016 _____ (Unity Technologies ApS) C:\Users\user\Downloads\UnityWebPlayer (4).exe
2015-05-31 10:43 - 2015-05-31 10:44 - 00000123 _____ C:\Users\user\Desktop\Modrokvítek.url

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-24 19:15 - 2012-05-10 20:07 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-24 18:50 - 2012-05-11 00:15 - 00000958 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job
2015-06-24 17:50 - 2012-05-11 00:15 - 00000906 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job
2015-06-24 17:17 - 2012-12-23 22:03 - 00000924 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job
2015-06-24 16:15 - 2012-05-10 20:07 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-24 16:15 - 2012-05-10 20:07 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-24 16:15 - 2012-05-10 20:07 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 16:00 - 2012-05-10 15:29 - 01195862 _____ C:\Windows\WindowsUpdate.log
2015-06-24 15:59 - 2009-07-14 17:18 - 00668542 _____ C:\Windows\system32\perfh005.dat
2015-06-24 15:59 - 2009-07-14 17:18 - 00141202 _____ C:\Windows\system32\perfc005.dat
2015-06-24 15:59 - 2009-07-14 07:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-24 15:57 - 2009-07-14 06:45 - 00023152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 15:57 - 2009-07-14 06:45 - 00023152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-24 15:49 - 2014-06-01 10:46 - 00037667 _____ C:\Windows\setupact.log
2015-06-24 15:49 - 2012-05-10 19:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-24 15:49 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-23 23:17 - 2012-12-23 22:03 - 00000902 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job
2015-06-23 20:08 - 2014-06-16 09:44 - 00780830 _____ C:\Windows\PFRO.log
2015-06-10 05:56 - 2012-05-13 20:25 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-06-08 21:46 - 2012-05-10 19:21 - 00000000 ____D C:\Users\user\AppData\Local\Thunderbird
2015-05-27 12:39 - 2012-05-14 20:07 - 00000000 ___RD C:\Program Files (x86)\Skype

==================== Files in the root of some directories =======

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjbpym8.dll
C:\Users\user\AppData\Local\Temp\InstHelper.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-15 10:27

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (SYSTEM) (Fixed) (Total:146.39 GB) (Free:92.64 GB) NTFS
Drive e: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (DATA) (Fixed) (Total:319.28 GB) (Free:318.78 GB) NTFS
Drive g: () (Fixed) (Total:48.73 GB) (Free:21.1 GB) NTFS
Drive h: () (Fixed) (Total:100.22 GB) (Free:98.94 GB) NTFS

Available physical RAM: 2622.81 MB
Total physical RAM: 3990.22 MB
Percentage of memory in use: 34%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 444E2B5C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=319.3 GB) - (Type=07 NTFS)
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 269DB5AD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=48.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100.2 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job => Ż:\ Fj C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: ESET Smart Security 8.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\user\Desktop" je 8711 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#6 Příspěvek od **Rudy** » 24 čer 2015 19:10

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-27] (Facebook Inc.)
c:\Users\user\AppData\Local\Facebook\Update
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsear ... 121518&p2=^HJ^xdm073^YY^cz&si=pconverter&searchfor=
FF Plugin HKU\S-1-5-21-2540154493-900185529-4106278397-1000: facebook.com/fbDesktopPlugin -> C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job
C:\Users\user\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Velikost slozky "C:\Users\user\Desktop" je 8711 MB. To je příliš mnoho. Zpomaluje start. Přesuňte data do některrého adresáře v C:\Users\user a na plochu kvůli snazšímu přístupu dejte zástupce.

pampalini · #7 Příspěvek od **pampalini** » 27 čer 2015 08:41

provedeno, zde je log...

