Preventivní kontrola

Zpráva

Mineas · #1 Příspěvek od **Mineas** » 13 lis 2014 21:42

Ahoj. Poslední dny se mi zpomalila Firefox a některé programy se spouštějí déle, než bych čekal. Prosím proto o preventivní kontrolu, jestli to souvisí jen s nějakou aktualizací nebo mám v NB nezvaného hosta.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Mineas at 2014-11-13 21:32:52
Microsoft Windows 8.1 Pro
System drive C: has 70 GB (70%) free of 100 GB
Total RAM: 1913 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:33:10, on 13. 11. 2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17344)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\skydrive.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\System32\TpShocks.exe
C:\Users\Mineas\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\system32\wwahost.exe
C:\Windows\System32\SettingSyncHost.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_6.3.9654.20335_x86__8wekyb3d8bbwe\Time.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
D:\Programy\Údržba\RSIT.exe
C:\Program Files\trend micro\Mineas.exe
C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Mineas\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{B11631CB-85D2-4EF2-9573-54309AA33DD5}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{B11631CB-85D2-4EF2-9573-54309AA33DD5}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @oem1.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Lenovo. - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe

--
End of file - 5111 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\Mineas\AppData\Roaming\Mozilla\Firefox\Profiles\lxtpx2rv.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://google.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.223 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.60.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/Lync,version=15.0]
"Description"=Microsoft Lync Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