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by user at 2015-06-27 09:38:11 Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\...\Run: [Facebook Update] => C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-12-27] (Facebook Inc.)
c:\Users\user\AppData\Local\Facebook\Update
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
C:\Program Files (x86)\Skype\Toolbars
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsear ... 121518&p2=^HJ^xdm073^YY^cz&si=pconverter&searchfor=
FF Plugin HKU\S-1-5-21-2540154493-900185529-4106278397-1000: facebook.com/fbDesktopPlugin -> C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll [2013-03-07] (Facebook, Inc.)
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job
C:\Users\user\AppData\Local\Temp
End
*****************

HKU\S-1-5-21-2540154493-900185529-4106278397-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => value removed successfully
c:\Users\user\AppData\Local\Facebook\Update => moved successfully.
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe => moved successfully.
C:\Program Files\McAfee Security Scan => moved successfully.
C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe => moved successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-2540154493-900185529-4106278397-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
C:\Program Files (x86)\Skype\Toolbars => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
"HKCR\PROTOCOLS\Handler\skypec2c" => key removed successfully
"HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}" => key removed successfully
Firefox Keyword.URL removed successfully
"HKU\S-1-5-21-2540154493-900185529-4106278397-1000\Software\MozillaPlugins\facebook.com/fbDesktopPlugin" => key removed successfully
C:\Users\user\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll => moved successfully.
C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi => moved successfully.
c2cautoupdatesvc => Service stopped successfully.
c2cautoupdatesvc => Service removed successfully
c2cpnrsvc => Service stopped successfully.
c2cpnrsvc => Service removed successfully
McComponentHostService => Service removed successfully
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job => moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job => moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000UA.job => moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2540154493-900185529-4106278397-1000Core.job => moved successfully.

"C:\Users\user\AppData\Local\Temp" folder move:

Could not move "C:\Users\user\AppData\Local\Temp" folder => Scheduled to move on reboot.

#8 Příspěvek od **Rudy** » 27 čer 2015 10:33

Smazáno. Nastala nějaká změna?

pampalini · #9 Příspěvek od **pampalini** » 29 čer 2015 14:16

Je patrné zrychlení a už se neobjevují dlouhé pauzy. Díky!

pampalini · #10 Příspěvek od **pampalini** » 29 čer 2015 14:24

Mám ale problém s vyskakovací reklamou na noťasu. Zkusil jsem adwcleaner, ale bez úspěchu. Posílám log FRST.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 (ATTENTION: ====> FRST version is 190 days old and could be outdated)
Ran by Pavel (administrator) on VAIČKO on 29-06-2015 15:18:40
Running from C:\Users\Pavel\Desktop
Loaded Profile: Pavel (Available profiles: Pavel)
Platform: Windows 8 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\slsvc.exe
() C:\Windows\PersonalizeEnabler.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(forum.viry.cz) C:\Users\Pavel\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-10-09] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-09] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-03-31] ()
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833024 2014-03-31] (ZONER software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.42.1.37 10.24.1.37