C:\Users\Mineas\AppData\Roaming\Mozilla\Firefox\Profiles\lxtpx2rv.default\extensions\
cs@dictionaries.addons.mozilla.org
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2014-08-26 153240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-07 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2014-09-25 1729232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-07 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"TpShocks"=C:\Windows\system32\TpShocks.exe [2014-02-17 342360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"googletalk"=C:\Users\Mineas\AppData\Roaming\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2c.sys]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"vidc.cvid"=iccvid.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-11 06:42:33 ----D---- C:\rsit
2014-11-10 15:38:52 ----D---- C:\Program Files\Mozilla Firefox
2014-11-01 12:24:30 ----D---- C:\Users\Mineas\AppData\Roaming\dvdcss
2014-10-16 19:35:43 ----A---- C:\Windows\system32\msi.dll
2014-10-16 19:35:41 ----A---- C:\Windows\system32\authui.dll
2014-10-16 19:35:41 ----A---- C:\Windows\system32\appinfo.dll
2014-10-16 19:35:33 ----A---- C:\Windows\system32\MrmCoreR.dll
2014-10-16 19:35:20 ----A---- C:\Windows\system32\winbici.dll
2014-10-16 15:20:28 ----A---- C:\Windows\system32\packager.dll
2014-10-16 15:20:16 ----A---- C:\Windows\system32\mshtml.dll
2014-10-16 15:19:57 ----A---- C:\Windows\system32\jscript9.dll
2014-10-16 15:19:54 ----A---- C:\Windows\system32\ieframe.dll
2014-10-16 15:19:52 ----A---- C:\Windows\system32\iertutil.dll
2014-10-16 15:19:51 ----A---- C:\Windows\system32\wininet.dll
2014-10-16 15:19:50 ----A---- C:\Windows\system32\urlmon.dll
2014-10-16 15:19:49 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-16 15:19:47 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-16 15:19:47 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-16 15:19:43 ----A---- C:\Windows\system32\vbscript.dll
2014-10-16 15:19:43 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-16 15:19:43 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-10-16 15:19:43 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-16 15:19:42 ----A---- C:\Windows\system32\ieapfltr.dll
2014-10-16 15:17:18 ----A---- C:\Windows\system32\rastls.dll
2014-10-16 15:17:15 ----A---- C:\Windows\system32\wuaueng.dll
2014-10-16 15:17:15 ----A---- C:\Windows\system32\wuapi.dll
2014-10-16 15:17:14 ----A---- C:\Windows\system32\wuwebv.dll
2014-10-16 15:17:14 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2014-10-16 15:17:14 ----A---- C:\Windows\system32\wudriver.dll
2014-10-16 15:17:14 ----A---- C:\Windows\system32\wucltux.dll
2014-10-16 15:17:14 ----A---- C:\Windows\system32\wuauclt.exe
2014-10-16 15:17:13 ----A---- C:\Windows\system32\wuapp.exe
2014-10-16 11:20:10 ----A---- C:\Windows\system32\shell32.dll
2014-10-16 11:20:09 ----A---- C:\Windows\system32\Windows.UI.Search.dll
2014-10-16 11:20:07 ----A---- C:\Windows\system32\mstscax.dll
2014-10-16 11:20:06 ----A---- C:\Windows\system32\SyncEngine.dll
2014-10-16 11:20:04 ----A---- C:\Windows\system32\SearchFolder.dll
2014-10-16 11:20:04 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-10-16 11:20:03 ----A---- C:\Windows\system32\ntdll.dll
2014-10-16 11:19:59 ----A---- C:\Windows\system32\KernelBase.dll
2014-10-16 11:19:58 ----A---- C:\Windows\system32\WSShared.dll
2014-10-16 11:19:58 ----A---- C:\Windows\system32\iphlpsvc.dll
2014-10-16 11:19:57 ----A---- C:\Windows\system32\Wldap32.dll
2014-10-16 11:19:57 ----A---- C:\Windows\system32\SystemEventsBrokerServer.dll
2014-10-16 11:19:57 ----A---- C:\Windows\system32\propsys.dll
2014-10-16 11:19:55 ----A---- C:\Windows\system32\bisrv.dll
2014-10-16 11:19:54 ----A---- C:\Windows\system32\pcsvDevice.dll
2014-10-16 11:19:54 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-10-16 11:19:53 ----A---- C:\Windows\system32\httpprxm.dll
2014-10-16 11:19:53 ----A---- C:\Windows\system32\adhsvc.dll
2014-10-16 11:19:50 ----A---- C:\Windows\system32\SkyDriveShell.dll
2014-10-16 11:19:49 ----A---- C:\Windows\system32\SkyDriveTelemetry.dll
2014-10-16 11:19:45 ----A---- C:\Windows\system32\ProximityService.dll
2014-10-16 11:19:41 ----A---- C:\Windows\system32\SkyDrive.exe
2014-10-16 11:19:36 ----A---- C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-10-16 07:32:02 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2014-11-13 21:33:06 ----D---- C:\Windows\Prefetch
2014-11-13 21:32:57 ----D---- C:\Program Files\trend micro
2014-11-13 21:29:37 ----D---- C:\Users\Mineas\AppData\Roaming\vlc
2014-11-13 21:00:00 ----D---- C:\Windows\system32\sru
2014-11-13 19:14:21 ----D---- C:\Windows\SoftwareDistribution
2014-11-13 19:14:21 ----D---- C:\Windows
2014-11-13 19:14:20 ----D---- C:\Windows\Temp
2014-11-13 10:29:13 ----D---- C:\Windows\system32\NDF