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-1558606403-461566547-1020627287-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2014-12-06]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Google Search) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Screen capture) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\egggddlphjgblkkokllcobdpjhnaphgn [2015-06-27]
CHR Extension: (Google Wallet) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 727e5424; c:\Program Files (x86)\StatEdit\StatEdit.dll [1783808 2015-06-18] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [219776 2012-10-09] (Qualcomm Atheros Commnucations) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 d6b52028; c:\Program Files (x86)\couponight\couponight.dll [1738752 2015-06-26] () [File not signed]
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [639576 2013-05-10] (Sony Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] (Nero AG)
R2 slsvc; C:\Windows\slsvc.exe [10240 2012-09-25] (Microsoft Corporation) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-09] (Atheros) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-09] (Qualcomm Atheros)
S3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-10-09] (Qualcomm Atheros)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-25] (Marvell Semiconductor, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-27] (Synaptics Incorporated)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-28] (Duplex Secure Ltd.)
U3 a2c0msgj; C:\Windows\System32\Drivers\a2c0msgj.sys [0 ] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-06-29 15:18 - 2015-06-29 15:19 - 00013650 _____ () C:\Users\Pavel\Desktop\FRST.txt
2015-06-27 08:39 - 2015-06-27 08:39 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-06-27 02:27 - 2015-06-27 02:27 - 00000000 ____D () C:\Program Files (x86)\Screen capture
2015-06-26 21:52 - 2015-06-29 15:03 - 00000024 _____ () C:\Users\Pavel\AppData\Roaming\appdataFr25.bin
2015-06-26 18:06 - 2015-06-26 18:06 - 00000000 ____D () C:\Program Files (x86)\English dictionary translate pronunciation
2015-06-26 18:06 - 2015-06-26 18:06 - 00000000 ____D () C:\Program Files (x86)\couponight
2015-06-26 18:03 - 2015-06-27 00:03 - 00000368 _____ () C:\Windows\Tasks\BitcoinProtect.job
2015-06-26 18:03 - 2015-06-26 18:03 - 00003254 _____ () C:\Windows\System32\Tasks\BitcoinProtect
2015-06-26 18:03 - 2015-06-26 18:03 - 00000000 ____D () C:\ProgramData\{a2e25f59-5fe3-7290-a2e2-25f595fe7d65}
2015-06-26 18:03 - 2015-06-26 18:03 - 00000000 ____D () C:\Program Files (x86)\WhitECCOUpOn
2015-06-18 18:07 - 2015-06-18 18:07 - 00000000 ____D () C:\Program Files (x86)\StatEdit
2015-06-18 18:06 - 2015-06-18 18:06 - 00000000 ____D () C:\Program Files (x86)\AdKiller for Chrome
2015-06-18 18:05 - 2015-06-18 18:05 - 00000000 ____D () C:\Program Files (x86)\StreamuX
2015-06-18 18:05 - 2015-06-18 18:05 - 00000000 ____D () C:\Program Files (x86)\SStreamXX
2015-06-18 18:04 - 2015-06-18 18:04 - 00000000 ____D () C:\ProgramData\pfmbalgmhjdleaekdaaccldpmpeifofi
2015-06-18 18:03 - 2015-06-27 00:03 - 00000344 _____ () C:\Windows\Tasks\Bidaily Synchronize Task[973b].job
2015-06-18 18:03 - 2015-06-19 18:03 - 00000000 ____D () C:\ProgramData\{96053214-fad9-7ca5-9605-53214fadc853}
2015-06-18 18:03 - 2015-06-18 18:03 - 00003230 _____ () C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b]

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-06-29 15:18 - 2014-12-21 13:32 - 00000000 ____D () C:\FRST
2015-06-29 15:07 - 2014-02-23 19:53 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1558606403-461566547-1020627287-1001
2015-06-29 15:03 - 2014-02-23 19:46 - 01108651 _____ () C:\Windows\WindowsUpdate.log
2015-06-29 15:02 - 2014-04-23 09:16 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Skype
2015-06-29 15:02 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2015-06-28 22:55 - 2014-02-28 12:31 - 00000000 ____D () C:\Users\Pavel\AppData\Local\CrashDumps
2015-06-28 21:51 - 2012-07-26 12:01 - 00727488 _____ () C:\Windows\system32\perfh005.dat
2015-06-28 21:51 - 2012-07-26 12:01 - 00148006 _____ () C:\Windows\system32\perfc005.dat
2015-06-28 21:51 - 2012-07-26 09:28 - 01714430 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-28 21:49 - 2012-07-26 09:21 - 00042515 _____ () C:\Windows\setupact.log
2015-06-28 13:09 - 2014-02-27 00:01 - 00000000 ____D () C:\staženo
2015-06-28 12:50 - 2014-05-14 22:07 - 00000000 ____D () C:\foto2
2015-06-28 12:47 - 2014-03-02 23:44 - 00000000 ____D () C:\Users\Pavel\Documents\Soubory aplikace Outlook
2015-06-27 08:39 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-27 08:38 - 2014-12-21 13:05 - 00000000 ____D () C:\AdwCleaner
2015-06-27 08:38 - 2014-02-23 19:39 - 00055872 _____ () C:\Windows\PFRO.log
2015-06-27 08:38 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-06-27 07:27 - 2014-02-24 19:01 - 00000857 _____ () C:\Users\Pavel\Desktop\Ečko.txt
2015-06-23 12:36 - 2014-03-09 20:51 - 00000000 ____D () C:\filmy
2015-06-21 13:42 - 2014-04-23 10:18 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\vlc
2015-06-15 15:16 - 2014-11-15 13:36 - 00007689 _____ () C:\Users\Pavel\Desktop\recepty.txt
2015-06-15 15:02 - 2014-04-23 09:15 - 00000000 ____D () C:\ProgramData\Skype
2015-06-13 08:13 - 2014-08-21 18:05 - 00009659 _____ () C:\Users\Pavel\AppData\Local\MRDownloader.err
2015-06-13 08:13 - 2014-05-02 16:12 - 00001088 _____ () C:\Users\Pavel\AppData\Local\MRDownloader.nast
2015-06-09 22:36 - 2014-12-22 00:17 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 16:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-06-05 09:29 - 2014-04-23 10:18 - 00001077 _____ () C:\Users\Public\Desktop\VLC media player.lnk