2014-11-13 10:22:24 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-11-13 09:03:14 ----D---- C:\Windows\system32\config
2014-11-13 08:57:43 ----RD---- C:\Windows\System32
2014-11-13 08:57:43 ----D---- C:\Windows\WinSxS
2014-11-13 08:56:39 ----SHD---- C:\System Volume Information
2014-11-13 01:02:56 ----D---- C:\Windows\system32\catroot2
2014-11-13 01:02:50 ----D---- C:\Windows\CbsTemp
2014-11-12 13:45:50 ----D---- C:\Windows\Microsoft.NET
2014-11-12 12:35:38 ----D---- C:\Windows\AppReadiness
2014-11-12 12:35:37 ----HD---- C:\Program Files\WindowsApps
2014-11-10 20:08:42 ----RD---- C:\Program Files
2014-11-10 01:56:02 ----D---- C:\Windows\inf
2014-11-09 22:32:46 ----D---- C:\Users\Mineas\AppData\Roaming\FileZilla
2014-11-07 19:05:12 ----D---- C:\Windows\debug
2014-11-06 15:31:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-01 12:30:37 ----HD---- C:\ProgramData
2014-10-30 23:27:54 ----D---- C:\Program Files\Opera
2014-10-30 23:27:53 ----D---- C:\Windows\system32\Tasks
2014-10-30 22:32:42 ----D---- C:\Program Files\FileZilla FTP Client
2014-10-30 12:24:45 ----N---- C:\Windows\system32\MpSigStub.exe
2014-10-30 01:55:02 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2014-10-23 09:52:50 ----RSD---- C:\Windows\assembly
2014-10-23 06:32:18 ----SHD---- C:\Windows\Installer
2014-10-23 06:32:06 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2014-10-23 06:29:14 ----D---- C:\Program Files\Microsoft Office 15
2014-10-20 18:22:19 ----D---- C:\Windows\system32\wdi
2014-10-18 17:10:30 ----D---- C:\Windows\system32\DriverStore
2014-10-18 13:56:49 ----D---- C:\Windows\rescache
2014-10-17 08:50:54 ----D---- C:\Windows\MediaViewer
2014-10-17 08:50:54 ----D---- C:\Windows\Camera
2014-10-17 08:50:53 ----RD---- C:\Windows\ToastData
2014-10-17 08:50:53 ----D---- C:\Windows\FileManager
2014-10-17 08:50:50 ----D---- C:\Windows\WinStore
2014-10-17 08:50:49 ----D---- C:\Windows\system32\Drivers
2014-10-17 08:50:49 ----D---- C:\Windows\system32\cs-CZ
2014-10-17 08:50:48 ----D---- C:\Program Files\Internet Explorer
2014-10-15 22:55:40 ----D---- C:\Windows\system32\MRT
2014-10-15 22:47:44 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Shockprf;Shockprf; C:\Windows\System32\DRIVERS\Apsx86.sys [2014-01-29 133944]
R0 TPDIGIMN;TPDIGIMN; C:\Windows\System32\DRIVERS\ApsHM86.sys [2014-01-29 24888]
R0 Wof;Windows Overlay File System Filter Driver; C:\Windows\system32\drivers\Wof.sys [2014-03-13 138584]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2013-03-04 30616]
R1 MpKsl843a9ecc;MpKsl843a9ecc; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C00E71C-4D57-4492-8D66-F1D011924771}\MpKsl843a9ecc.sys []
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-30 57344]
R3 IBMPMDRV;IBMPMDRV; C:\Windows\system32\DRIVERS\ibmpmdrv.sys [2014-02-27 45880]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2012-03-23 9036288]
R3 NETwNs32;@netwns32.inf,___ %NIC_Service_DispName_WIN7%;___ Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows 7; C:\Windows\system32\DRIVERS\NETwNs32.sys [2013-06-18 7518208]
R3 RTL8168;@netrt630x86.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\Windows\system32\DRIVERS\Rt630x86.sys [2013-06-18 490496]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2013-11-15 39280]
R3 SynTP;@oem6.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2013-11-15 348016]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-08-22 176768]
R3 VClone;VClone; C:\Windows\System32\drivers\VClone.sys [2013-07-24 29696]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 GPIO;@iaiogpio.inf,%GPIO.SVCDESC%;Intel SoC GPIO Controller Driver; C:\Windows\System32\drivers\iaiogpio.sys [2013-07-23 22016]
S3 iaioi2c;@iaioi2c.inf,%Driver_Service.Desc%;Intel(R) Atom(TM) Processor I2C Controller Service; C:\Windows\System32\drivers\iaioi2c.sys [2013-07-23 61936]
S3 WSDPrintDevice;@WSDPrint.Inf,%WSDPrintDevice.SVCDESC%;WSD Print Support; C:\Windows\System32\drivers\WSDPrint.sys [2013-08-22 16384]
S3 WSDScan;@sti.inf,%WSDScan.SvcDesc%;Podpora skenování WSD; C:\Windows\system32\DRIVERS\WSDScan.sys [2013-08-22 17920]
S3 WUDFWpdFs;WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [2014-05-31 188416]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2014-09-25 1669296]
R2 IBMPMSVC;@oem1.inf,%ibm.svcDesc0%;Lenovo PM Service; C:\Windows\system32\ibmpmsvc.exe [2014-02-27 56664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2014-05-31 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11 267440]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2013-08-03 43696]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-10 114288]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-09-12 150600]
S3 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2014-04-24 24560]
S3 TPHDEXLGSVC;ThinkPad HDD APS Logging Service; C:\Windows\System32\TPHDEXLG.exe [2014-01-29 42296]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 13 lis 2014 22:28

Dobry vecer Vam preju

Odinstalujte SpyHunter

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Clean
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Mineas · #3 Příspěvek od **Mineas** » 13 lis 2014 23:35

SpyHuntera jsem nenašel, jen složku, kde byly dat a textové soubory a jeden log. Nebyl k nalezení v systému, nevidí jej CCleaner, není tam odinstalační ani spouštěcí program. Odstranil jsem složku a pokračuji dalším krokem zítra.

Oprava: po projetí CCleanerem našel v registrech Problém instalačního souboru: SpyHunter, tak tam asi opravdu něco viselo. Dal jsem opravit.

#4 Příspěvek od **altrok** » 13 lis 2014 23:43

Mineas · #5 Příspěvek od **Mineas** » 16 lis 2014 00:29

# AdwCleaner v4.101 - Report created 16/11/2014 at 00:22:41
# Updated 09/11/2014 by Xplode
# Database : 2014-11-13.1 [Live]
# Operating System : Windows 8.1 Pro (32 bits)
# Username : Mineas - NB_MINEAS
# Running from : C:\Users\Mineas\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : D:\Dokumenty\Updater

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F8623C6-C055-45A3-B6AE-1BDE4A197E0E}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v33.1 (x86 cs)

-\\ Opera v25.0.1614.68

*************************

AdwCleaner[R0].txt - [3020 octets] - [01/07/2014 21:09:14]
AdwCleaner[R1].txt - [1028 octets] - [16/11/2014 00:17:03]
AdwCleaner[S0].txt - [3147 octets] - [01/07/2014 21:10:34]
AdwCleaner[S1].txt - [955 octets] - [16/11/2014 00:22:41]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1014 octets] ##########

#6 Příspěvek od **altrok** » 16 lis 2014 00:32

Ulozte na plochu zoek.exe http://hijackthis.nl/smeenk/zoek.htm

spustte jako spravce
do velkeho okna zkopirujte script uvedeny nize
kliknete na Run script
po restartu na Vas vyskoci log (pripadne jej najdete v C:\zoek-results.log) - vlozte mi jej do pristi odpovedi
Kód: Vybrat vše
```
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
```

Mineas · #7 Příspěvek od **Mineas** » 16 lis 2014 01:06

Zoek.exe v5.0.0.0 Updated 15-November-2014
Tool run by Mineas on ne 16. 11. 2014 at 0:34:37,37.
Microsoft Windows 8.1 Pro 6.3.9600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Mineas\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

16. 11. 2014 0:36:28 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Mineas\AppData\Roaming\Mozilla\Firefox\Profiles\lxtpx2rv.default\prefs.js:
user_pref("browser.startup.homepage", "http://google.com/");
user_pref("browser.search.defaultenginename", "Search");
user_pref("browser.search.selectedEngine", "Search");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Mineas\AppData\Roaming\Mozilla\Firefox\Profiles\lxtpx2rv.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\user.js deleted
C:\Users\Mineas\AppData\Roaming\Thinstall deleted
C:\Users\Mineas\AppData\Local\Thinstall deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{F74D5734-46F5-4B16-96F0-1E7FBF41B750}"="C:\Program Files\Lenovo\Password Manager\PWM Firefox Extension\2.0b12" [31. 05. 2014 15:07]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Mineas\AppData\Roaming\Mozilla\Firefox\Profiles\lxtpx2rv.default
- Undetermined - {B17C1C5A-04B1-11DB-9804-B622A1EF5492}
- Undetermined - {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- esk slovnk pro kontrolu pravopisu - %ProfilePath%\extensions\cs@dictionaries.addons.mozilla.org
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- Password Exporter - %ProfilePath%\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Mineas\AppData\Roaming\Mozilla\Firefox\Profiles\lxtpx2rv.default
67D325B5AEB28E381B84E8DE1A90C7A8 - C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll - Shockwave Flash
D6ED6EB98E759460AD8C66DE23070132 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
9419AA8A2799526EC32B473C2BB7A10D - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa
6897943E58D779D1C7CB74191931B1D5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U60
7BF7103176DBFC80A31E275F7ED7918C - C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.600.19
893BF7D2261C56C24F813405D9D018E0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll - Silverlight Plug-In
8DA2ED6B04EA33F2EAE8BA883F903729 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll - Microsoft® Silverlight