Some content of TEMP:
====================
C:\Users\Pavel\AppData\Local\Temp\Quarantine.exe
C:\Users\Pavel\AppData\Local\Temp\sqlite3.dll
C:\Users\Pavel\AppData\Local\Temp\vlc-2.2.1-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-23 08:41

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Nový svazek) (Fixed) (Total:341.8 GB) (Free:5.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Nový svazek) (Fixed) (Total:123.96 GB) (Free:11.65 GB) NTFS
Drive h: (NIKON D5100) (Removable) (Total:29.88 GB) (Free:11.01 GB) FAT32

Available physical RAM: 6971.8 MB
Total physical RAM: 8107.82 MB
Percentage of memory in use: 14%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A8EC72BC)
Partition 1: (Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=124 GB) - (Type=07 NTFS)
Disk: 1 (Size: 29.9 GB) (Disk ID: 00000000)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{96053214-fad9-7ca5-9605-53214fadc853}\download.exe
Task: C:\Windows\Tasks\BitcoinProtect.job => c:\programdata\{a2e25f59-5fe3-7290-a2e2-25f595fe7d65}\5858055017561576242b.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Pavel\Desktop" je 204 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

pampalini · #11 Příspěvek od **pampalini** » 29 čer 2015 14:38

Pro jistotu posílám i adwcleaner log. Je to hrůza jak je to pomalý....

# AdwCleaner v4.105 - Report created 29/06/2015 at 15:29:43
# Updated 08/12/2014 by Xplode
# Database : 2015-06-23.1 [Live]
# Operating System : Windows 8 Pro (64 bits)
# Username : Pavel - VAIČKO
# Running from : C:\Users\Pavel\Desktop\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.17116

-\\ Google Chrome v43.0.2357.124

[C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
[C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
[C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=U3&apn_dtid=OSJ000SUCZ&apn_uid=57FE5FED-88ED-4808-B13D-B67FA7034F35&apn_sauid=84B44724-72AA-4DD4-9D60-A8EBFF77DB0F

*************************

AdwCleaner[R0].txt - [5942 octets] - [21/12/2014 13:13:19]
AdwCleaner[R1].txt - [1499 octets] - [21/12/2014 16:47:26]
AdwCleaner[R2].txt - [1559 octets] - [21/12/2014 16:54:13]
AdwCleaner[R3].txt - [1025 octets] - [21/12/2014 20:50:48]
AdwCleaner[R4].txt - [8701 octets] - [27/06/2015 08:21:11]
AdwCleaner[R5].txt - [2144 octets] - [27/06/2015 08:35:10]
AdwCleaner[R6].txt - [2264 octets] - [29/06/2015 15:25:43]
AdwCleaner[S0].txt - [5816 octets] - [21/12/2014 13:18:47]
AdwCleaner[S1].txt - [1624 octets] - [21/12/2014 16:56:45]
AdwCleaner[S2].txt - [1087 octets] - [21/12/2014 20:53:50]
AdwCleaner[S3].txt - [6963 octets] - [27/06/2015 08:25:10]
AdwCleaner[S4].txt - [2211 octets] - [27/06/2015 08:38:14]
AdwCleaner[S5].txt - [2191 octets] - [29/06/2015 15:29:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [2251 octets] ##########