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
geempcnjhccnoepfmahaeemnnfnignab - C:\Program Files\Lenovo\Password Manager\chrome_npapi_extension.crx[27. 03. 2014 14:01]

==== Chromium Startpages ======================

C:\Users\Mineas\AppData\Roaming\Opera Software\Opera Stable\Preferences
"startup_urls": [ "http://google.cz/" ],

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{BB29D004-8FDF-4C32-92DA-47BE6BA457E5}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IESR02"
{BB29D004-8FDF-4C32-92DA-47BE6BA457E5} Google Url="http://www.google.com/search?q={searchT ... f8&oe=utf8"

==== Reset Google Chrome ======================

C:\Users\Mineas\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Mineas\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Users\Mineas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mineas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Mineas\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Mineas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Mineas\AppData\Local\Mozilla\Firefox\Profiles\lxtpx2rv.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Mineas\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=8 folders=7 91138 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Mineas\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Mineas\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on ne 16. 11. 2014 at 1:00:57,25 ======================

#8 Příspěvek od **altrok** » 16 lis 2014 01:10

Dejte novy log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

Mineas · #9 Příspěvek od **Mineas** » 16 lis 2014 15:00

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-11-2014 01
Ran by Mineas (administrator) on NB_MINEAS on 16-11-2014 14:56:06
Running from C:\Users\Mineas\Desktop
Loaded Profile: Mineas (Available profiles: Mineas)
Platform: Microsoft Windows 8.1 Pro (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\RuntimeBroker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [342360 2014-02-17] (Lenovo.)
HKU\S-1-5-21-2347017163-1340875117-3922147388-1001\...\Run: [googletalk] => C:\Users\Mineas\AppData\Roaming\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B11631CB-85D2-4EF2-9573-54309AA33DD5}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Mineas\AppData\Roaming\Mozilla\Firefox\Profiles\lxtpx2rv.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\Mineas\AppData\Roaming\Mozilla\Firefox\Profiles\lxtpx2rv.default\Extensions\cs@dictionaries.addons.mozilla.org [2014-11-11]
FF Extension: DownloadHelper - C:\Users\Mineas\AppData\Roaming\Mozilla\Firefox\Profiles\lxtpx2rv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Password Exporter - C:\Users\Mineas\AppData\Roaming\Mozilla\Firefox\Profiles\lxtpx2rv.default\Extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2014-05-31]
FF Extension: Adblock Plus - C:\Users\Mineas\AppData\Roaming\Mozilla\Firefox\Profiles\lxtpx2rv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-06-06]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [geempcnjhccnoepfmahaeemnnfnignab] - C:\Program Files\Lenovo\Password Manager\chrome_npapi_extension.crx [2014-03-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-05-31] (Adobe Systems) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1669296 2014-09-25] (Microsoft Corporation)
S3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [105472 2013-08-22] (Microsoft Corporation)
S3 SUService; C:\Program Files\Lenovo\System Update\SUService.exe [24560 2014-04-24] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [288128 2014-09-22] (Microsoft Corporation)
S3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [20992 2013-08-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [22192 2014-09-22] (Microsoft Corporation)
S3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1222144 2014-07-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [25600 2014-03-18] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 GPIO; C:\Windows\System32\drivers\iaiogpio.sys [22016 2013-07-23] (Intel Corporation)
R1 MpKslb44f726f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8ECBB0C0-E288-42BE-94B9-F999D4000A12}\MpKslb44f726f.sys [39464 2014-11-16] (Microsoft Corporation)
R3 NETwNs32; C:\Windows\system32\DRIVERS\NETwNs32.sys [7518208 2013-06-18] (Intel Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [39280 2013-11-15] (Synaptics Incorporated)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [84800 2014-09-22] (Microsoft Corporation)
R0 Wof; C:\Windows\system32\Drivers\Wof.sys [138584 2014-03-13] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 14:56 - 2014-11-16 14:56 - 00008592 _____ () C:\Users\Mineas\Desktop\FRST.txt
2014-11-16 14:55 - 2014-11-16 14:56 - 00000000 ____D () C:\FRST
2014-11-16 14:54 - 2014-11-16 14:53 - 01108992 _____ (Farbar) C:\Users\Mineas\Desktop\FRST.exe
2014-11-16 14:21 - 2014-11-16 14:46 - 00068793 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 00:59 - 2014-11-16 00:34 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-16 00:35 - 2014-11-16 01:00 - 00009344 _____ () C:\zoek-results.log
2014-11-16 00:34 - 2014-11-16 00:56 - 00000000 ____D () C:\zoek_backup
2014-11-13 16:56 - 2014-09-22 03:40 - 00219968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-13 16:56 - 2014-09-22 03:40 - 00084800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-13 16:56 - 2014-09-22 03:39 - 00029688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-13 16:56 - 2014-09-02 23:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-13 16:55 - 2014-10-13 03:37 - 00108864 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-13 16:55 - 2014-10-11 01:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 16:55 - 2014-10-10 03:28 - 00148288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 16:55 - 2014-10-10 03:28 - 00022848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-13 16:55 - 2014-10-10 03:12 - 00478776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-13 16:55 - 2014-10-08 07:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 16:55 - 2014-10-08 07:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 16:55 - 2014-10-08 07:48 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-13 16:55 - 2014-10-08 07:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-13 16:55 - 2014-10-08 07:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-13 16:55 - 2014-10-08 07:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-13 16:55 - 2014-10-08 06:48 - 01117696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 16:55 - 2014-10-08 06:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-13 16:55 - 2014-10-08 06:16 - 02975232 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-13 16:55 - 2014-10-07 04:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 16:55 - 2014-10-07 04:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 16:55 - 2014-10-07 04:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 16:55 - 2014-10-07 04:33 - 00213344 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-13 16:55 - 2014-10-07 04:33 - 00107376 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 16:55 - 2014-10-07 03:45 - 03558400 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 16:55 - 2014-10-07 02:36 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-13 16:55 - 2014-10-07 02:31 - 00694272 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 16:54 - 2014-10-31 04:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 16:51 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-13 16:51 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 16:51 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-13 16:51 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-13 16:51 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 16:51 - 2014-10-31 04:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 16:51 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 16:51 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 16:51 - 2014-10-31 04:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-13 16:51 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 16:51 - 2014-10-31 04:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 16:51 - 2014-10-31 04:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 16:51 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 16:51 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 16:51 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-13 16:51 - 2014-10-31 04:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 16:51 - 2014-10-31 04:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-13 16:51 - 2014-10-31 04:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 16:51 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 16:51 - 2014-10-31 04:12 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 16:51 - 2014-10-31 04:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 16:51 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-13 16:51 - 2014-10-31 04:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 16:51 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 16:51 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-13 16:51 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-13 16:51 - 2014-10-31 03:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-13 16:51 - 2014-10-31 03:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 16:51 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 16:51 - 2014-10-31 03:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 16:51 - 2014-10-31 03:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-13 16:51 - 2014-10-31 03:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 16:51 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-13 16:51 - 2014-10-31 03:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 16:51 - 2014-10-31 03:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-13 16:51 - 2014-10-31 03:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-13 16:51 - 2014-10-31 03:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 16:51 - 2014-10-31 03:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 16:51 - 2014-10-31 03:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 16:51 - 2014-10-31 03:39 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 16:51 - 2014-10-31 03:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 16:51 - 2014-10-31 03:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-13 16:51 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-13 16:51 - 2014-10-31 03:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 16:51 - 2014-10-31 03:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 16:51 - 2014-10-31 03:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 16:50 - 2014-10-23 06:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 16:50 - 2014-10-17 07:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 16:50 - 2014-09-27 06:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-13 16:50 - 2014-09-27 04:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 16:50 - 2014-09-27 04:12 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-13 16:50 - 2014-08-23 06:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 16:49 - 2014-09-10 07:18 - 00333632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-13 16:49 - 2014-09-08 03:33 - 01858368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-13 16:49 - 2014-09-08 03:33 - 00286528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-13 16:49 - 2014-09-07 23:07 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-13 16:49 - 2014-09-04 23:29 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-13 16:49 - 2014-09-04 23:20 - 00839168 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-13 16:49 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-13 16:49 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-13 16:49 - 2014-09-04 01:11 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\WofTasks.dll
2014-11-13 16:49 - 2014-08-31 00:00 - 00120640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-13 16:49 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-13 16:49 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-13 16:49 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-13 16:49 - 2014-08-28 03:16 - 05783872 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-13 16:49 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-13 16:49 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-13 16:49 - 2014-08-23 05:47 - 02151936 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-13 16:49 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-13 16:48 - 2014-10-18 09:49 - 00048496 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-13 16:48 - 2014-10-18 08:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-13 16:48 - 2014-10-18 08:25 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-13 16:48 - 2014-10-18 07:29 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-13 16:48 - 2014-10-18 07:16 - 02946560 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-13 16:48 - 2014-10-18 07:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-13 16:48 - 2014-10-18 07:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-13 16:48 - 2014-10-18 07:12 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-13 16:48 - 2014-10-18 07:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-13 16:48 - 2014-10-18 07:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-13 16:48 - 2014-10-18 07:08 - 01653248 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-11 06:42 - 2014-11-13 21:33 - 00000000 ____D () C:\rsit
2014-11-10 15:38 - 2014-11-10 15:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-09 16:03 - 2014-11-09 16:03 - 00001327 _____ () C:\Users\Mineas\Desktop\Windows Media Player.lnk
2014-11-01 12:24 - 2014-11-01 12:24 - 00000000 ____D () C:\Users\Mineas\AppData\Roaming\dvdcss
2014-10-19 10:09 - 2014-10-19 10:09 - 00001177 _____ () C:\Users\Mineas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner.lnk
2014-10-17 10:25 - 2014-10-17 10:25 - 00000000 ____D () C:\Users\Mineas\AppData\Local\Microsoft Help

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-16 14:32 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-16 14:26 - 2014-06-22 17:10 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-16 14:23 - 2014-07-01 20:03 - 00000000 ____D () C:\Program Files\trend micro
2014-11-16 14:22 - 2014-05-31 11:44 - 00000000 ___DO () C:\Users\Mineas\OneDrive
2014-11-16 14:21 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\system32\sru
2014-11-16 01:00 - 2013-08-22 08:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-16 01:00 - 2013-08-22 07:13 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-11-16 00:22 - 2014-07-01 21:09 - 00000000 ____D () C:\AdwCleaner
2014-11-15 18:34 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\rescache
2014-11-15 15:54 - 2014-03-18 08:56 - 01745984 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-15 15:39 - 2014-06-01 10:30 - 00000000 ____D () C:\Users\Mineas\AppData\Roaming\vlc
2014-11-14 15:04 - 2013-08-22 08:22 - 00474712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 15:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\Windows\ToastData
2014-11-14 15:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 15:01 - 2013-08-22 09:17 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 15:01 - 2013-08-22 09:17 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 12:56 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-14 10:20 - 2014-05-31 15:49 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-14 10:20 - 2013-08-22 09:05 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-14 10:04 - 2014-05-31 15:49 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 10:22 - 2014-05-31 13:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-12 12:35 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-09 22:32 - 2014-06-01 07:06 - 00000000 ____D () C:\Users\Mineas\AppData\Roaming\FileZilla
2014-11-01 12:28 - 2014-05-31 11:42 - 00000000 ____D () C:\Users\Mineas\AppData\Local\VirtualStore
2014-10-30 23:27 - 2014-06-02 03:23 - 00000000 ____D () C:\Program Files\Opera
2014-10-30 22:32 - 2014-06-01 07:10 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2014-10-30 22:32 - 2014-06-01 07:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-10-30 12:24 - 2014-05-31 12:04 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-30 01:55 - 2014-08-16 15:01 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-10-30 01:55 - 2014-08-16 15:01 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-10-23 06:29 - 2014-09-25 14:28 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-21 00:19 - 2014-05-31 11:42 - 00000000 ____D () C:\Users\Mineas
2014-10-19 10:16 - 2014-08-17 21:42 - 00000000 ____D () C:\Users\Mineas\AppData\Local\Adobe
2014-10-17 08:50 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\WinStore
2014-10-17 08:50 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\MediaViewer
2014-10-17 08:50 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\FileManager
2014-10-17 08:50 - 2013-08-22 09:17 - 00000000 ____D () C:\Windows\Camera

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-07 09:23

==================== End Of Log ============================

Mineas · #10 Příspěvek od **Mineas** » 16 lis 2014 15:01

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-11-2014 01
Ran by Mineas at 2014-11-16 14:57:46
Running from C:\Users\Mineas\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Age of Wonders II (HKLM\...\Age of Wonders II) (Version: - )
Canon IJ Network Scanner Selector EX (HKLM\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG6400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6400_series) (Version: 1.01 - Canon Inc.)
Canon MG6400 series On-screen Manual (HKLM\...\Canon MG6400 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
FBReader for Windows (HKLM\...\FBReader for Windows) (Version: - )
FileZilla Client 3.9.0.6 (HKLM\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: - )
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Klipfolio (remove only) (HKLM\...\Klipfolio) (Version: - )
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.06.0007 - Lenovo)
Metric Collection SDK (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (Version: 1.2.0001.00 - Lenovo Group Limited) Hidden
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 cs) (HKLM\...\Mozilla Firefox 33.1 (x86 cs)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
NexusFont 2.5 (ver 2.5.8.1582) (HKLM\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 25.0.1614.68 (HKLM\...\Opera 25.0.1614.68) (Version: 25.0.1614.68 - Opera Software ASA)
Photo Common (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Registrace uživatele zařízení Canon MG6400 series (HKLM\...\Registrace uživatele zařízení Canon MG6400 series) (Version: - ‭Canon Inc.)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ThinkVantage Password Manager (HKLM\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.50.7.0 - Lenovo Group Limited)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Word Reader 5.5 (HKLM\...\Word Reader 5.5) (Version: - http://www.word-reader.com/)
XLS Reader (HKLM\...\{30D6D257-BE4B-48F2-8D9E-E787A52A0738}_is1) (Version: 1.0 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2347017163-1340875117-3922147388-1001_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\Mineas\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2347017163-1340875117-3922147388-1001_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\Mineas\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2347017163-1340875117-3922147388-1001_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\Mineas\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2347017163-1340875117-3922147388-1001_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\Mineas\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-2347017163-1340875117-3922147388-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mineas\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points =========================