#12 Příspěvek od **Rudy** » 29 čer 2015 16:44

Dejte nový log FRST.

pampalini · #13 Příspěvek od **pampalini** » 29 čer 2015 19:15

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 (ATTENTION: ====> FRST version is 190 days old and could be outdated)
Ran by Pavel (administrator) on VAIČKO on 29-06-2015 20:10:27
Running from C:\Users\Pavel\Desktop
Loaded Profile: Pavel (Available profiles: Pavel)
Platform: Windows 8 Pro (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Windows\slsvc.exe
() C:\Windows\PersonalizeEnabler.exe
(StarWind Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(forum.viry.cz) C:\Users\Pavel\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [765056 2012-10-09] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-09] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NBKeyScan] => C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2213160 2007-12-03] (Nero AG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-03-31] ()
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28785792 2015-06-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [Zoner Photo Studio Autoupdate] => C:\PROGRAM FILES\ZONER\PHOTO STUDIO 16\Program32\ZPSTRAY.EXE [833024 2014-03-31] (ZONER software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: NaewSavueer -> {7A2752D3-382A-4FC5-A1FE-0D3CF8A6799C} -> C:\Program Files (x86)\NaewSavueer\rH2Nt9TdVJo8K7.x64.dll ()
BHO-x32: NaewSavueer -> {7A2752D3-382A-4FC5-A1FE-0D3CF8A6799C} -> C:\Program Files (x86)\NaewSavueer\rH2Nt9TdVJo8K7.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.42.1.37 10.24.1.37