31-10-2014 14:25:40 Naplánovaný kontrolní bod
08-11-2014 13:03:41 Naplánovaný kontrolní bod
13-11-2014 07:56:08 Windows Update
15-11-2014 23:35:53 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:13 - 2014-11-16 00:36 - 00000753 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {072F7E08-4371-4A4F-AC77-3E40CED48FFF} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-2347017163-1340875117-3922147388-1001
Task: {1D38A98D-2E0F-4958-9AC4-AAD92E34FA2C} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files\Lenovo\System Update\tvsuShim.exe [2014-04-24] ()
Task: {1E63D94F-3F97-46E3-A64B-50414180837E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {1F53EC69-40C0-4805-ADD0-B798431C74AB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-14] (Microsoft Corporation)
Task: {2B54C247-8A7F-4A20-B7FB-6F618BF023DF} - System32\Tasks\TVT\LenovoWERMonitor => C:\Program Files\Common Files\lenovo\SUP\sup_wermonitor.exe [2014-03-14] (Microsoft)
Task: {2C64CBFC-92F0-49C7-B656-82A6A7042F3F} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-02-13] (Lenovo)
Task: {4B003DD6-771A-4DAA-9353-9ED6818DB29D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {5C2003E4-6824-4093-B34C-52C8457F3990} - System32\Tasks\Microsoft Office 15 Sync Maintenance for NB_MINEAS-Mineas NB_mineas => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
Task: {7252AA1A-5DF5-42E4-AC5F-044E6209F57E} - System32\Tasks\Opera scheduled Autoupdate 1401675906 => C:\Program Files\Opera\launcher.exe [2014-10-29] (Opera Software)
Task: {78E6A63A-B882-4C94-86E8-FD13A2DC97DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {857E4881-1120-4430-91C1-35BB9047ACBE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)
Task: {99FEC9A0-48D6-4D2A-BEAF-E3F94338CCD1} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2347017163-1340875117-3922147388-1001 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {9B68471B-E0A2-40EC-8180-B39BC5464B4B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {AE337AAC-C747-4B57-A3FA-A8857784BF8A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 35 => C:\Program Files\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-05-30] (Lenovo)
Task: {D0709662-3968-422D-9EBE-0563DA2AFC7E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {F4B217D6-0C07-4383-B275-CAE13480AB97} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-11-15] (Synaptics Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-09-25 14:28 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2010-07-04 22:32 - 2010-07-04 22:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2014-09-25 14:29 - 2014-09-25 14:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00035328 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00091648 _____ () C:\Program Files\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 17:41 - 2014-05-24 17:41 - 00892416 _____ () C:\Program Files\FileZilla FTP Client\libstdc++-6.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Mineas\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2347017163-1340875117-3922147388-500 - Administrator - Disabled)
Guest (S-1-5-21-2347017163-1340875117-3922147388-501 - Limited - Disabled)
Mineas (S-1-5-21-2347017163-1340875117-3922147388-1001 - Administrator - Enabled) => C:\Users\Mineas

==================== Faulty Device Manager Devices =============

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/15/2014 11:56:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program WINWORD.EXE verze 15.0.4657.1000 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 15ac

Čas spuštění: 01d000e3d836bd93

Čas ukončení: 0

Cesta k aplikaci: C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE

ID hlášení: 8b2b4c20-6d1a-11e4-9734-00269eab52e9

Úplný název chybujícího balíčku:

ID aplikace související s chybujícím balíčkem:

Error: (11/13/2014 09:55:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LiveComm.exe verze 17.5.9600.20605 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1354

Čas spuštění: 01cfff1e8bc69757

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exe

ID hlášení: d8de0505-6b12-11e4-9732-00269eab52e9

Úplný název chybujícího balíčku: microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe

ID aplikace související s chybujícím balíčkem: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/13/2014 08:56:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (11/13/2014 08:50:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LiveComm.exe verze 17.5.9600.20605 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1610

Čas spuštění: 01cfff156d0e9da8

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exe

ID hlášení: ba04eefd-6b09-11e4-9732-00269eab52e9

Úplný název chybujícího balíčku: microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe

ID aplikace související s chybujícím balíčkem: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/13/2014 01:06:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LiveComm.exe verze 17.5.9600.20605 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 988

Čas spuštění: 01cffed4916b80a0

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exe

ID hlášení: de705740-6ac8-11e4-9732-00269eab52e9

Úplný název chybujícího balíčku: microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe

ID aplikace související s chybujícím balíčkem: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/13/2014 01:00:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program wwahost.exe verze 6.3.9600.17031 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1b58

Čas spuštění: 01cffed4827ed228

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\system32\wwahost.exe

ID hlášení: 0853b580-6ac8-11e4-9732-00269eab52e9

Úplný název chybujícího balíčku: Microsoft.BingWeather_3.0.4.214_x86__8wekyb3d8bbwe

ID aplikace související s chybujícím balíčkem: App

Error: (11/13/2014 01:00:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: NB_MINEAS)
Description: Balíček Microsoft.BingWeather_3.0.4.214_x86__8wekyb3d8bbwe+App se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (11/13/2014 00:06:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LiveComm.exe verze 17.5.9600.20605 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1ef0

Čas spuštění: 01cffecc2fa6c1e3

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exe

ID hlášení: 7cb1671c-6ac0-11e4-9732-00269eab52e9

Úplný název chybujícího balíčku: microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe

ID aplikace související s chybujícím balíčkem: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 11:03:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LiveComm.exe verze 17.5.9600.20605 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1dcc

Čas spuštění: 01cffec3cde74896

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exe

ID hlášení: c197e3cc-6ab7-11e4-9732-00269eab52e9

Úplný název chybujícího balíčku: microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe

ID aplikace související s chybujícím balíčkem: ppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 10:04:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LiveComm.exe verze 17.5.9600.20605 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 850

Čas spuštění: 01cffebb6c2b3d0e

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exe

ID hlášení: 5fe1dcb3-6aaf-11e4-9732-00269eab52e9

Úplný název chybujícího balíčku: microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe

ID aplikace související s chybujícím balíčkem: ppleae38af2e007f4358a809ac99a64a67c1

System errors:
=============
Error: (11/16/2014 02:59:49 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (11/16/2014 02:59:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici

Error: (11/16/2014 01:19:13 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 5

Error: (11/16/2014 00:56:45 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 00:56:44 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 00:56:44 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 00:56:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/16/2014 00:56:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (11/15/2014 05:16:00 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (11/15/2014 00:44:28 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Microsoft Office Sessions:
=========================
Error: (11/15/2014 11:56:35 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WINWORD.EXE15.0.4657.100015ac01d000e3d836bd930C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE8b2b4c20-6d1a-11e4-9734-00269eab52e9

Error: (11/13/2014 09:55:43 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20605135401cfff1e8bc697574294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exed8de0505-6b12-11e4-9732-00269eab52e9microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/13/2014 08:56:21 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.