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-1558606403-461566547-1020627287-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2014-12-06]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-22]
CHR Extension: (Google Search) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-22]
CHR Extension: (Authy Chrome Extension) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgenkpocbhhddlgkjnfghpjanffonno [2015-06-29]
CHR Extension: (Google Wallet) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-22]
CHR Extension: (Gmail) - C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-22]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 727e5424; c:\Program Files (x86)\StatEdit\StatEdit.dll [1783808 2015-06-18] () [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [219776 2012-10-09] (Qualcomm Atheros Commnucations) [File not signed]
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
R2 d6b52028; c:\Program Files (x86)\couponight\couponight.dll [1738752 2015-06-26] () [File not signed]
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [869672 2007-12-03] (Nero AG)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [639576 2013-05-10] (Sony Corporation)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] (Nero AG)
R2 slsvc; C:\Windows\slsvc.exe [10240 2012-09-25] (Microsoft Corporation) [File not signed]
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-09] (Atheros) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-09] (Qualcomm Atheros)
R3 BTATH_VDP; C:\Windows\system32\drivers\btath_vdp.sys [427416 2012-10-09] (Qualcomm Atheros)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-09-25] (Marvell Semiconductor, Inc.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44344 2012-09-27] (Synaptics Incorporated)
R0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-02-28] (Duplex Secure Ltd.)
U3 a0o229ht; C:\Windows\System32\Drivers\a0o229ht.sys [0 ] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-06-29 16:13 - 2015-06-29 16:13 - 00000000 ____D () C:\Program Files (x86)\NewSoaver
2015-06-29 16:13 - 2015-06-29 16:13 - 00000000 ____D () C:\Program Files (x86)\NaewSavueer
2015-06-29 16:12 - 2015-06-29 16:13 - 00000000 ____D () C:\ProgramData\10104024145717730949
2015-06-29 16:12 - 2015-06-29 16:12 - 00000000 ____D () C:\Program Files (x86)\NeWSaverr
2015-06-29 16:12 - 2015-06-29 16:12 - 00000000 ____D () C:\Program Files (x86)\Authy Chrome Extension
2015-06-29 15:18 - 2015-06-29 20:10 - 00013581 _____ () C:\Users\Pavel\Desktop\FRST.txt
2015-06-27 08:39 - 2015-06-27 08:39 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-06-27 02:27 - 2015-06-27 02:27 - 00000000 ____D () C:\Program Files (x86)\Screen capture
2015-06-26 21:52 - 2015-06-29 15:03 - 00000024 _____ () C:\Users\Pavel\AppData\Roaming\appdataFr25.bin
2015-06-26 18:06 - 2015-06-26 18:06 - 00000000 ____D () C:\Program Files (x86)\English dictionary translate pronunciation
2015-06-26 18:06 - 2015-06-26 18:06 - 00000000 ____D () C:\Program Files (x86)\couponight
2015-06-26 18:03 - 2015-06-29 18:03 - 00000368 _____ () C:\Windows\Tasks\BitcoinProtect.job
2015-06-26 18:03 - 2015-06-26 18:03 - 00003254 _____ () C:\Windows\System32\Tasks\BitcoinProtect
2015-06-26 18:03 - 2015-06-26 18:03 - 00000000 ____D () C:\ProgramData\{a2e25f59-5fe3-7290-a2e2-25f595fe7d65}
2015-06-26 18:03 - 2015-06-26 18:03 - 00000000 ____D () C:\Program Files (x86)\WhitECCOUpOn
2015-06-18 18:07 - 2015-06-18 18:07 - 00000000 ____D () C:\Program Files (x86)\StatEdit
2015-06-18 18:06 - 2015-06-18 18:06 - 00000000 ____D () C:\Program Files (x86)\AdKiller for Chrome
2015-06-18 18:05 - 2015-06-18 18:05 - 00000000 ____D () C:\Program Files (x86)\StreamuX
2015-06-18 18:05 - 2015-06-18 18:05 - 00000000 ____D () C:\Program Files (x86)\SStreamXX
2015-06-18 18:04 - 2015-06-18 18:04 - 00000000 ____D () C:\ProgramData\pfmbalgmhjdleaekdaaccldpmpeifofi
2015-06-18 18:03 - 2015-06-29 18:03 - 00000344 _____ () C:\Windows\Tasks\Bidaily Synchronize Task[973b].job
2015-06-18 18:03 - 2015-06-19 18:03 - 00000000 ____D () C:\ProgramData\{96053214-fad9-7ca5-9605-53214fadc853}
2015-06-18 18:03 - 2015-06-18 18:03 - 00003230 _____ () C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b]

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-06-29 20:10 - 2014-12-21 13:32 - 00000000 ____D () C:\FRST
2015-06-29 20:00 - 2014-04-23 09:16 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\Skype
2015-06-29 20:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru
2015-06-29 16:05 - 2014-02-23 19:53 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1558606403-461566547-1020627287-1001
2015-06-29 15:36 - 2012-07-26 12:01 - 00727488 _____ () C:\Windows\system32\perfh005.dat
2015-06-29 15:36 - 2012-07-26 12:01 - 00148006 _____ () C:\Windows\system32\perfc005.dat
2015-06-29 15:36 - 2012-07-26 09:28 - 01714430 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-29 15:30 - 2014-02-23 19:39 - 00056186 _____ () C:\Windows\PFRO.log
2015-06-29 15:30 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-29 15:29 - 2014-12-21 13:05 - 00000000 ____D () C:\AdwCleaner
2015-06-29 15:22 - 2014-02-23 19:46 - 01109981 _____ () C:\Windows\WindowsUpdate.log
2015-06-28 22:55 - 2014-02-28 12:31 - 00000000 ____D () C:\Users\Pavel\AppData\Local\CrashDumps
2015-06-28 21:49 - 2012-07-26 09:21 - 00042515 _____ () C:\Windows\setupact.log
2015-06-28 13:09 - 2014-02-27 00:01 - 00000000 ____D () C:\staženo
2015-06-28 12:50 - 2014-05-14 22:07 - 00000000 ____D () C:\foto2
2015-06-28 12:47 - 2014-03-02 23:44 - 00000000 ____D () C:\Users\Pavel\Documents\Soubory aplikace Outlook
2015-06-27 08:38 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-06-27 07:27 - 2014-02-24 19:01 - 00000857 _____ () C:\Users\Pavel\Desktop\Ečko.txt
2015-06-23 12:36 - 2014-03-09 20:51 - 00000000 ____D () C:\filmy
2015-06-21 13:42 - 2014-04-23 10:18 - 00000000 ____D () C:\Users\Pavel\AppData\Roaming\vlc
2015-06-15 15:16 - 2014-11-15 13:36 - 00007689 _____ () C:\Users\Pavel\Desktop\recepty.txt
2015-06-15 15:02 - 2014-04-23 09:15 - 00000000 ____D () C:\ProgramData\Skype
2015-06-13 08:13 - 2014-08-21 18:05 - 00009659 _____ () C:\Users\Pavel\AppData\Local\MRDownloader.err
2015-06-13 08:13 - 2014-05-02 16:12 - 00001088 _____ () C:\Users\Pavel\AppData\Local\MRDownloader.nast
2015-06-09 22:36 - 2014-12-22 00:17 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-09 16:06 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\NDF
2015-06-05 09:29 - 2014-04-23 10:18 - 00001077 _____ () C:\Users\Public\Desktop\VLC media player.lnk

Some content of TEMP:
====================
C:\Users\Pavel\AppData\Local\Temp\Quarantine.exe
C:\Users\Pavel\AppData\Local\Temp\sqlite3.dll
C:\Users\Pavel\AppData\Local\Temp\vlc-2.2.1-win32.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-06-23 08:41

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Nový svazek) (Fixed) (Total:341.8 GB) (Free:5.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Nový svazek) (Fixed) (Total:123.96 GB) (Free:11.65 GB) NTFS
Drive h: (NIKON D5100) (Removable) (Total:29.88 GB) (Free:11.01 GB) FAT32

Available physical RAM: 6839.02 MB
Total physical RAM: 8107.82 MB
Percentage of memory in use: 15%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A8EC72BC)
Partition 1: (Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=124 GB) - (Type=07 NTFS)
Disk: 1 (Size: 29.9 GB) (Disk ID: 00000000)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{96053214-fad9-7ca5-9605-53214fadc853}\download.exe
Task: C:\Windows\Tasks\BitcoinProtect.job => c:\programdata\{a2e25f59-5fe3-7290-a2e2-25f595fe7d65}\5858055017561576242b.exe

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Pavel\Desktop" je 204 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

==================== End Of Log ==============================

#14 Příspěvek od **Rudy** » 29 čer 2015 20:34

Máte nějakou starou verzi FRST. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: NaewSavueer -> {7A2752D3-382A-4FC5-A1FE-0D3CF8A6799C} -> C:\Program Files (x86)\NaewSavueer\rH2Nt9TdVJo8K7.x64.dll ()
BHO-x32: NaewSavueer -> {7A2752D3-382A-4FC5-A1FE-0D3CF8A6799C} -> C:\Program Files (x86)\NaewSavueer\rH2Nt9TdVJo8K7.dll ()
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 727e5424; c:\Program Files (x86)\StatEdit\StatEdit.dll [1783808 2015-06-18] () [File not signed]
R2 d6b52028; c:\Program Files (x86)\couponight\couponight.dll [1738752 2015-06-26] () [File not signed]
C:\ProgramData\10104024145717730949
C:\Program Files (x86)\NewSoaver
C:\Program Files (x86)\NaewSavueer
C:\Program Files (x86)\NeWSaverr
C:\Windows\System32\Tasks\BitcoinProtect
C:\Program Files (x86)\WhitECCOUpOn
C:\Program Files (x86)\StatEdit
C:\Program Files (x86)\StreamuX
C:\Program Files (x86)\SStreamXX
C:\ProgramData\pfmbalgmhjdleaekdaaccldpmpeifofi
C:\Windows\Tasks\Bidaily Synchronize Task[973b].job
C:\ProgramData\{96053214-fad9-7ca5-9605-53214fadc853}
C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b]
C:\Users\Pavel\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

pampalini · #15 Příspěvek od **pampalini** » 29 čer 2015 20:51

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-12-2014
Ran by Pavel at 2015-06-29 21:49:25 Run:3
Running from C:\Users\Pavel\Desktop
Loaded Profile: Pavel (Available profiles: Pavel)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-1558606403-461566547-1020627287-1001\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1688872 2007-12-13] (Nero AG)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: NaewSavueer -> {7A2752D3-382A-4FC5-A1FE-0D3CF8A6799C} -> C:\Program Files (x86)\NaewSavueer\rH2Nt9TdVJo8K7.x64.dll ()
BHO-x32: NaewSavueer -> {7A2752D3-382A-4FC5-A1FE-0D3CF8A6799C} -> C:\Program Files (x86)\NaewSavueer\rH2Nt9TdVJo8K7.dll ()
CHR dev: Chrome dev build detected! <======= ATTENTION
R2 727e5424; c:\Program Files (x86)\StatEdit\StatEdit.dll [1783808 2015-06-18] () [File not signed]
R2 d6b52028; c:\Program Files (x86)\couponight\couponight.dll [1738752 2015-06-26] () [File not signed]
C:\ProgramData\10104024145717730949
C:\Program Files (x86)\NewSoaver
C:\Program Files (x86)\NaewSavueer
C:\Program Files (x86)\NeWSaverr
C:\Windows\System32\Tasks\BitcoinProtect
C:\Program Files (x86)\WhitECCOUpOn
C:\Program Files (x86)\StatEdit
C:\Program Files (x86)\StreamuX
C:\Program Files (x86)\SStreamXX
C:\ProgramData\pfmbalgmhjdleaekdaaccldpmpeifofi
C:\Windows\Tasks\Bidaily Synchronize Task[973b].job
C:\ProgramData\{96053214-fad9-7ca5-9605-53214fadc853}
C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b]
C:\Users\Pavel\AppData\Local\Temp
End
*****************

HKU\S-1-5-21-1558606403-461566547-1020627287-1001\Software\Microsoft\Windows\CurrentVersion\Run\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => value deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A2752D3-382A-4FC5-A1FE-0D3CF8A6799C}" => Key deleted successfully.
"HKCR\CLSID\{7A2752D3-382A-4FC5-A1FE-0D3CF8A6799C}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7A2752D3-382A-4FC5-A1FE-0D3CF8A6799C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{7A2752D3-382A-4FC5-A1FE-0D3CF8A6799C}" => Key deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
727e5424 => Service deleted successfully.
d6b52028 => Service deleted successfully.
C:\ProgramData\10104024145717730949 => Moved successfully.
C:\Program Files (x86)\NewSoaver => Moved successfully.
C:\Program Files (x86)\NaewSavueer => Moved successfully.
C:\Program Files (x86)\NeWSaverr => Moved successfully.
C:\Windows\System32\Tasks\BitcoinProtect => Moved successfully.
C:\Program Files (x86)\WhitECCOUpOn => Moved successfully.
C:\Program Files (x86)\StatEdit => Moved successfully.
C:\Program Files (x86)\StreamuX => Moved successfully.
C:\Program Files (x86)\SStreamXX => Moved successfully.
C:\ProgramData\pfmbalgmhjdleaekdaaccldpmpeifofi => Moved successfully.
C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => Moved successfully.
C:\ProgramData\{96053214-fad9-7ca5-9605-53214fadc853} => Moved successfully.
C:\Windows\System32\Tasks\Bidaily Synchronize Task[973b] => Moved successfully.
C:\Users\Pavel\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

VIRY.CZ

Zpomalený hajzl jeden :-)

Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)

Re: Zpomalený hajzl jeden :-)