Error: (11/13/2014 08:50:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.20605161001cfff156d0e9da84294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exeba04eefd-6b09-11e4-9732-00269eab52e9microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/13/2014 01:06:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2060598801cffed4916b80a04294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exede705740-6ac8-11e4-9732-00269eab52e9microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/13/2014 01:00:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.170311b5801cffed4827ed2284294967295C:\Windows\system32\wwahost.exe0853b580-6ac8-11e4-9732-00269eab52e9Microsoft.BingWeather_3.0.4.214_x86__8wekyb3d8bbweApp

Error: (11/13/2014 01:00:09 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: NB_MINEAS)
Description: Microsoft.BingWeather_3.0.4.214_x86__8wekyb3d8bbwe+App

Error: (11/13/2014 00:06:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206051ef001cffecc2fa6c1e34294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exe7cb1671c-6ac0-11e4-9732-00269eab52e9microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 11:03:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.206051dcc01cffec3cde748964294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exec197e3cc-6ab7-11e4-9732-00269eab52e9microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (11/12/2014 10:04:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: LiveComm.exe17.5.9600.2060585001cffebb6c2b3d0e4294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbwe\LiveComm.exe5fe1dcb3-6aaf-11e4-9732-00269eab52e9microsoft.windowscommunicationsapps_17.5.9600.20605_x86__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

CodeIntegrity Errors:
===================================
Date: 2014-11-15 19:23:26.459
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-15 19:23:26.441
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-15 19:14:25.018
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-15 19:14:24.991
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-15 19:14:24.928
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-15 19:14:24.911
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-15 19:14:24.900
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-15 19:14:24.889
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-15 19:14:24.830
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2014-11-15 19:14:24.799
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
Percentage of memory in use: 37%
Total physical RAM: 1912.86 MB
Available physical RAM: 1195.33 MB
Total Pagefile: 3832.86 MB
Available Pagefile: 3000.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 1864.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.56 GB) (Free:68.13 GB) NTFS
Drive d: () (Fixed) (Total:200.43 GB) (Free:66.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 88E32763)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=200.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

#11 Příspěvek od **altrok** » 16 lis 2014 15:19

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
C:\Program Files\Enigma Software Group
C:\Windows\System32\Tasks\SpyHunter4Startup
C:\Users\Mineas\AppData\Roaming\Enigma Software Group
C:\sh4ldr
C:\Windows\system32\Drivers\EsgScanner.sys
HKLM\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope value is missing.
2014-11-16 00:59 - 2014-11-16 00:34 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-16 00:35 - 2014-11-16 01:00 - 00009344 _____ () C:\zoek-results.log
2014-11-16 00:34 - 2014-11-16 00:56 - 00000000 ____D () C:\zoek_backup
2014-11-16 14:23 - 2014-07-01 20:03 - 00000000 ____D () C:\Program Files\trend micro
Hosts:
EmptyTemp:
End

Mineas · #12 Příspěvek od **Mineas** » 17 lis 2014 01:25

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-11-2014 01
Ran by Mineas at 2014-11-17 00:40:27 Run:1
Running from C:\Users\Mineas\Desktop
Loaded Profile: Mineas (Available profiles: Mineas)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
C:\Program Files\Enigma Software Group
C:\Windows\System32\Tasks\SpyHunter4Startup
C:\Users\Mineas\AppData\Roaming\Enigma Software Group
C:\sh4ldr
C:\Windows\system32\Drivers\EsgScanner.sys
HKLM\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope value is missing.
2014-11-16 00:59 - 2014-11-16 00:34 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-11-16 00:35 - 2014-11-16 01:00 - 00009344 _____ () C:\zoek-results.log
2014-11-16 00:34 - 2014-11-16 00:56 - 00000000 ____D () C:\zoek_backup
2014-11-16 14:23 - 2014-07-01 20:03 - 00000000 ____D () C:\Program Files\trend micro
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
"C:\Program Files\Enigma Software Group" => File/Directory not found.
"C:\Windows\System32\Tasks\SpyHunter4Startup" => File/Directory not found.
"C:\Users\Mineas\AppData\Roaming\Enigma Software Group" => File/Directory not found.
"C:\sh4ldr" => File/Directory not found.
"C:\Windows\system32\Drivers\EsgScanner.sys" => File/Directory not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 16.8 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

#13 Příspěvek od **altrok** » 17 lis 2014 01:26

Vyborne, jak se pocitac chova ted? Je urcite zlepseni?

Mineas · #14 Příspěvek od **Mineas** » 17 lis 2014 13:15

Minimálně se vypíná rychleji a prohlížeče reagují dobře. Zlepšení rozhodně znatelné.

#15 Příspěvek od **altrok** » 17 lis 2014 14:53

Takze jeste uklidime.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

A pokud nejsou dotazy ci jine problemy, je to ode mne vse.

VIRY.CZ

Preventivní kontrola

Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Log AdwCleaneru

Re: Preventivní kontrola

Zoek Log

Re: Preventivní kontrola

FRST log

Addition

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola