Preventivní kontrola

Zpráva

honzikp · #1 Příspěvek od **honzikp** » 02 úno 2015 10:54

Dobrý den, chtěl bych Vás poprosit o preventivní kontrolu.
Děkuji H.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Jan at 2015-02-02 10:52:11
Microsoft Windows 8.1
System drive C: has 757 GB (82%) free of 927 GB
Total RAM: 8092 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:52:20, on 2. 2. 2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\windows\system32\spool\DRIVERS\x64\3\CNABFSWK.EXE
C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
C:\Windows\jmesoft\hotkey.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
C:\Users\Jan\AppData\Local\CloudStation\app\bin\cloud-ui.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Users\Jan\AppData\Local\CloudStation\app\bin\cloud-connect.exe
C:\Users\Jan\AppData\Local\CloudStation\app\bin\cloud-daemon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jan.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [jmekey] C:\windows\jmesoft\hotkey.exe
O4 - HKLM\..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe
O4 - HKLM\..\Run: [LVT] C:\Program Files\Lenovo\LVT\LJYZ.exe 1
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Zoner Photo Studio Service 16] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXEC:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe"
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [AirDroid 3] C:\Program Files (x86)\AirDroid\AirDroid.exe /start
O4 - HKCU\..\Run: [SafeInCloud] "C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Synology Cloud Station.lnk = C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8611E31-8784-40F8-AD95-FFB3F5A88C20}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: JME Keyboard Driver (JME Keyboard) - Unknown owner - C:\Windows\jmesoft\Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo System Agent Service - LENOVO INCORPORATED. - C:\Program Files\Lenovo\iMController\SystemAgentService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: LSCWinService - Unknown owner - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool9 (NitroDriverReadSpool9) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\windows\SysWOW64\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Update SourceApp - Unknown owner - C:\Program Files (x86)\SourceApp\updateSourceApp.exe (file missing)
O23 - Service: Util SourceApp - Unknown owner - C:\Program Files (x86)\SourceApp\bin\utilSourceApp.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13451 bytes

======Listing Processes======

wininit.exe

C:\windows\system32\lsass.exe
winlogon.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
"dwm.exe"
"C:\windows\system32\nvvsvc.exe"
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\windows\system32\nvvsvc.exe -session
C:\windows\system32\igfxCUIService.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 894274372096
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
\??\C:\windows\system32\conhost.exe 0x4
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\afwServ.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe"
"C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe"
"C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
"C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe"
dashost.exe {1d9ce6e9-4b1f-45f0-a8469aaa7089c7fa}
"C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\jmesoft\Service.exe
"C:\Program Files\Lenovo\iMController\SystemAgentService.exe"
"C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe"
C:\windows\SysWOW64\NLSSRV32.EXE
"C:\Program Files\CyberLink\Shared files\RichVideo64.exe"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe"
"C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-60dbfbc9-24da-4ce9-a3f4-295a21458aa1 -SystemEventPortName:HostProcess-7803c500-8368-4162-8ec0-8dd1103c8996 -IoCancelEventPortName:HostProcess-f5f756b7-3ac8-4c89-ae17-082fe9a3cfa2 -NonStateChangingEventPortName:HostProcess-27c0004f-bf16-4a63-a3a5-4b6688c3bbd2 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:1d8547af-404d-4202-ba3f-91c944435dcc -DeviceGroupId:WudfDefaultDevicePool
C:\windows\System32\svchost.exe -k LocalServicePeerNet
ngservice.exe pipeserver
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\Explorer.EXE
"C:\Program Files (x86)\TeamViewer\TeamViewer.exe"
igfxEM.exe
"C:\Program Files (x86)\TeamViewer\tv_w32.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
"C:\Program Files (x86)\TeamViewer\tv_x64.exe" --action hooks --log C:\Program Files (x86)\TeamViewer\TeamViewer10_Logfile.log
ClassicStartMenu.exe -startup
igfxHK.exe
igfxTray.exe
C:\windows\system32\SearchIndexer.exe /Embedding
C:\Windows\System32\skydrive.exe -Embedding
"C:\Program Files\Dolby Digital Plus\ddp.exe" -autostart
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE4
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /LENOVO_MICPKEY
"C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE"
C:\windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\windows\system32\spool\DRIVERS\x64\3\CNABFSWK.EXE !hide Canon LBP6020
"C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe" /auto-start
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe"
"C:\Windows\jmesoft\hotkey.exe"
"C:\Windows\jmesoft\JME_LOAD.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe"
"C:\Users\Jan\AppData\Local\CloudStation\app\bin\cloud-ui.exe"
"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
C:\Users\Jan\AppData\Local\CloudStation\app\bin\cloud-connect.exe --log_folder log --info_folder .
C:\windows\system32\wbem\unsecapp.exe -Embedding
\??\C:\windows\system32\conhost.exe 0x4
C:\Users\Jan\AppData\Local\CloudStation\app\bin\cloud-daemon.exe C:/Users/Jan/AppData/Local/CloudStation/data/config/client.conf 1024
\??\C:\windows\system32\conhost.exe 0x4
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe" /showasync
"C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --profile-directory="Profile 5"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="6188.0.1147204048\1836627604" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,18,39 --gpu-vendor-id=0x8086 --gpu-device-id=0x0412 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=10.18.10.3960 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/EmbeddedSearch/Group15 pct:1f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/EthersuggestPrefixControl/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_83/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6188.2.876811904\1309364246" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/EmbeddedSearch/Group15 pct:1f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/EthersuggestPrefixControl/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_83/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6188.3.2071071142\1600333284" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/EmbeddedSearch/Group15 pct:1f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/EthersuggestPrefixControl/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_83/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6188.5.1979800753\1175571886" /prefetch:673131151
"C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/EmbeddedSearch/Group15 pct:1f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/EthersuggestPrefixControl/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_83/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6188.32.1997916847\1958652225" /prefetch:673131151
"C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE" /Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --enable-deferred-image-decoding --lang=cs --force-fieldtrials="BrowserBlacklist/Enabled/ChromeSuggestions/Default/EmbeddedSearch/Group15 pct:1f stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/EnhancedBookmarks/Default/ExtensionContentVerification/Enforce/ExtensionInstallVerification/Enforce/GCM/Enabled/GoogleNow/Enable/MaterialDesignNTP/Default/NewProfileManagement/NewAvatarMenu/OmniboxBundledExperimentV1/EthersuggestPrefixControl/PasswordGeneration/Disabled/QUIC/Disabled/RememberCertificateErrorDecisions/Default/SPDY/Spdy31Enabled-default/SRTPromptFieldTrial/Default/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-Population-Restrict/normal/UMA-Uniformity-Trial-1-Percent/group_83/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --enable-pinch --device-scale-factor=1 --enable-delegated-renderer --enable-impl-side-painting --num-raster-threads=1 --channel="6188.55.1386002628\1311829440" /prefetch:673131151
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe18_ Global\UsGthrCtrlFltPipeMssGthrPipe18 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568

"C:\Users\Jan\Desktop\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\h3yhp6wi.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.31.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 16.0.0.296 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\h3yhp6wi.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\h3yhp6wi.default\searchplugins\
google-avast.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}]
Lync Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2014-12-23 218784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20 803520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-18 705448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}]
Microsoft SkyDrive Pro Browser Helper - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2014-12-23 2334928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20 483520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}]
ExplorerBHO Class - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20 683200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-12-18 586968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24 172968]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}]
ClassicIEBHO Class - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20 440512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20 803520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{553891B7-A0D5-4526-BE18-D3CE461D6310} - Classic Explorer Bar - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20 683200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2014-10-03 457616]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe []
"Persistence"=C:\windows\system32\igfxpers.exe []
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-10-24 13662936]
"RtHDVBg_Dolby"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-11-13 1368792]
"RtHDVBg_LENOVO_MICPKEY"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2013-11-13 1368792]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2013-11-04 36352]
"Classic Start Menu"=C:\Program Files\Classic Shell\ClassicStartMenu.exe [2014-04-20 161984]
"CNAP2 Launcher"=C:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [2010-10-15 226784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Zoner Photo Studio Service 16"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-06-16 833024]
"Zoner Photo Studio Autoupdate"=C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [2014-06-16 833024]
"AirDroid 3"=C:\Program Files (x86)\AirDroid\AirDroid.exe /start []
"SafeInCloud"=C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [2015-01-06 2585600]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2015-01-15 23308256]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2014-03-04 3696912]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"jmekey"=C:\windows\jmesoft\hotkey.exe [2013-07-24 118784]
"jmesoft"=C:\Windows\jmesoft\ServiceLoader.exe [2011-08-17 28672]
"LVT"=C:\Program Files\Lenovo\LVT\LJYZ.exe [2011-11-24 886112]
"CLMLServer"=C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [2009-12-05 103720]
"UpdateP2GoShortCut"=C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [2011-12-07 214312]
"RemoteControl10"=C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [2013-03-08 95192]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2015-01-23 5227112]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AVer HID Receiver.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe

C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Synology Cloud Station.lnk - C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxdev.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcpltsvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"SoftwareSASGeneration"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0x00000003

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=iyuv_32.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave5"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave6"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2015-02-02 10:52:11 ----D---- C:\rsit
2015-02-02 10:52:11 ----D---- C:\Program Files\trend micro
2015-01-27 19:12:00 ----A---- C:\windows\system32\drivers\{8dc666b5-f370-4f22-8558-6a137d48eead}Gw64.sys
2015-01-27 19:05:12 ----D---- C:\Program Files (x86)\SourceApp
2015-01-27 19:04:27 ----A---- C:\windows\system32\drivers\dtsoftbus01.sys
2015-01-27 19:04:22 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2015-01-14 17:03:47 ----A---- C:\windows\system32\profsvc.dll
2015-01-14 17:03:46 ----A---- C:\windows\system32\TSWbPrxy.exe
2015-01-14 17:03:44 ----A---- C:\windows\system32\drivers\mrxdav.sys
2015-01-14 17:03:43 ----A---- C:\windows\SYSWOW64\nlaapi.dll
2015-01-14 17:03:43 ----A---- C:\windows\system32\nlasvc.dll
2015-01-14 17:03:43 ----A---- C:\windows\system32\nlaapi.dll
2015-01-14 17:03:43 ----A---- C:\windows\system32\ncsi.dll
2015-01-14 17:03:43 ----A---- C:\windows\system32\drivers\ahcache.sys
2015-01-14 17:03:41 ----A---- C:\windows\SYSWOW64\WerFault.exe
2015-01-14 17:03:41 ----A---- C:\windows\SYSWOW64\wer.dll
2015-01-14 17:03:41 ----A---- C:\windows\SYSWOW64\Faultrep.dll
2015-01-14 17:03:41 ----A---- C:\windows\system32\WerFault.exe
2015-01-14 17:03:41 ----A---- C:\windows\system32\wer.dll
2015-01-14 17:03:41 ----A---- C:\windows\system32\Faultrep.dll
2015-01-14 17:03:41 ----A---- C:\windows\system32\AudioEndpointBuilder.dll
2015-01-14 17:03:40 ----A---- C:\windows\SYSWOW64\wermgr.exe
2015-01-14 17:03:40 ----A---- C:\windows\SYSWOW64\WerFaultSecure.exe
2015-01-14 17:03:40 ----A---- C:\windows\system32\wermgr.exe
2015-01-14 17:03:40 ----A---- C:\windows\system32\WerFaultSecure.exe
2015-01-14 17:03:40 ----A---- C:\windows\system32\EncDump.dll
2015-01-14 17:03:40 ----A---- C:\windows\system32\ci.dll
2015-01-14 17:03:39 ----A---- C:\windows\SYSWOW64\werdiagcontroller.dll
2015-01-14 17:03:39 ----A---- C:\windows\SYSWOW64\AudioSes.dll
2015-01-14 17:03:39 ----A---- C:\windows\SYSWOW64\AUDIOKSE.dll
2015-01-14 17:03:39 ----A---- C:\windows\SYSWOW64\AudioEng.dll
2015-01-14 17:03:39 ----A---- C:\windows\system32\AudioSes.dll
2015-01-14 17:03:39 ----A---- C:\windows\system32\AUDIOKSE.dll
2015-01-14 17:03:39 ----A---- C:\windows\system32\AudioEng.dll
2015-01-14 17:03:38 ----A---- C:\windows\system32\werdiagcontroller.dll
2015-01-14 17:03:38 ----A---- C:\windows\system32\audiodg.exe
2015-01-14 17:03:37 ----A---- C:\windows\system32\audiosrv.dll
2015-01-10 12:55:14 ----D---- C:\Program Files (x86)\TeamViewer
2015-01-10 12:43:23 ----D---- C:\Program Files (x86)\Safe In Cloud

======List of files/folders modified in the last 1 month======

2015-02-02 10:52:16 ----D---- C:\windows\Prefetch
2015-02-02 10:52:11 ----RD---- C:\Program Files
2015-02-02 10:34:55 ----D---- C:\Users\Jan\AppData\Roaming\ClassicShell
2015-02-02 10:26:35 ----D---- C:\windows\Temp
2015-02-02 10:00:00 ----D---- C:\windows\system32\sru
2015-02-02 09:18:52 ----D---- C:\windows\Inf
2015-02-02 09:18:52 ----AD---- C:\windows\System32
2015-02-02 09:18:52 ----A---- C:\windows\system32\PerfStringBackup.INI
2015-01-31 17:50:36 ----D---- C:\windows\Microsoft.NET
2015-01-31 17:44:25 ----D---- C:\Program Files (x86)\Opera
2015-01-29 17:14:42 ----RD---- C:\Program Files (x86)
2015-01-29 17:05:42 ----D---- C:\windows\system32\catroot
2015-01-28 20:25:21 ----D---- C:\Users\Jan\AppData\Roaming\vlc
2015-01-28 19:50:24 ----D---- C:\windows\system32\config
2015-01-28 19:41:33 ----HD---- C:\ProgramData
2015-01-28 19:22:24 ----A---- C:\windows\win.ini
2015-01-28 09:48:22 ----D---- C:\windows\WinSxS
2015-01-28 09:46:44 ----D---- C:\windows\system32\catroot2
2015-01-28 09:41:52 ----D---- C:\windows\system32\Tasks
2015-01-28 09:40:34 ----D---- C:\windows\system32\DriverStore
2015-01-28 09:37:02 ----D---- C:\windows\CbsTemp
2015-01-28 09:36:56 ----D---- C:\windows\SysWOW64
2015-01-28 09:36:17 ----SHD---- C:\System Volume Information
2015-01-27 20:11:58 ----D---- C:\windows\system32\GroupPolicy
2015-01-27 19:12:00 ----D---- C:\windows\system32\drivers
2015-01-26 18:27:05 ----SHD---- C:\windows\Installer
2015-01-26 18:27:02 ----D---- C:\Program Files (x86)\Google
2015-01-24 21:20:40 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2015-01-24 18:13:41 ----D---- C:\ProgramData\Oracle
2015-01-24 18:13:36 ----D---- C:\Program Files (x86)\Java
2015-01-24 18:13:24 ----D---- C:\Program Files (x86)\Common Files
2015-01-24 18:13:09 ----A---- C:\windows\SYSWOW64\WindowsAccessBridge-32.dll
2015-01-23 13:37:23 ----HD---- C:\Program Files\WindowsApps
2015-01-23 13:37:23 ----D---- C:\windows\AppReadiness
2015-01-21 15:36:28 ----D---- C:\windows\LiveKernelReports
2015-01-18 10:20:52 ----D---- C:\Users\Jan\AppData\Roaming\LSC
2015-01-18 10:07:43 ----SD---- C:\ProgramData\Microsoft
2015-01-18 10:04:34 ----D---- C:\windows\system32\NDF
2015-01-17 17:57:09 ----SHD---- C:\$Recycle.Bin
2015-01-14 21:01:26 ----D---- C:\windows\system32\CodeIntegrity
2015-01-14 21:01:25 ----D---- C:\windows\system32\MRT
2015-01-14 20:58:00 ----A---- C:\windows\system32\MRT.exe
2015-01-14 16:35:19 ----D---- C:\Megarapid
2015-01-12 18:21:49 ----D---- C:\Users\Jan\AppData\Roaming\TeamViewer
2015-01-11 20:52:22 ----D---- C:\windows\Tasks
2015-01-10 12:55:18 ----RSD---- C:\windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdisFlt;@oem27.inf,%AfwDescriptionFree%;Avast! Firewall Driver; C:\windows\system32\DRIVERS\aswNdisFlt.sys [2014-12-18 449936]
R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2014-12-18 65776]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2014-12-18 267632]
R0 iaStorA;iaStorA; C:\windows\System32\drivers\iaStorA.sys [2013-11-04 632168]
R1 aswKbd;aswKbd; C:\windows\system32\drivers\aswKbd.sys [2014-12-18 28184]
R1 aswRdr;aswRdr; C:\windows\system32\drivers\aswRdr2.sys [2014-12-18 93568]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2014-12-18 1050432]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2014-12-18 436624]
R1 dtsoftbus01;@oem35.inf,%DTSoftBus.SVCDESC%;DAEMON Tools Virtual Bus Driver; C:\windows\System32\drivers\dtsoftbus01.sys [2015-01-27 283064]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\windows\system32\DRIVERS\vwififlt.sys [2014-04-30 71680]
R2 aswHwid;avast! HardwareID; C:\windows\system32\drivers\aswHwid.sys [2014-12-18 29208]
R2 aswMonFlt;aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [2014-12-18 83280]
R2 aswStm;aswStm; C:\windows\system32\drivers\aswStm.sys [2014-12-18 116728]
R2 VBoxAswDrv;VBoxAsw Support Driver; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-12-18 271752]
R3 AVerPola;@oem7.inf,%ServiceDescription%;AVerMedia USB Polaris Series Capture Service; C:\windows\system32\DRIVERS\AVerPola.sys [2013-06-28 845824]
R3 AVPolDIR;@oem6.inf,%ServiceDescription%;AVerMedia USB Polaris Series DIR Service; C:\windows\System32\drivers\AVPolDIR.sys [2013-06-28 7168]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2014-10-03 4753336]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2013-11-15 3718488]
R3 iwdbus;@oem4.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\windows\System32\drivers\iwdbus.sys [2014-09-19 27000]
R3 MEIx64;@oem22.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface ; C:\windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-12 99288]
R3 nvlddmkm;nvlddmkm; C:\windows\system32\DRIVERS\nvlddmkm.sys [2014-03-27 12691232]
R3 RSP2STOR;@oem18.inf,%Rts5229%;Realtek PCIE CardReader Driver - P2; C:\windows\system32\DRIVERS\RtsP2Stor.sys [2013-07-05 290008]
R3 RTL8168;@oem20.inf,%rtl8168.Service.DispName%;Realtek 8168 NT Driver; C:\windows\system32\DRIVERS\Rt630x64.sys [2013-07-26 827096]
R3 RTWlanE;@oem19.inf,%RTWlanE.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n PCI-E Network Adapter; C:\windows\system32\DRIVERS\rtwlane.sys [2013-08-21 2944216]
R3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2013-12-13 121088]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\windows\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vmuacflt;@oem21.inf,%vmuacflt.SrvDesc%;Vimicro USB Audio Filter; C:\windows\System32\Drivers\vmuacflt.sys [2013-04-23 15872]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\windows\system32\DRIVERS\vwifimp.sys [2014-04-30 38912]
S3 dg_ssudbus;@oem37.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 108800]
S3 e1iexpress;@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I; C:\windows\system32\DRIVERS\e1i63x64.sys [2013-06-18 460288]
S3 intaud_WaveExtensible;@oem3.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\windows\system32\drivers\intelaud.sys [2014-09-19 38264]
S3 IntcDAud;@oem1.inf,%IntcDAud.SvcDesc%;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2014-02-20 450520]
S3 NETwNe64;@netwew00.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit; C:\windows\system32\DRIVERS\NETwew00.sys [2013-07-08 3344352]
S3 ssudmdm;@oem40.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.); C:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 206080]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-12-19 81088]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-12-18 50344]
R2 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-12-18 104416]
R2 AVerRemote;AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2013-06-26 368640]
R2 AVerScheduleService;AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2013-08-16 772096]
R2 ClickToRunSvc;Služba Microsoft Office ClickToRun; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2014-11-12 2449592]
R2 Dashboard Service;Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [2013-08-09 25184]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-11-04 15720]
R2 IdeaTouch.LocalDataServer.Education;IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [2012-05-17 7680]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service; C:\windows\system32\igfxCUIService.exe [2014-10-03 329104]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-05-12 733696]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2013-09-12 169432]
R2 JME Keyboard;JME Keyboard Driver; C:\Windows\jmesoft\Service.exe [2011-08-17 32768]
R2 Lenovo System Agent Service;Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [2014-11-21 584960]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2013-09-12 390616]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [2013-12-13 230920]
R2 nlsX86cc;Nalpeiron Licensing Service; C:\windows\SysWOW64\NLSSRV32.EXE [2013-12-13 69640]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2014-03-27 925128]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2014-03-27 1365448]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2013-05-14 390632]
R2 TeamViewer;TeamViewer 10; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-01-30 5429520]
R3 AvastVBoxSvc;AvastVBox COM Service; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-12-18 4012248]
R3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-22 43696]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17 107912]
S2 Update SourceApp;Update SourceApp; C:\Program Files (x86)\SourceApp\updateSourceApp.exe []
S2 Util SourceApp;Util SourceApp; C:\Program Files (x86)\SourceApp\bin\utilSourceApp.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24 267440]
S3 cphs;Intel(R) Content Protection HECI Service; C:\windows\SysWow64\IntelCpHeciSvc.exe [2014-10-03 279952]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17 107912]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-05-12 822232]
S3 LSCWinService;LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [2014-10-16 272776]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-26 114800]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-12-13 150600]

-----------------EOF-----------------

#2 Příspěvek od **altrok** » 02 úno 2015 12:29

Zdravim

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/ (nebo http://www.bleepingcomputer.com/download/adwcleaner/ )

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Clean
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

honzikp · #3 Příspěvek od **honzikp** » 02 úno 2015 13:39

# AdwCleaner v4.109 - Report created 02/02/2015 at 13:24:38
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Jan - LENOVO-HONZA
# Running from : C:\Users\Jan\Desktop\adwcleaner_4.109.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Update SourceApp
[#] Service Deleted : Util SourceApp
Service Deleted : {8dc666b5-f370-4f22-8558-6a137d48eead}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Amazon\ABB
Folder Deleted : C:\Program Files (x86)\SourceApp
Folder Deleted : C:\Users\Jan\AppData\Local\Temp\SourceApp
Folder Deleted : C:\Users\Jan\AppData\Local\Updater
Folder Deleted : C:\Users\Jan\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Jan\AppData\Roaming\RHEng
File Deleted : C:\windows\System32\drivers\{8dc666b5-f370-4f22-8558-6a137d48eead}Gw64.sys
File Deleted : C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\h3yhp6wi.default\user.js

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v34.0.5 (x86 cs)

-\\ Google Chrome v40.0.2214.93

-\\ Opera v27.0.1689.54

*************************

AdwCleaner[R0].txt - [2181 octets] - [02/02/2015 13:20:27]
AdwCleaner[S0].txt - [2138 octets] - [02/02/2015 13:24:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2198 octets] ##########

#4 Příspěvek od **altrok** » 02 úno 2015 15:07

Dejte log FRST.txt, prilozte i Addition.txt - http://forum.viry.cz/viewtopic.php?f=30&t=133101

honzikp · #5 Příspěvek od **honzikp** » 02 úno 2015 15:45

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Jan (administrator) on LENOVO-HONZA on 02-02-2015 15:43:40
Running from C:\Users\Jan\Desktop
Loaded Profiles: UpdatusUser & Jan (Available profiles: UpdatusUser & Jan)
Platform: Windows 8.1 (X64) OS Language: Angličtina (Spojené státy)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(AVerMedia) C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
() C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft) C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft) C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\jmesoft\Service.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
() C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dolby Laboratories Inc.) C:\Program Files\Dolby Digital Plus\ddp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNAP2RPK.EXE
(CANON INC.) C:\Windows\System32\spool\drivers\x64\3\CNABFSWK.EXE
() C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
(Lenovo) C:\Windows\jmesoft\hotkey.exe
() C:\Windows\jmesoft\JME_LOAD.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(Synology Inc.) C:\Users\Jan\AppData\Local\CloudStation\app\bin\cloud-ui.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synology Inc.) C:\Users\Jan\AppData\Local\CloudStation\app\bin\cloud-connect.exe
(Synology Inc.) C:\Users\Jan\AppData\Local\CloudStation\app\bin\cloud-daemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Jan\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-04] (Intel Corporation)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [CNAP2 Launcher] => C:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [226784 2010-10-15] (CANON INC.)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo)
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] ()
HKLM-x32\...\Run: [LVT] => C:\Program Files\Lenovo\LVT\LJYZ.exe [886112 2011-11-24] (Lenovo)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-05] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-23] (AVAST Software)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3382074861-2756563583-1283812587-1001\...\Policies\Explorer: [NoDrives] 0x00000003
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Run: [Zoner Photo Studio Service 16] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSService.exe [27648 2014-06-16] ()
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Run: [AirDroid 3] => C:\Program Files (x86)\AirDroid\AirDroid.exe /start
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Run: [SafeInCloud] => C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe [2585600 2015-01-06] ()
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308256 2015-01-15] (Google)
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Policies\Explorer: [NoDrives] 0x00000003
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\MountPoints2: {b10dcb58-a64d-11e4-826b-18cf5e5835d1} - "E:\Setup.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AVer HID Receiver.lnk
ShortcutTarget: AVer HID Receiver.lnk -> C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe ()
Startup: C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station.lnk
ShortcutTarget: Synology Cloud Station.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3382074861-2756563583-1283812587-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3382074861-2756563583-1283812587-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-3382074861-2756563583-1283812587-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3382074861-2756563583-1283812587-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002 -> {10E10DB2-5E75-4F8D-A347-064404C40F0E} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{F8611E31-8784-40F8-AD95-FFB3F5A88C20}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\h3yhp6wi.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\h3yhp6wi.default\searchplugins\google-avast.xml
FF Extension: DownloadHelper - C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\h3yhp6wi.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-18]

Chrome:
=======
CHR HomePage: Profile 5 -> hxxp://www.google.cz/
CHR StartupUrls: Profile 5 -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Profile 5 -> google.cz_
CHR DefaultSuggestURL: Profile 5 -> https://www.google.com/complete/search? ... earchTerms}
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SourceApp) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\imbgpkjmflneoofikpcpiilpkjebkfla [2015-01-27]
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5
CHR Extension: (Angry Birds) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-12-18]
CHR Extension: (Dokumenty Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17]
CHR Extension: (Disk Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-26]
CHR Extension: (Snooker) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\bjohiacoelemalmancnccjggomjnkfod [2014-12-18]
CHR Extension: (Avast Online Security) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-19]
CHR Extension: (SafeInCloud Password Manager) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lchdigjbcmdgcfeijpfkpadacbijihjl [2014-12-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-26]
CHR Extension: (Kontrola e-mailu Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2014-12-18]
CHR Extension: (Peněženka Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-12-18]
CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 5\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17]
CHR Profile: C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 6
CHR Extension: (Prezentace Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-18]
CHR Extension: (Dokumenty Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18]
CHR Extension: (Disk Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-18]
CHR Extension: (YouTube) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-18]
CHR Extension: (Vyhledávání Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-18]
CHR Extension: (Avast SafePrice) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-12-27]
CHR Extension: (Tabulky Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-18]
CHR Extension: (Avast Online Security) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-18]
CHR Extension: (Peněženka Google) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-18]
CHR Extension: (Gmail) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Profile 6\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-18]
CHR HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Jan\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-26]
CHR HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-18] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-18] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-18] (Avast Software)
R2 AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [368640 2013-06-26] (AVerMedia) [File not signed]
R2 AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [772096 2013-08-16] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Dashboard Service; C:\Program Files (x86)\Lenovo\Lenovo Dashboard\DdMgr.exe [25184 2013-08-09] (Microsoft) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-04] (Intel Corporation)
R2 IdeaTouch.LocalDataServer.Education; C:\Program Files (x86)\Lenovo\EducationPortal\Services\IdeaTouch.LocalDataServer.Education.exe [7680 2012-05-17] (Microsoft) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-12] (Intel Corporation)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed]
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-11-21] (LENOVO INCORPORATED.)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 NitroDriverReadSpool9; C:\Program Files\Common Files\Nitro\Pro\9.0\NitroPDFDriverService9x64.exe [230920 2013-12-13] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2013-05-14] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-18] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-18] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-18] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-18] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-18] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-18] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-18] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-18] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-18] ()
R3 AVerPola; C:\Windows\system32\DRIVERS\AVerPola.sys [845824 2013-06-28] (AVerMedia TECHNOLOGIES, Inc.)
R3 AVPolDIR; C:\Windows\System32\drivers\AVPolDIR.sys [7168 2013-06-28] (AVerMedia TECHNOLOGIES, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-01-27] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-12] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-05] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2944216 2013-08-21] (Realtek Semiconductor Corporation )
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-18] (Avast Software)
R3 vmuacflt; C:\Windows\System32\Drivers\vmuacflt.sys [15872 2013-04-23] (Vimicro Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 15:43 - 2015-02-02 15:44 - 00026929 _____ () C:\Users\Jan\Desktop\FRST.txt
2015-02-02 15:43 - 2015-02-02 15:43 - 00000000 ____D () C:\FRST
2015-02-02 15:42 - 2015-02-02 15:42 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Desktop\FRSTLauncher.exe
2015-02-02 15:40 - 2015-02-02 15:40 - 02131456 _____ (Farbar) C:\Users\Jan\Desktop\FRST64.exe
2015-02-02 13:40 - 2015-02-02 13:40 - 00000197 _____ () C:\windows\system32\2015-02-02-12-40-08.096-AvastVBoxSVC.exe-3144.log
2015-02-02 13:39 - 2015-02-02 13:39 - 00000000 ___HD () C:\Users\Jan\.SynologyWorkingDirectory
2015-02-02 13:36 - 2015-02-02 13:36 - 00000000 ___RD () C:\Users\Jan\OneDrive
2015-02-02 13:28 - 2015-02-02 13:28 - 00000197 _____ () C:\windows\system32\2015-02-02-12-28-09.074-AvastVBoxSVC.exe-3192.log
2015-02-02 13:20 - 2015-02-02 13:24 - 00000000 ____D () C:\AdwCleaner
2015-02-02 13:19 - 2015-02-02 13:19 - 02194432 _____ () C:\Users\Jan\Desktop\adwcleaner_4.109.exe
2015-02-02 10:52 - 2015-02-02 10:52 - 00000000 ____D () C:\rsit
2015-02-02 10:52 - 2015-02-02 10:52 - 00000000 ____D () C:\Program Files\trend micro
2015-02-02 10:51 - 2015-02-02 10:51 - 01222144 _____ () C:\Users\Jan\Desktop\RSITx64.exe
2015-02-02 09:03 - 2015-02-02 09:04 - 00000197 _____ () C:\windows\system32\2015-02-02-08-03-46.094-AvastVBoxSVC.exe-3572.log
2015-02-02 08:51 - 2015-02-02 08:51 - 00000000 ____D () C:\Users\Jan\AppData\Local\TeamViewer
2015-01-31 17:39 - 2015-01-31 17:40 - 00000197 _____ () C:\windows\system32\2015-01-31-16-39-52.021-AvastVBoxSVC.exe-3448.log
2015-01-29 17:07 - 2015-01-29 17:07 - 00000197 _____ () C:\windows\system32\2015-01-29-16-07-00.014-AvastVBoxSVC.exe-3120.log
2015-01-28 19:43 - 2015-01-28 19:43 - 00000197 _____ () C:\windows\system32\2015-01-28-18-43-44.010-AvastVBoxSVC.exe-4032.log
2015-01-28 19:41 - 2015-01-28 19:41 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-28 06:42 - 2015-02-02 13:47 - 00004980 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for LENOVO-HONZA-Jan Lenovo-Honza
2015-01-28 06:42 - 2015-01-28 06:44 - 00000000 ____D () C:\Users\Jan\Documents\Vlastní šablony Office
2015-01-27 19:04 - 2015-01-27 19:04 - 00283064 _____ (Disc Soft Ltd) C:\windows\system32\Drivers\dtsoftbus01.sys
2015-01-27 19:04 - 2015-01-27 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-01-27 19:04 - 2015-01-27 19:04 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2015-01-26 18:32 - 2015-01-26 18:32 - 00001254 _____ () C:\Users\Jan\Desktop\EU Vzdelavani – zástupce.lnk
2015-01-26 18:27 - 2015-01-26 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-26 18:26 - 2015-01-26 18:26 - 00880784 _____ (Google Inc.) C:\Users\Jan\Downloads\googledrivesync.exe
2015-01-22 13:55 - 2015-01-22 14:13 - 00000000 ____D () C:\Users\Jan\Šikovné ruce 2015
2015-01-21 14:36 - 2015-01-21 14:36 - 00247808 _____ () C:\Users\Jan\Downloads\294541-priznani-k-dani-z-nemovitych-veci-2015-interaktivni-formular.xls
2015-01-20 16:43 - 2015-01-20 16:43 - 00000197 _____ () C:\windows\system32\2015-01-20-15-43-39.012-AvastVBoxSVC.exe-4988.log
2015-01-15 17:00 - 2015-01-15 17:01 - 00000197 _____ () C:\windows\system32\2015-01-15-16-00-34.048-AvastVBoxSVC.exe-2920.log
2015-01-14 17:03 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 17:03 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 17:03 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ahcache.sys
2015-01-14 17:03 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 17:03 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2015-01-14 17:03 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-01-14 17:03 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2015-01-14 17:03 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\windows\system32\Faultrep.dll
2015-01-14 17:03 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\windows\SysWOW64\Faultrep.dll
2015-01-14 17:03 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-01-14 17:03 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\windows\system32\WerFaultSecure.exe
2015-01-14 17:03 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFaultSecure.exe
2015-01-14 17:03 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2015-01-14 17:03 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 17:03 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2015-01-14 17:03 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2015-01-14 17:03 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\windows\system32\wermgr.exe
2015-01-14 17:03 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-01-14 17:03 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-01-14 17:03 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-01-14 17:03 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-01-14 17:03 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2015-01-14 17:03 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wermgr.exe
2015-01-14 17:03 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-01-14 17:03 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-01-14 17:03 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-01-14 17:03 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\werdiagcontroller.dll
2015-01-14 17:03 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\werdiagcontroller.dll
2015-01-14 17:03 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\nlaapi.dll
2015-01-14 17:03 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-01-14 17:03 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-13 20:30 - 2015-01-13 20:30 - 00000000 ____D () C:\Users\Jan\AppData\Local\Macromedia
2015-01-12 18:46 - 2015-01-12 18:46 - 00001477 _____ () C:\Users\Public\Desktop\PS James edition.lnk
2015-01-12 18:45 - 2015-01-12 18:45 - 00000000 ____D () C:\Users\Jan\Desktop\Instalačka PS James
2015-01-11 20:52 - 2015-02-02 15:06 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 20:52 - 2015-01-24 21:06 - 00003802 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-11 17:51 - 2015-01-11 17:51 - 00010568 _____ () C:\Users\Jan\cc_20150111_175147.reg
2015-01-10 15:08 - 2015-01-10 15:09 - 00000000 ____D () C:\Users\Jan\_IT
2015-01-10 15:08 - 2015-01-10 15:08 - 00000000 ____D () C:\Users\Jan\Nová složka (2)
2015-01-10 14:16 - 2015-01-10 14:16 - 08178968 _____ (TeamViewer) C:\Users\Jan\Downloads\TeamViewer_Host_Setup.exe
2015-01-10 12:55 - 2015-02-02 08:51 - 00000994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-01-10 12:55 - 2015-02-02 08:51 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-01-10 12:54 - 2015-01-10 12:54 - 07722096 _____ (TeamViewer GmbH) C:\Users\Jan\Downloads\TeamViewer_Setup_cs.exe
2015-01-10 12:43 - 2015-01-10 12:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safe In Cloud
2015-01-10 12:43 - 2015-01-10 12:43 - 00000000 ____D () C:\Program Files (x86)\Safe In Cloud

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-02 15:09 - 2014-06-20 22:53 - 01120728 _____ () C:\windows\WindowsUpdate.log
2015-02-02 15:00 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\sru
2015-02-02 14:57 - 2014-12-17 22:52 - 00000972 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 13:51 - 2014-06-20 23:46 - 00739704 _____ () C:\windows\system32\perfh005.dat
2015-02-02 13:51 - 2014-06-20 23:46 - 00151944 _____ () C:\windows\system32\perfc005.dat
2015-02-02 13:51 - 2013-08-31 16:40 - 01749406 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-02 13:45 - 2014-12-18 09:07 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4AD1C5FD-2621-4E15-BD18-D260C5AAC759}
2015-02-02 13:43 - 2014-12-17 22:52 - 00000968 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 13:43 - 2013-08-22 15:45 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-02 13:39 - 2014-12-18 09:02 - 00000000 ___RD () C:\Users\Jan
2015-02-02 13:38 - 2014-12-28 20:03 - 00000000 ___RD () C:\Users\Jan\Disk Google
2015-02-02 13:38 - 2014-12-18 09:05 - 00000000 ___DO () C:\Users\Jan\SkyDrive
2015-02-02 13:37 - 2013-08-22 15:46 - 00041618 _____ () C:\windows\setupact.log
2015-02-02 13:25 - 2013-08-31 16:36 - 00486098 _____ () C:\windows\PFRO.log
2015-02-02 12:29 - 2014-12-18 09:03 - 00000000 ____D () C:\Users\Jan\AppData\Local\Packages
2015-02-02 11:06 - 2014-12-18 12:07 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\ClassicShell
2015-02-02 09:10 - 2014-12-18 09:10 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3382074861-2756563583-1283812587-1002
2015-02-02 09:04 - 2014-12-28 10:22 - 00000000 ____D () C:\Users\Jan\AppData\Local\CloudStation
2015-02-02 08:45 - 2014-12-24 09:47 - 00000000 ____D () C:\Users\Jan\AppData\Local\CrashDumps
2015-01-31 17:44 - 2014-12-24 08:56 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-01-31 17:14 - 2014-12-18 19:05 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-01-29 17:05 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\BBI
2015-01-28 20:25 - 2014-12-20 21:38 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\vlc
2015-01-28 19:22 - 2013-08-22 14:25 - 00000226 _____ () C:\windows\win.ini
2015-01-28 09:41 - 2014-12-24 09:40 - 00003838 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1419407857
2015-01-28 09:41 - 2014-12-24 08:57 - 00001068 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-01-28 09:37 - 2013-08-22 16:20 - 00000000 ____D () C:\windows\CbsTemp
2015-01-28 08:54 - 2014-12-27 16:29 - 00001162 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-27 20:11 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\GroupPolicy
2015-01-27 19:41 - 2014-12-24 09:52 - 00000000 ____D () C:\Users\Jan\Documents\My Games
2015-01-27 14:40 - 2014-12-28 20:02 - 00000000 ____D () C:\Users\Jan\Ceník služeb
2015-01-26 18:27 - 2014-12-18 11:52 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2015-01-26 18:27 - 2014-12-18 11:52 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-25 10:26 - 2014-12-28 20:22 - 00000000 ____D () C:\Users\Jan\Kniha jízd SLUŽEBNÍ
2015-01-24 21:20 - 2013-08-22 16:38 - 00714720 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-24 21:20 - 2013-08-22 16:38 - 00106976 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 18:13 - 2014-12-20 18:34 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-24 18:13 - 2014-12-20 18:34 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-24 18:13 - 2014-12-20 18:33 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-24 14:07 - 2014-12-28 19:59 - 00000000 ____D () C:\Users\Jan\AAA
2015-01-23 13:37 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\AppReadiness
2015-01-21 15:36 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\LiveKernelReports
2015-01-21 06:39 - 2015-01-02 13:12 - 00000000 ____D () C:\Users\Jan\Documents\AirDroid
2015-01-18 21:42 - 2015-01-01 19:18 - 00000000 ____D () C:\Users\Jan\AppData\Local\JDownloader v2.0
2015-01-18 17:33 - 2014-12-28 20:34 - 00000000 ____D () C:\Users\Jan\Volkswagen Touran (Golf)
2015-01-18 10:20 - 2014-12-18 09:18 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LSC
2015-01-18 10:04 - 2013-08-22 16:36 - 00000000 ____D () C:\windows\system32\NDF
2015-01-17 17:07 - 2014-12-28 20:25 - 00000000 ____D () C:\Users\Jan\Platby obcí
2015-01-15 16:59 - 2013-08-22 15:44 - 00391048 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-14 21:01 - 2014-12-18 09:59 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 20:58 - 2014-12-18 09:59 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 20:58 - 2013-08-22 14:25 - 00262144 ___SH () C:\windows\system32\config\ELAM
2015-01-14 16:35 - 2014-12-22 18:13 - 00000000 ____D () C:\Megarapid
2015-01-13 20:29 - 2014-12-28 20:01 - 00000000 ____D () C:\Users\Jan\Avast licence
2015-01-13 20:27 - 2014-12-18 19:10 - 00002430 _____ () C:\Users\Jan\Desktop\Jan - Chrome.lnk
2015-01-12 18:21 - 2014-12-20 21:56 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TeamViewer
2015-01-11 20:53 - 2014-12-18 09:18 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2015-01-11 10:29 - 2014-12-22 18:12 - 00001096 _____ () C:\Users\Jan\AppData\Local\MRDownloader.nast
2015-01-10 18:46 - 2014-12-18 10:42 - 00000000 ____D () C:\Users\Jan\AppData\Local\AVerMedia TV Player
2015-01-10 15:42 - 2014-12-22 18:16 - 00029171 _____ () C:\Users\Jan\AppData\Local\MRDownloader.err
2015-01-10 12:42 - 2014-12-18 12:39 - 00000000 ____D () C:\Users\Jan\AppData\Local\Downloaded Installations
2015-01-10 12:41 - 2014-12-28 19:59 - 00000000 ____D () C:\Users\Jan\2011_03_21

==================== Files in the root of some directories =======

2014-12-23 08:38 - 2014-12-23 08:44 - 0037047 _____ () C:\Users\Jan\AppData\Roaming\Hodnoty oddělené čárkami.ADR
2014-12-22 18:16 - 2015-01-10 15:42 - 0029171 _____ () C:\Users\Jan\AppData\Local\MRDownloader.err
2014-12-22 18:12 - 2015-01-11 10:29 - 0001096 _____ () C:\Users\Jan\AppData\Local\MRDownloader.nast
2014-12-18 09:03 - 2014-12-18 09:05 - 0000193 _____ () C:\Users\Jan\AppData\Local\RegisteredPackageInformation.xml
2014-06-20 22:56 - 2014-06-20 22:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Users\Jan\cc_20140124_200237.reg
C:\Users\Jan\cc_20141013_131326.reg
C:\Users\Jan\cc_20141115_183826.reg
C:\Users\Jan\cc_20141229_071650.reg
C:\Users\Jan\cc_20150111_175147.reg

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\130646098409275900.exe
C:\Users\Jan\AppData\Local\Temp\13064609844090431297.exe
C:\Users\Jan\AppData\Local\Temp\bitool.dll
C:\Users\Jan\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Jan\AppData\Local\Temp\LenovoExperienceImprovement.exe
C:\Users\Jan\AppData\Local\Temp\proxy_vole774804041442892303.dll
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe
C:\Users\Jan\AppData\Local\Temp\SafeInCloud_Setup.exe
C:\Users\Jan\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-28 09:35

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:739.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Available physical RAM: 5784.09 MB
Total physical RAM: 8092.27 MB
Percentage of memory in use: 28%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 931.5 GB) (Disk ID: EAEC9A0C)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Jan\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Jan\SkyDrive:ms-properties

==================== Security Center ==================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jan\Desktop" je 661 MB.

***** Startup Programs *****

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

honzikp · #6 Příspěvek od **honzikp** » 02 úno 2015 15:46

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Jan at 2015-02-02 15:44:21
Running from C:\Users\Jan\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced IP Scanner 2.4 (HKLM-x32\...\{221C4218-4414-4275-AF04-748DF4BF48D3}) (Version: 2.4.2526 - Famatech)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVerMedia H334 MiniCard HID 10.2.64.91 (HKLM-x32\...\AVerMedia H334 MiniCard HID) (Version: 10.2.64.91 - AVerMedia TECHNOLOGIES, Inc.)
AVerMedia TV Player (HKLM-x32\...\InstallShield_{DFD1F64D-2AF0-4CE2-9752-D701E80F8D1C}) (Version: 1.8.0 - AVerMedia Technologies, Inc.)
AVerMedia TV Player (x32 Version: 1.8.0 - AVerMedia Technologies, Inc.) Hidden
Canon LBP6020 (HKLM\...\Canon LBP6020) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
CODEXIS CLOUD (HKLM-x32\...\CDRPD2_is1) (Version: - ATLAS consulting, spol. s r.o.)
Comparing (HKLM-x32\...\InstallShield_{233EE2F2-EDA8-4C70-ABC3-D656D67D2CD5}) (Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd)
Comparing (x32 Version: 1.00.2012.0921 - Tong child Research & Planning Co.,Ltd) Hidden
CyberLink MediaStory (HKLM-x32\...\InstallShield_{55762F9A-FCE3-45d5-817B-051218658423}) (Version: 1.0.1314 - CyberLink Corp.)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dependency Package Update (Version: 1.6.30.00 - Lenovo Inc.) Hidden
Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden
Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Driver & Application Installation (HKLM-x32\...\{BFECCF2A-F094-4066-8BFA-29CCBB7F6602}) (Version: 6.13.0621 - Lenovo)
EducationPortal (HKLM-x32\...\{65487538-FF20-421B-91DB-F6634B8D264C}) (Version: 5.00.012.0903 - Lenovo)
F1 2014 (HKLM-x32\...\RjEyMDE0_is1) (Version: 1 - )
Find the Differences (HKLM-x32\...\InstallShield_{EAA04F6D-6E10-4267-B824-C35D3B9E0155}) (Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd)
Find the Differences (x32 Version: 1.00.2012.0920 - Tong child Research & Planning Co.,Ltd) Hidden
Finding the Letters (HKLM-x32\...\InstallShield_{535FB733-FFCF-4460-8694-664A2F6C53B4}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Finding the Letters (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
FlacSquisher 1.3.4 (HKLM-x32\...\FlacSquisher) (Version: 1.3.4 - FlacSquisher)
Fruits (HKLM-x32\...\InstallShield_{AA39BFDE-71E5-46A6-A10B-44C2F45A341E}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Fruits (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Google Drive (HKLM-x32\...\{65EACBB4-B0B8-4A5B-AE46-22DBE15C70B5}) (Version: 1.19.8406.6504 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.8.1000 - Intel Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Lenovo Assistant (HKLM-x32\...\{B2DE4F30-B8C7-49C0-85B9-2F37A5290F00}) (Version: 2.0.0.29 - Lenovo)
Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo)
Lenovo Dashboard (HKLM-x32\...\{FEF1833C-244C-4DF2-AB67-1E1D26921ED8}) (Version: 2.0.0.18 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.32.00 - Lenovo Group Limited)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.19.0 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.7408 - CyberLink Corp.)
Lenovo Power2Go (x32 Version: 6.0.7408 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5723.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5723.52 - CyberLink Corp.) Hidden
Lenovo Rescue System (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 4.0.0.1901 - CyberLink Corp.)
Lenovo Rescue System (Version: 4.0.0.1901 - CyberLink Corp.) Hidden
Lenovo SoftAP (HKLM-x32\...\{F5A08FAD-697C-4952-9E7D-F741CD42F069}) (Version: 1.0.0.13 - Realtek)
Lenovo Solution Center (HKLM\...\{4C2B6F96-3AED-4E3F-8DCE-917863D1E6B1}) (Version: 2.7.003.00 - Lenovo Group Limited)
Lenovo USB2.0 UVC Camera (HKLM-x32\...\{70D2C5B8-EB22-45B1-9EAA-5E8C1C408A3B}) (Version: 1.00.0000 - Vimicro Corporation)
LVT (HKLM-x32\...\{9E3469A6-443A-452C-BF44-8D7CE3A9A7E2}) (Version: 5.00.0914 - Lenovo)
Mammals (HKLM-x32\...\InstallShield_{ACA58CEB-2F74-4095-ADB6-4C1BFB170F64}) (Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd)
Mammals (x32 Version: 1.00.2012.0809 - Tong child Research & Planning Co.,Ltd) Hidden
Matching Roles (HKLM-x32\...\InstallShield_{92736E44-7608-4D80-9333-E40C82B7E8B3}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
Matching Roles (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Microsoft Office 2013 pro podnikatele - cs-cz (HKLM\...\HomeBusinessRetail - cs-cz) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 cs) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 cs)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Nitro Pro 9 (HKLM\...\{70B831B7-A8EE-4C5F-8F34-F383D24B3A04}) (Version: 9.0.5.9 - Nitro)
NVIDIA Ovladače grafiky 332.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Opera Stable 27.0.1689.54 (HKLM-x32\...\Opera 27.0.1689.54) (Version: 27.0.1689.54 - Opera Software ASA)
Ovládací panel NVIDIA 332.92 (Version: 332.92 - NVIDIA Corporation) Hidden
Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version: - Synology)
PowerCare 1.00 (HKLM-x32\...\PowerCare_is1) (Version: - Petr Zajíc - software)
PS James edition (HKLM-x32\...\Pečovatelská služba James edition_is1) (Version: - Petr Zajíc - software)
Puzzle (HKLM-x32\...\InstallShield_{6EB7ECE3-E3BE-481D-821B-F1AFFA244D64}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
Puzzle (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7093 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0224 - )
SafeInCloud Password Manager (HKLM-x32\...\{F7550BF2-A34E-443D-AD76-5CB3D9A7AD94}) (Version: 3.0 - Andrey Shcherbakov)
sudoku (HKLM-x32\...\InstallShield_{8C4715DF-8AC9-4F0A-8E35-F9B4CF318FF1}) (Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd)
sudoku (x32 Version: 1.00.2012.0807 - Tong child Research & Planning Co.,Ltd) Hidden
Synology Cloud Station (HKLM-x32\...\{102406C7-6BD4-47AA-A858-A54C7002E32E}) (Version: 3.1.3320 - Synology)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)
timer (HKLM-x32\...\InstallShield_{9CC4B8EE-A96B-4800-B674-0CF8B4560F45}) (Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd)
timer (x32 Version: 1.00.2012.0512 - Tong child Research & Planning Co.,Ltd) Hidden
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 8.51 - Ghisler Software GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_CZ_is1) (Version: 16.0.1.7 - ZONER software)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

14-01-2015 20:57:32 Windows Update
23-01-2015 13:36:48 Windows Update
28-01-2015 09:35:23 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0AB60BFD-47A3-45E9-B364-13C91B474F55} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2014-12-19] (Lenovo)
Task: {15721A75-9852-4594-B6A0-434BA09D86F8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-10-16] (Lenovo)
Task: {2364A569-D2BD-4B37-B6CA-6B33939C6C21} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2014-10-16] (Lenovo)
Task: {48770445-677E-4297-9216-705CE5795DA0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {67DD427B-976A-4805-8308-269F95B32D10} - System32\Tasks\Opera scheduled Autoupdate 1419407857 => C:\Program Files (x86)\Opera\launcher.exe [2015-01-23] (Opera Software)
Task: {7284410F-DFC1-4097-8C45-0E876C55ECCB} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2014-10-16] ()
Task: {87E6CB2A-7C5F-4070-B72E-02528775F4BA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {89EDF457-5676-4C99-9097-EB8D3509ECC2} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-24] (Adobe Systems Incorporated)
Task: {9087D0AF-F9E2-4027-88B7-2BF007F5A23C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {96EFE7A2-E284-496A-BD51-55AC89F3A1FD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-18] (AVAST Software)
Task: {98E43D7A-B2EE-49C7-9CCE-1D9D53A31723} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LENOVO-HONZA-Jan Lenovo-Honza => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-12-23] (Microsoft Corporation)
Task: {A5075F27-1685-4476-9E56-F4FC41C5EBC6} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe [2013-09-09] (Dolby Laboratories Inc.)
Task: {BAFEC30D-42E4-494E-919A-1FB3049AD15E} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2014-10-16] ()
Task: {D1E3759D-33F0-4343-8CE3-34220EB6CDF9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {E34D8980-6F51-447B-AB4F-73901CE22BDD} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2014-11-21] ()
Task: {E5836713-46F7-44DB-8DFB-95263118BCE8} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-11-21] (Lenovo)
Task: {F70F8A06-1611-43A5-B154-2C78F186E509} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-17] (Google Inc.)
Task: {FCD30D7D-6F78-4DB1-843B-B0E06FA5BCAF} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2014-10-16] (Lenovo)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-20 22:54 - 2014-03-27 15:48 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-20 23:16 - 2013-08-16 08:15 - 00772096 _____ () C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
2014-12-23 13:01 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-20 22:57 - 2011-08-17 04:46 - 00032768 _____ () C:\Windows\jmesoft\Service.exe
2014-06-20 23:13 - 2013-05-14 19:53 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2014-12-18 19:05 - 2014-12-18 19:05 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-18 19:05 - 2014-12-18 19:05 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-11-25 04:22 - 2014-11-25 04:22 - 00035328 _____ () C:\Program Files (x86)\Synology\Photo Station Uploader\ShellExtHandler.dll
2014-12-28 10:23 - 2014-12-28 10:23 - 00726528 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\icon-overlay\10\x64\ContextMenu.dll
2014-02-21 08:34 - 2014-10-03 17:36 - 00457616 _____ () C:\windows\system32\igfxTray.exe
2013-09-09 13:13 - 2013-09-09 13:13 - 00050904 _____ () C:\Program Files\Dolby Digital Plus\Dolby.DDP.Controls_Desktop.dll
2015-01-06 08:24 - 2015-01-06 08:24 - 02585600 _____ () C:\Program Files (x86)\Safe In Cloud\SafeInCloud.exe
2014-06-20 23:16 - 2013-08-23 10:24 - 00163840 _____ () C:\Program Files (x86)\Common Files\AVerMedia\AVerHIDReceiver\AVerHIDReceiver.exe
2014-06-20 22:57 - 2011-08-17 04:46 - 00024576 _____ () C:\Windows\jmesoft\JME_LOAD.exe
2015-02-02 09:03 - 2015-02-02 09:03 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020200\algo.dll
2014-12-18 19:05 - 2014-12-18 19:05 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-06-20 23:16 - 2012-06-09 11:33 - 00053248 _____ () C:\Program Files (x86)\Common Files\AVerMedia\dll\MsgLog.DLL
2015-02-02 13:38 - 2015-02-02 13:38 - 00098816 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32api.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00110080 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\pywintypes27.dll
2015-02-02 13:38 - 2015-02-02 13:38 - 00364544 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\pythoncom27.dll
2015-02-02 13:38 - 2015-02-02 13:38 - 00045568 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\_socket.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 01160704 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\_ssl.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00320512 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32com.shell.shell.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00713216 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\_hashlib.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 01175040 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\wx._core_.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00805888 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\wx._gdi_.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00811008 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\wx._windows_.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 01062400 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\wx._controls_.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00735232 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\wx._misc_.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00557056 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\pysqlite2._sqlite.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00128512 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\_elementtree.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00127488 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\pyexpat.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00087552 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\_ctypes.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00119808 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32file.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00108544 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32security.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00007168 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\hashobjs_ext.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00167936 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32gui.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00018432 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32event.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00038912 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32inet.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00011264 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32crypt.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00070656 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\wx._html2.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00027136 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\_multiprocessing.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00035840 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32process.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00686080 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\unicodedata.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00122368 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\wx._wizard.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00024064 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32pipe.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00025600 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32pdh.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00525640 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\windows._lib_cacheinvalidation.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00010240 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\select.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00017408 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32profile.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00022528 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\win32ts.pyd
2015-02-02 13:38 - 2015-02-02 13:38 - 00078336 _____ () C:\Users\Jan\AppData\Local\Temp\_MEI60002\wx._animate.pyd
2014-06-20 22:57 - 2011-05-17 21:27 - 00028672 _____ () C:\Windows\jmesoft\hidhook.dll
2009-12-05 00:59 - 2009-12-05 00:59 - 00619816 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMediaLibrary.dll
2009-12-05 01:04 - 2009-12-05 01:04 - 00013096 _____ () C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvcPS.dll
2014-12-28 10:23 - 2014-12-28 10:23 - 02339179 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\libcurl-4.dll
2014-12-28 10:23 - 2014-12-28 10:23 - 02822396 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\libsqlite3-0.dll
2014-12-28 10:23 - 2014-12-28 10:23 - 00112142 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\libgcc_s_dw2-1.dll
2014-12-28 10:23 - 2014-12-28 10:23 - 01000974 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\libstdc++-6.dll
2014-12-28 10:22 - 2014-12-28 10:23 - 01820468 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\icuuc53.dll
2014-12-28 10:23 - 2014-12-28 10:23 - 00131598 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\zlib1.dll
2014-12-28 10:22 - 2014-12-28 10:22 - 03085456 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\icuin53.dll
2014-12-28 10:22 - 2014-12-28 10:22 - 21568929 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\icudt53.dll
2014-12-28 10:23 - 2014-12-28 10:23 - 00626176 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\platforms\qwindows.dll
2014-12-28 10:23 - 2014-12-28 10:23 - 00473086 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\ssleay32.dll
2014-12-28 10:23 - 2014-12-28 10:23 - 02177649 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\libeay32.dll
2014-12-18 19:05 - 2014-12-18 19:05 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-28 10:23 - 2014-12-28 10:23 - 00131598 _____ () C:\Users\Jan\AppData\Local\CloudStation\app\bin\ZLIB1.dll
2015-01-27 04:58 - 2015-01-25 07:08 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libglesv2.dll
2015-01-27 04:58 - 2015-01-25 07:08 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\libegl.dll
2015-01-27 04:58 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.93\pdf.dll
2014-12-18 10:53 - 2013-09-12 10:39 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\Users\Jan\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Jan\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"

========================= Accounts: ==========================

Administrator (S-1-5-21-3382074861-2756563583-1283812587-500 - Administrator - Disabled)
Guest (S-1-5-21-3382074861-2756563583-1283812587-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3382074861-2756563583-1283812587-1004 - Limited - Enabled)
Jan (S-1-5-21-3382074861-2756563583-1283812587-1002 - Administrator - Enabled) => C:\Users\Jan
UpdatusUser (S-1-5-21-3382074861-2756563583-1283812587-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/02/2015 01:43:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2115-01-09T12:43:36Z. Kód chyby: 0x80040154

Error: (02/02/2015 01:43:32 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program Host Process for Windows Services.

Program: Host Process for Windows Services
Soubor: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: C000009C
Typ disku: 3

Error: (02/02/2015 01:43:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_DsmSvc, verze: 6.3.9600.16384, časové razítko: 0x5215dfe3
Název chybujícího modulu: msvcrt.dll, verze: 7.0.9600.16384, časové razítko: 0x5215f944
Kód výjimky: 0xc0000006
Posun chyby: 0x000000000000193f
ID chybujícího procesu: 0x66c
Čas spuštění chybující aplikace: 0xsvchost.exe_DsmSvc0
Cesta k chybující aplikaci: svchost.exe_DsmSvc1
Cesta k chybujícímu modulu: svchost.exe_DsmSvc2
ID zprávy: svchost.exe_DsmSvc3
Úplný název chybujícího balíčku: svchost.exe_DsmSvc4
ID aplikace související s chybujícím balíčkem: svchost.exe_DsmSvc5

Error: (02/02/2015 01:43:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2115-01-09T12:43:06Z. Kód chyby: 0x80040154

Error: (02/02/2015 01:42:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program Host Process for Windows Services.

Program: Host Process for Windows Services
Soubor: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: C000009C
Typ disku: 3

Error: (02/02/2015 01:42:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_DsmSvc, verze: 6.3.9600.16384, časové razítko: 0x5215dfe3
Název chybujícího modulu: msvcrt.dll, verze: 7.0.9600.16384, časové razítko: 0x5215f944
Kód výjimky: 0xc0000006
Posun chyby: 0x000000000000193f
ID chybujícího procesu: 0x1e68
Čas spuštění chybující aplikace: 0xsvchost.exe_DsmSvc0
Cesta k chybující aplikaci: svchost.exe_DsmSvc1
Cesta k chybujícímu modulu: svchost.exe_DsmSvc2
ID zprávy: svchost.exe_DsmSvc3
Úplný název chybujícího balíčku: svchost.exe_DsmSvc4
ID aplikace související s chybujícím balíčkem: svchost.exe_DsmSvc5

Error: (02/02/2015 01:41:24 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Systém Windows nemůže získat přístup k souboru C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx z jednoho z těchto důvodů:
došlo k problému s připojením k síti, s diskem, na kterém je soubor uložen, nebo
s ovladači ukládání nainstalovanými v tomto počítači; nebo disk chybí.
Systém Windows kvůli této chybě ukončil program Host Process for Windows Services.

Program: Host Process for Windows Services
Soubor: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idx

Hodnota chyby je uvedena v části Další údaje.
Akce uživatele
1. Otevřete soubor znovu.
Může se jednat o dočasný problém, který se při novém spuštění programu nebude opakovat.
2.
Pokud k souboru stále nelze získat přístup a:
- Nachází se v síti,
měl by správce sítě ověřit, zda nedošlo k problému se sítí a zda lze server kontaktovat.
- Je na vyměnitelném disku (například disketě nebo disku CD-ROM), ověřte, zda je disk správně vložen do počítače.
3. Zkontrolujte a opravte systém souborů pomocí nástroje CHKDSK. Ten lze spustit tak, že kliknete na tlačítko Start a příkaz Spustit, zadáte příkaz CMD a kliknete na tlačítko OK. Do příkazového řádku zadejte příkaz CHKDSK /F a stiskněte klávesu ENTER.
4. Pokud potíže potrvají, obnovte soubor ze záložní kopie.
5. Zjistěte, zda lze otevřít jiné soubory na stejném disku. Pokud ne, může být disk poškozen. Jedná-li se o pevný disk, obraťte se na správce nebo na dodavatele počítačového hardwaru
se žádostí o pomoc.

Další údaje
Hodnota chyby: C000009C
Typ disku: 3

Error: (02/02/2015 01:41:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: svchost.exe_DsmSvc, verze: 6.3.9600.16384, časové razítko: 0x5215dfe3
Název chybujícího modulu: msvcrt.dll, verze: 7.0.9600.16384, časové razítko: 0x5215f944
Kód výjimky: 0xc0000006
Posun chyby: 0x0000000000001a79
ID chybujícího procesu: 0x1df0
Čas spuštění chybující aplikace: 0xsvchost.exe_DsmSvc0
Cesta k chybující aplikaci: svchost.exe_DsmSvc1
Cesta k chybujícímu modulu: svchost.exe_DsmSvc2
ID zprávy: svchost.exe_DsmSvc3
Úplný název chybujícího balíčku: svchost.exe_DsmSvc4
ID aplikace související s chybujícím balíčkem: svchost.exe_DsmSvc5

Error: (02/02/2015 01:41:12 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2115-01-09T12:41:12Z. Kód chyby: 0x80040154

Error: (02/02/2015 01:40:42 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Nepodařilo se naplánovat restartování služby Ochrana softwaru na 2115-01-09T12:40:42Z. Kód chyby: 0x80040154

System errors:
=============
Error: (02/02/2015 01:46:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restart the service) po nečekaném ukončení služby Group Policy Client, ale tato akce selhala kvůli následující chybě:
%%1056

Error: (02/02/2015 01:46:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restart the service) po nečekaném ukončení služby Windows Management Instrumentation, ale tato akce selhala kvůli následující chybě:
%%1056

Error: (02/02/2015 01:46:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restart the service) po nečekaném ukončení služby Computer Browser, ale tato akce selhala kvůli následující chybě:
%%1056

Error: (02/02/2015 01:43:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Server byla neočekávaně ukončena. Tento stav nastal již 4krát.

Error: (02/02/2015 01:43:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Device Setup Manager byla neočekávaně ukončena. Tento stav nastal již 4krát.

Error: (02/02/2015 01:43:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Computer Browser byla neočekávaně ukončena. Tento stav nastal již 4krát.

Error: (02/02/2015 01:43:32 PM) (Source: disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (02/02/2015 01:43:28 PM) (Source: disk) (EventID: 7) (User: )
Description: Zařízení \Device\Harddisk0\DR0 má chybný blok.

Error: (02/02/2015 01:43:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restart the service) po nečekaném ukončení služby Server, ale tato akce selhala kvůli následující chybě:
%%1056

Error: (02/02/2015 01:42:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Windows Update byla neočekávaně ukončena. Tento stav nastal již 2krát.

Microsoft Office Sessions:
=========================
Error: (02/02/2015 01:43:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-01-09T12:43:36Z

Error: (02/02/2015 01:43:32 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idxHost Process for Windows ServicesC000009C3

Error: (02/02/2015 01:43:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DsmSvc6.3.9600.163845215dfe3msvcrt.dll7.0.9600.163845215f944c0000006000000000000193f66c01d03ee5b8e53d68C:\windows\system32\svchost.exeC:\windows\system32\msvcrt.dll17fc10ee-aad9-11e4-8271-f8a9633bd7d2

Error: (02/02/2015 01:43:06 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-01-09T12:43:06Z

Error: (02/02/2015 01:42:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idxHost Process for Windows ServicesC000009C3

Error: (02/02/2015 01:42:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DsmSvc6.3.9600.163845215dfe3msvcrt.dll7.0.9600.163845215f944c0000006000000000000193f1e6801d03ee58e722dd2C:\windows\system32\svchost.exeC:\windows\system32\msvcrt.dllf5cfd1eb-aad8-11e4-8271-f8a9633bd7d2

Error: (02/02/2015 01:41:24 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Windows\DeviceMetadataCache\dmrc.idxHost Process for Windows ServicesC000009C3

Error: (02/02/2015 01:41:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_DsmSvc6.3.9600.163845215dfe3msvcrt.dll7.0.9600.163845215f944c00000060000000000001a791df001d03ee56c922661C:\windows\system32\svchost.exeC:\windows\system32\msvcrt.dllcbc47306-aad8-11e4-8271-f8a9633bd7d2

Error: (02/02/2015 01:41:12 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-01-09T12:41:12Z

Error: (02/02/2015 01:40:42 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: 0x800401542115-01-09T12:40:42Z

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460T CPU @ 1.90GHz
Percentage of memory in use: 28%
Total physical RAM: 8092.27 MB
Available physical RAM: 5784.09 MB
Total Pagefile: 9372.27 MB
Available Pagefile: 6818.9 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:905.25 GB) (Free:739.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EAEC9A0C)

Partition: GPT Partition Type.

==================== End Of Log ============================

#7 Příspěvek od **altrok** » 02 úno 2015 15:58

Stahnete Crystal Disk Info (CDI) http://sourceforge.jp/frs/redir.php?m=j ... o6_2_2.zip
archiv extrahujte a spustte vyextrahovany soubor DiskInfo.exe
ve spustenem programu kliknete nahore na Upravy -> Kopirovat (log mate nyni zkopirovany ve schrance)
log vlozte do dalsi odpovedi (Ctrl + V)

Ulozte na plochu MBRScan - http://eric71.geekstogo.com/tools/MbrScan.exe

Spustte jej, vpravo nahore kliknete na Options a vsechno dooznacte
kliknete na Report
obsah prave otevreneho textaku mi vlozte do pristi odpovedi

Velikost plochy by nemela presahovat 200 MB. Zpomaluje se pak start i samotny chod celeho PC.

Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
znovu spustte FRST a kliknete na Fix

po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

Kód: Vybrat vše

Start
CloseProcesses:
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\MountPoints2: {b10dcb58-a64d-11e4-826b-18cf5e5835d1} - "E:\Setup.exe" 
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3382074861-2756563583-1283812587-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002 -> {10E10DB2-5E75-4F8D-A347-064404C40F0E} URL = 
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
CHR DefaultSuggestURL: Profile 5 -> https://www.google.com/complete/search?client=chrome&q={searchTerms}
CHR Extension: (SourceApp) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\imbgpkjmflneoofikpcpiilpkjebkfla [2015-01-27]
CHR HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

2015-02-02 15:42 - 2015-02-02 15:42 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Desktop\FRSTLauncher.exe
2015-02-02 13:20 - 2015-02-02 13:24 - 00000000 ____D () C:\AdwCleaner
2015-02-02 13:19 - 2015-02-02 13:19 - 02194432 _____ () C:\Users\Jan\Desktop\adwcleaner_4.109.exe
2015-02-02 10:52 - 2015-02-02 10:52 - 00000000 ____D () C:\rsit
2015-02-02 10:52 - 2015-02-02 10:52 - 00000000 ____D () C:\Program Files\trend micro
2015-02-02 10:51 - 2015-02-02 10:51 - 01222144 _____ () C:\Users\Jan\Desktop\RSITx64.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End

honzikp · #8 Příspěvek od **honzikp** » 02 úno 2015 16:10

----------------------------------------------------------------------------
CrystalDiskInfo 6.2.2 (C) 2008-2014 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 8.1 [6.3 Build 9600] (x64)
Date : 2015/02/02 16:10:16

-- Controller Map ----------------------------------------------------------
+ Intel(R) 8 Series/C220 Chipset Family SATA AHCI Controller [ATA]
- ST1000DX001-1CM162
- PLDS DVD-RW DU8A5SH
- Řadič prostorů úložišť [SCSI]

-- Disk List ---------------------------------------------------------------
(1) ST1000DX001-1CM162 : 1000,2 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST1000DX001-1CM162
----------------------------------------------------------------------------
Model : ST1000DX001-1CM162
Firmware : CC62
Serial Number : Z1DCGD1S
Disk Size : 1000,2 GB (8,4/137,4/1000,2/1000,2)
Buffer Size : Neznámy údaj
Queue Depth : 32
# of Sectors : 1953525168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ACS-2
Minor Version : ACS-3 Revision 3b
Transfer Mode : SATA/600 | SATA/600
Power On Hours : 588 hod.
Power On Count : 38 krát
Temperature : 41 C (105 F)
Health Status : Pozor
Features : S.M.A.R.T., APM, 48bit LBA, NCQ
APM Level : 8080h [ON]
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 104 _93 __6 000009940A5D Počet chyb čtení
03 _97 _97 __0 000000000000 Čas na roztočení ploten
04 100 100 _20 000000000025 Počet spuštění/zastavení
05 100 100 _10 000000000000 Počet přemapovaných sektorů
07 _78 _60 _30 000003D45AC7 Počet chybných hledání
09 100 100 __0 00000000024C Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 _20 000000000026 Počet cyklů zapnutí zařízení
B7 _99 _99 __0 000000000001 Specifický pro výrobce
B8 100 100 _99 000000000000 Ukončovacích chyb
BB __1 __1 __0 00000000015B Ohlášeno neopravitelných chyb
BC 100 100 __0 000000000000 Časový limit příkazu
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _59 _48 _45 00002C150029 Teplota toku vzduchu
BF 100 100 __0 000000000000 Počet udalostí zaznamenaných otřesovým senzorem
C0 100 100 __0 00000000000E Počet vypnutí disku
C1 100 100 __0 000000000110 Počet cyklů načítání/vymazání
C2 _41 _52 __0 001100000029 Teplota
C5 _99 _99 __0 000000000118 Počet podezřelých sektorů
C6 _99 _99 __0 000000000118 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
F0 100 253 __0 E364000001DC Čas nastavování hlaviček - v hodinách
F1 100 253 __0 00024A8DF561 Total Host Writes
F2 100 253 __0 00007A99ADE6 Total Host Reads

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 2020 5A31 4443 4744 3153
020: 0000 0000 0004 4343 3632 2020 2020 5354 3130 3030
030: 4458 3030 312D 3143 4D31 3632 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0010
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 8D0E 0006 0044 0044
080: 03F0 001F 346B 7D09 6163 3469 BC09 6163 203F 0034
090: 0034 8080 FFFE 0000 D0D0 0000 0000 0000 0000 0000
100: 6DB0 7470 0000 0000 0000 0000 6003 0000 5000 C500
110: 674F 94DD 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0021 6DB0
130: 7470 6DB0 7470 2020 0002 0140 0108 5000 3C06 3C0A
140: 0000 003C 0000 0008 0000 0000 05FF 0280 0000 0000
150: 0008 0000 0000 0000 0000 0001 0000 0000 5800 8006
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 1081 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 107E 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0003 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 97A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 0A 00 01 0F 00 68 5D 5D 0A 94 09 00 00 00 03 03
010: 00 61 61 00 00 00 00 00 00 00 04 32 00 64 64 25
020: 00 00 00 00 00 00 05 33 00 64 64 00 00 00 00 00
030: 00 00 07 0F 00 4E 3C C7 5A D4 03 00 00 00 09 32
040: 00 64 64 4C 02 00 00 00 00 00 0A 13 00 64 64 00
050: 00 00 00 00 00 00 0C 32 00 64 64 26 00 00 00 00
060: 00 00 B7 32 00 63 63 01 00 00 00 00 00 00 B8 32
070: 00 64 64 00 00 00 00 00 00 00 BB 32 00 01 01 5B
080: 01 00 00 00 00 00 BC 32 00 64 64 00 00 00 00 00
090: 00 00 BD 3A 00 64 64 00 00 00 00 00 00 00 BE 22
0A0: 00 3B 30 29 00 15 2C 00 00 00 BF 32 00 64 64 00
0B0: 00 00 00 00 00 00 C0 32 00 64 64 0E 00 00 00 00
0C0: 00 00 C1 32 00 64 64 10 01 00 00 00 00 00 C2 22
0D0: 00 29 34 29 00 00 00 11 00 00 C5 12 00 63 63 18
0E0: 01 00 00 00 00 00 C6 10 00 63 63 18 01 00 00 00
0F0: 00 00 C7 3E 00 C8 C8 00 00 00 00 00 00 00 F0 00
100: 00 64 FD DC 01 00 00 64 E3 22 F1 00 00 64 FD 61
110: F5 8D 4A 02 00 00 F2 00 00 64 FD E6 AD 99 7A 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73
170: 03 00 01 00 01 6C 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 06 03 03 03 03 03 03 03
190: 03 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 0F F3 2B 8F F7 01 00 00
1B0: 00 00 00 00 01 00 31 00 61 F5 8D 4A 02 00 00 00
1C0: E6 AD 99 7A 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 14 00 00 00 60 01 00 00 66 00 0B 00
1E0: 00 00 00 00 78 3E 01 00 00 00 00 00 00 00 00 2F
1F0: 00 00 00 00 00 00 00 00 00 00 14 18 00 00 00 D0

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 01 00 01 06 00 00 00 00 00 00 00 00 00 00 03 00
010: 00 00 00 00 00 00 00 00 00 00 04 14 00 00 00 00
020: 00 00 00 00 00 00 05 0A 00 00 00 00 00 00 00 00
030: 00 00 07 1E 00 00 00 00 00 00 00 00 00 00 09 00
040: 00 00 00 00 00 00 00 00 00 00 0A 61 00 00 00 00
050: 00 00 00 00 00 00 0C 14 00 00 00 00 00 00 00 00
060: 00 00 B7 00 00 00 00 00 00 00 00 00 00 00 B8 63
070: 00 00 00 00 00 00 00 00 00 00 BB 00 00 00 00 00
080: 00 00 00 00 00 00 BC 00 00 00 00 00 00 00 00 00
090: 00 00 BD 00 00 00 00 00 00 00 00 00 00 00 BE 2D
0A0: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
0B0: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
0C0: 00 00 C1 00 00 00 00 00 00 00 00 00 00 00 C2 00
0D0: 00 00 00 00 00 00 00 00 00 00 C5 00 00 00 00 00
0E0: 00 00 00 00 00 00 C6 00 00 00 00 00 00 00 00 00
0F0: 00 00 C7 00 00 00 00 00 00 00 00 00 00 00 F0 00
100: 00 00 00 00 00 00 00 00 00 00 F1 00 00 00 00 00
110: 00 00 00 00 00 00 F2 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FD

honzikp · #9 Příspěvek od **honzikp** » 02 úno 2015 16:11

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows 8  (64 bit)
PROCESSOR      : Intel64 Family 6 Model 60 Stepping 3, GenuineIntel
BOOT           : Normal Boot
DATE           : 2015/02/02 (ISO 8601) at 16:11:27
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST1000DX001-1CM162 (CC62)
BUS_TYPE       : (0x0B)  S-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	931.5 Go  [Fixed] ==> Unknown MBR Code...

MBR_MD5   : 3DDA33E4FC75DB72A1C4F7ABA0F77A3E
MBR_SHA1  : D5B4496C2044BA6904E4CC4088C5886D5D00FF04

Device\Harddisk0\Partition1	2.00 To  	0xEE EFI GPT[1] 
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\windows\system32\ntoskrnl.exe => Invisible on the disk
ADDRESS : 0xBA479000
SIZE    : 7.59 Mo

DRIVER  : C:\windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0xBA409000
SIZE    : 448.0 Ko

DRIVER  : C:\windows\system32\kd.dll => Invisible on the disk
ADDRESS : 0xB9535000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk
ADDRESS : 0x6FCD4000
SIZE    : 408.0 Ko

DRIVER  : C:\windows\System32\drivers\werkernel.sys => Invisible on the disk
ADDRESS : 0x6FD3A000
SIZE    : 56.0 Ko

DRIVER  : C:\windows\System32\drivers\CLFS.SYS => Invisible on the disk
ADDRESS : 0x6FD48000
SIZE    : 388.0 Ko

DRIVER  : C:\windows\System32\drivers\tm.sys => Invisible on the disk
ADDRESS : 0x6FDA9000
SIZE    : 136.0 Ko

DRIVER  : C:\windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x6FC00000
SIZE    : 544.0 Ko

DRIVER  : C:\windows\System32\drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x6FED1000
SIZE    : 372.0 Ko

DRIVER  : C:\windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x6FF2E000
SIZE    : 828.0 Ko

DRIVER  : C:\windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x6FE00000
SIZE    : 68.0 Ko

DRIVER  : C:\windows\System32\Drivers\acpiex.sys => Invisible on the disk
ADDRESS : 0x6FE11000
SIZE    : 96.0 Ko

DRIVER  : C:\windows\System32\Drivers\WppRecorder.sys => Invisible on the disk
ADDRESS : 0x6FE29000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\System32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x6FE34000
SIZE    : 552.0 Ko

DRIVER  : C:\windows\System32\drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x6FEBE000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x70026000
SIZE    : 556.0 Ko

DRIVER  : C:\windows\System32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x700B1000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\System32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x700BB000
SIZE    : 288.0 Ko

DRIVER  : C:\windows\System32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x70103000
SIZE    : 52.0 Ko

DRIVER  : C:\windows\system32\drivers\pdc.sys => Invisible on the disk
ADDRESS : 0x70110000
SIZE    : 112.0 Ko

DRIVER  : C:\windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x7012C000
SIZE    : 96.0 Ko

DRIVER  : C:\windows\System32\drivers\spaceport.sys => Invisible on the disk
ADDRESS : 0x70144000
SIZE    : 420.0 Ko

DRIVER  : C:\windows\System32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x701AD000
SIZE    : 84.0 Ko

DRIVER  : C:\windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x70253000
SIZE    : 380.0 Ko

DRIVER  : C:\windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x702B2000
SIZE    : 108.0 Ko

DRIVER  : C:\windows\System32\drivers\iaStorA.sys => Invisible on the disk
ADDRESS : 0x704BF000
SIZE    : 2.71 Mo

DRIVER  : C:\windows\System32\drivers\storport.sys => Invisible on the disk
ADDRESS : 0x70775000
SIZE    : 380.0 Ko

DRIVER  : C:\windows\System32\drivers\EhStorClass.sys => Invisible on the disk
ADDRESS : 0x707D4000
SIZE    : 104.0 Ko

DRIVER  : C:\windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x70400000
SIZE    : 368.0 Ko

DRIVER  : C:\windows\System32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x7045C000
SIZE    : 88.0 Ko

DRIVER  : C:\windows\System32\Drivers\Wof.sys => Invisible on the disk
ADDRESS : 0x70472000
SIZE    : 172.0 Ko

DRIVER  : C:\windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x70818000
SIZE    : 1.96 Mo

DRIVER  : C:\windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x70A0E000
SIZE    : 112.0 Ko

DRIVER  : C:\windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x70A2A000
SIZE    : 64.0 Ko

DRIVER  : C:\windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x70A3A000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x70A45000
SIZE    : 1.09 Mo

DRIVER  : C:\windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x70B5D000
SIZE    : 480.0 Ko

DRIVER  : C:\windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x702CD000
SIZE    : 192.0 Ko

DRIVER  : C:\windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x70C14000
SIZE    : 2.44 Mo

DRIVER  : C:\windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x70E85000
SIZE    : 432.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\wfplwfs.sys => Invisible on the disk
ADDRESS : 0x70EF1000
SIZE    : 148.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\aswNdisFlt.sys => Invisible on the disk
ADDRESS : 0x70F16000
SIZE    : 448.0 Ko

DRIVER  : C:\windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x702FD000
SIZE    : 596.0 Ko

DRIVER  : C:\windows\System32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x70F86000
SIZE    : 316.0 Ko

DRIVER  : C:\windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x70392000
SIZE    : 280.0 Ko

DRIVER  : C:\windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x70FD5000
SIZE    : 92.0 Ko

DRIVER  : C:\windows\System32\drivers\intelpep.sys => Invisible on the disk
ADDRESS : 0x70FEC000
SIZE    : 60.0 Ko

DRIVER  : C:\windows\System32\drivers\disk.sys => Invisible on the disk
ADDRESS : 0x70BD5000
SIZE    : 112.0 Ko

DRIVER  : C:\windows\System32\drivers\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x710FB000
SIZE    : 340.0 Ko

DRIVER  : C:\windows\System32\Drivers\aswVmm.sys => Invisible on the disk
ADDRESS : 0x71150000
SIZE    : 268.0 Ko

DRIVER  : C:\windows\System32\Drivers\aswRvrt.sys => Invisible on the disk
ADDRESS : 0x71193000
SIZE    : 76.0 Ko

DRIVER  : C:\windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x711A6000
SIZE    : 84.0 Ko

DRIVER  : C:\windows\System32\drivers\dtsoftbus01.sys => Invisible on the disk
ADDRESS : 0x716FE000
SIZE    : 288.0 Ko

DRIVER  : C:\windows\System32\drivers\cdrom.sys => Invisible on the disk
ADDRESS : 0x71746000
SIZE    : 184.0 Ko

DRIVER  : C:\windows\system32\drivers\aswSnx.sys => Invisible on the disk
ADDRESS : 0x7184F000
SIZE    : 1.02 Mo

DRIVER  : C:\windows\system32\drivers\aswSP.sys => Invisible on the disk
ADDRESS : 0x71953000
SIZE    : 452.0 Ko

DRIVER  : C:\windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x719C4000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x719CD000
SIZE    : 32.0 Ko

DRIVER  : C:\windows\system32\drivers\aswKbd.sys => Invisible on the disk
ADDRESS : 0x719D5000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\System32\drivers\BasicRender.sys => Invisible on the disk
ADDRESS : 0x719DF000
SIZE    : 56.0 Ko

DRIVER  : C:\windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x71A17000
SIZE    : 1.50 Mo

DRIVER  : C:\windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x71B98000
SIZE    : 72.0 Ko

DRIVER  : C:\windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x71774000
SIZE    : 388.0 Ko

DRIVER  : C:\windows\System32\drivers\BasicDisplay.sys => Invisible on the disk
ADDRESS : 0x71BAA000
SIZE    : 72.0 Ko

DRIVER  : C:\windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x71BBC000
SIZE    : 80.0 Ko

DRIVER  : C:\windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x71BD0000
SIZE    : 48.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x71BDC000
SIZE    : 128.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x71A00000
SIZE    : 56.0 Ko

DRIVER  : C:\windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x71800000
SIZE    : 304.0 Ko

DRIVER  : C:\windows\system32\drivers\aswRdr2.sys => Invisible on the disk
ADDRESS : 0x717D5000
SIZE    : 104.0 Ko

DRIVER  : C:\windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x71000000
SIZE    : 584.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x71400000
SIZE    : 168.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x71092000
SIZE    : 96.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x719ED000
SIZE    : 68.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x71CAB000
SIZE    : 448.0 Ko

DRIVER  : C:\windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x71D1B000
SIZE    : 56.0 Ko

DRIVER  : C:\windows\System32\drivers\npsvctrig.sys => Invisible on the disk
ADDRESS : 0x71D29000
SIZE    : 48.0 Ko

DRIVER  : C:\windows\System32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x71D35000
SIZE    : 48.0 Ko

DRIVER  : C:\windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x71D41000
SIZE    : 152.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\ahcache.sys => Invisible on the disk
ADDRESS : 0x71D77000
SIZE    : 92.0 Ko

DRIVER  : C:\windows\System32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x71D8E000
SIZE    : 60.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\kdnic.sys => Invisible on the disk
ADDRESS : 0x71D9D000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\System32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x71DA8000
SIZE    : 68.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\nvlddmkm.sys => Invisible on the disk
ADDRESS : 0x71E3B000
SIZE    : 12.32 Mo

DRIVER  : C:\windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk
ADDRESS : 0x72CCA000
SIZE    : 4.64 Mo

DRIVER  : C:\windows\System32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x7316E000
SIZE    : 100.0 Ko

DRIVER  : C:\windows\System32\drivers\USBXHCI.SYS => Invisible on the disk
ADDRESS : 0x73187000
SIZE    : 340.0 Ko

DRIVER  : C:\windows\System32\drivers\ucx01000.sys => Invisible on the disk
ADDRESS : 0x72C00000
SIZE    : 200.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\TeeDriverx64.sys => Invisible on the disk
ADDRESS : 0x72C32000
SIZE    : 112.0 Ko

DRIVER  : C:\windows\System32\drivers\usbehci.sys => Invisible on the disk
ADDRESS : 0x72C4E000
SIZE    : 96.0 Ko

DRIVER  : C:\windows\System32\drivers\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x72A8D000
SIZE    : 444.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\RtsP2Stor.sys => Invisible on the disk
ADDRESS : 0x72C66000
SIZE    : 300.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\Rt630x64.sys => Invisible on the disk
ADDRESS : 0x72AFC000
SIZE    : 816.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\rtwlane.sys => Invisible on the disk
ADDRESS : 0x73291000
SIZE    : 2.90 Mo

DRIVER  : C:\windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x73577000
SIZE    : 228.0 Ko

DRIVER  : C:\windows\System32\drivers\vwifibus.sys => Invisible on the disk
ADDRESS : 0x735B0000
SIZE    : 52.0 Ko

DRIVER  : C:\windows\System32\drivers\i8042prt.sys => Invisible on the disk
ADDRESS : 0x735BD000
SIZE    : 124.0 Ko

DRIVER  : C:\windows\System32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x735DC000
SIZE    : 64.0 Ko

DRIVER  : C:\windows\System32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x735EC000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\System32\drivers\intelppm.sys => Invisible on the disk
ADDRESS : 0x73200000
SIZE    : 120.0 Ko

DRIVER  : C:\windows\System32\drivers\NdisVirtualBus.sys => Invisible on the disk
ADDRESS : 0x7321E000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\System32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x73229000
SIZE    : 8.0 Ko

DRIVER  : C:\windows\System32\drivers\ks.sys => Invisible on the disk
ADDRESS : 0x7322B000
SIZE    : 312.0 Ko

DRIVER  : C:\windows\System32\drivers\iwdbus.sys => Invisible on the disk
ADDRESS : 0x73279000
SIZE    : 48.0 Ko

DRIVER  : C:\windows\System32\drivers\circlass.sys => Invisible on the disk
ADDRESS : 0x72CB1000
SIZE    : 72.0 Ko

DRIVER  : C:\windows\System32\drivers\rdpbus.sys => Invisible on the disk
ADDRESS : 0x73285000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\System32\drivers\usbhub.sys => Invisible on the disk
ADDRESS : 0x71C00000
SIZE    : 424.0 Ko

DRIVER  : C:\windows\System32\drivers\USBD.SYS => Invisible on the disk
ADDRESS : 0x731DC000
SIZE    : 48.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\portcls.sys => Invisible on the disk
ADDRESS : 0x736E1000
SIZE    : 284.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\drmk.sys => Invisible on the disk
ADDRESS : 0x73728000
SIZE    : 112.0 Ko

DRIVER  : C:\windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x73744000
SIZE    : 24.0 Ko

DRIVER  : C:\windows\System32\drivers\UsbHub3.sys => Invisible on the disk
ADDRESS : 0x7374A000
SIZE    : 480.0 Ko

DRIVER  : C:\windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x738BF000
SIZE    : 3.54 Mo

DRIVER  : C:\windows\System32\Drivers\dump_iaStorA.sys => Invisible on the disk
ADDRESS : 0x7142A000
SIZE    : 2.71 Mo

DRIVER  : C:\windows\System32\drivers\hidusb.sys => Invisible on the disk
ADDRESS : 0x73C6B000
SIZE    : 56.0 Ko

DRIVER  : C:\windows\System32\drivers\HIDCLASS.SYS => Invisible on the disk
ADDRESS : 0x73C79000
SIZE    : 124.0 Ko

DRIVER  : C:\windows\System32\drivers\HIDPARSE.SYS => Invisible on the disk
ADDRESS : 0x73C98000
SIZE    : 32.0 Ko

DRIVER  : C:\windows\System32\drivers\kbdhid.sys => Invisible on the disk
ADDRESS : 0x73CA0000
SIZE    : 56.0 Ko

DRIVER  : C:\windows\System32\drivers\mouhid.sys => Invisible on the disk
ADDRESS : 0x73CAE000
SIZE    : 52.0 Ko

DRIVER  : C:\windows\System32\drivers\mouclass.sys => Invisible on the disk
ADDRESS : 0x73CBB000
SIZE    : 64.0 Ko

DRIVER  : C:\windows\System32\drivers\usbccgp.sys => Invisible on the disk
ADDRESS : 0x73CCB000
SIZE    : 156.0 Ko

DRIVER  : C:\windows\System32\drivers\AVPolDIR.sys => Invisible on the disk
ADDRESS : 0x73CF2000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\AVerPola.sys => Invisible on the disk
ADDRESS : 0x73CFC000
SIZE    : 828.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\BdaSup.SYS => Invisible on the disk
ADDRESS : 0x73DCB000
SIZE    : 16.0 Ko

DRIVER  : C:\windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x73800000
SIZE    : 208.0 Ko

DRIVER  : C:\windows\System32\Drivers\vmuacflt.sys => Invisible on the disk
ADDRESS : 0x73834000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\system32\drivers\usbaudio.sys => Invisible on the disk
ADDRESS : 0x7383E000
SIZE    : 120.0 Ko

DRIVER  : C:\windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x0014D000
SIZE    : 4.09 Mo

DRIVER  : C:\windows\System32\drivers\monitor.sys => Invisible on the disk
ADDRESS : 0x7385C000
SIZE    : 56.0 Ko

DRIVER  : C:\windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x0063D000
SIZE    : 36.0 Ko

DRIVER  : C:\windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x0084B000
SIZE    : 236.0 Ko

DRIVER  : C:\windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x7386A000
SIZE    : 144.0 Ko

DRIVER  : C:\windows\system32\drivers\aswMonFlt.sys => Invisible on the disk
ADDRESS : 0x7388E000
SIZE    : 136.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x737C2000
SIZE    : 80.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x73600000
SIZE    : 464.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x73674000
SIZE    : 80.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x73688000
SIZE    : 96.0 Ko

DRIVER  : C:\windows\System32\drivers\condrv.sys => Invisible on the disk
ADDRESS : 0x73DEE000
SIZE    : 64.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\vwifimp.sys => Invisible on the disk
ADDRESS : 0x738B0000
SIZE    : 60.0 Ko

DRIVER  : C:\windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x73E56000
SIZE    : 1000.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x73F50000
SIZE    : 128.0 Ko

DRIVER  : C:\windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x73F70000
SIZE    : 92.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x73F87000
SIZE    : 432.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x73E00000
SIZE    : 228.0 Ko

DRIVER  : C:\windows\system32\drivers\aswHwid.sys => Invisible on the disk
ADDRESS : 0x73E39000
SIZE    : 40.0 Ko

DRIVER  : C:\windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x710AA000
SIZE    : 300.0 Ko

DRIVER  : C:\windows\system32\drivers\Ndu.sys => Invisible on the disk
ADDRESS : 0x736A0000
SIZE    : 116.0 Ko

DRIVER  : C:\windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x7406B000
SIZE    : 676.0 Ko

DRIVER  : C:\windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x74114000
SIZE    : 44.0 Ko

DRIVER  : C:\windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x7411F000
SIZE    : 268.0 Ko

DRIVER  : C:\windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x74162000
SIZE    : 72.0 Ko

DRIVER  : C:\windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x74297000
SIZE    : 688.0 Ko

DRIVER  : C:\windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x74343000
SIZE    : 568.0 Ko

DRIVER  : C:\windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x743D1000
SIZE    : 128.0 Ko

DRIVER  : C:\windows\System32\drivers\WUDFRd.sys => Invisible on the disk
ADDRESS : 0x74200000
SIZE    : 244.0 Ko

DRIVER  : C:\windows\System32\drivers\umpass.sys => Invisible on the disk
ADDRESS : 0x74251000
SIZE    : 40.0 Ko

SystemStartOptions :  NOEXECUTE=OPTIN  NOVGA

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 0C 9A EC EA 00 00 00 00   ..........ìê....
0x000001C0   02 00 EE FF FF FF 01 00 00 00 FF FF FF FF 00 00   ..î.............
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    0000            ADD [BX+SI], AL   
0x0002    0000            ADD [BX+SI], AL   
0x0004    0000            ADD [BX+SI], AL   
0x0006    0000            ADD [BX+SI], AL   
0x0008    0000            ADD [BX+SI], AL   
0x000A    0000            ADD [BX+SI], AL   
0x000C    0000            ADD [BX+SI], AL   
0x000E    0000            ADD [BX+SI], AL   
0x0010    0000            ADD [BX+SI], AL   
0x0012    0000            ADD [BX+SI], AL   
0x0014    0000            ADD [BX+SI], AL   
0x0016    0000            ADD [BX+SI], AL   
0x0018    0000            ADD [BX+SI], AL   
0x001A    0000            ADD [BX+SI], AL   
0x001C    0000            ADD [BX+SI], AL   
0x001E    0000            ADD [BX+SI], AL   
0x0020    0000            ADD [BX+SI], AL   
0x0022    0000            ADD [BX+SI], AL   
0x0024    0000            ADD [BX+SI], AL   
0x0026    0000            ADD [BX+SI], AL   
0x0028    0000            ADD [BX+SI], AL   
0x002A    0000            ADD [BX+SI], AL   
0x002C    0000            ADD [BX+SI], AL   
0x002E    0000            ADD [BX+SI], AL   
0x0030    0000            ADD [BX+SI], AL   
0x0032    0000            ADD [BX+SI], AL   
0x0034    0000            ADD [BX+SI], AL   
0x0036    0000            ADD [BX+SI], AL   
0x0038    0000            ADD [BX+SI], AL   
0x003A    0000            ADD [BX+SI], AL   
0x003C    0000            ADD [BX+SI], AL   
0x003E    0000            ADD [BX+SI], AL   
0x0040    0000            ADD [BX+SI], AL   
0x0042    0000            ADD [BX+SI], AL   
0x0044    0000            ADD [BX+SI], AL   
0x0046    0000            ADD [BX+SI], AL   
0x0048    0000            ADD [BX+SI], AL   
0x004A    0000            ADD [BX+SI], AL   
0x004C    0000            ADD [BX+SI], AL   
0x004E    0000            ADD [BX+SI], AL   
0x0050    0000            ADD [BX+SI], AL   
0x0052    0000            ADD [BX+SI], AL   
0x0054    0000            ADD [BX+SI], AL   
0x0056    0000            ADD [BX+SI], AL   
0x0058    0000            ADD [BX+SI], AL   
0x005A    0000            ADD [BX+SI], AL   
0x005C    0000            ADD [BX+SI], AL   
0x005E    0000            ADD [BX+SI], AL   
0x0060    0000            ADD [BX+SI], AL   
0x0062    0000            ADD [BX+SI], AL   
0x0064    0000            ADD [BX+SI], AL   
0x0066    0000            ADD [BX+SI], AL   
0x0068    0000            ADD [BX+SI], AL   
0x006A    0000            ADD [BX+SI], AL   
0x006C    0000            ADD [BX+SI], AL   
0x006E    0000            ADD [BX+SI], AL   
0x0070    0000            ADD [BX+SI], AL   
0x0072    0000            ADD [BX+SI], AL   
0x0074    0000            ADD [BX+SI], AL   
0x0076    0000            ADD [BX+SI], AL   
0x0078    0000            ADD [BX+SI], AL   
0x007A    0000            ADD [BX+SI], AL   
0x007C    0000            ADD [BX+SI], AL   
0x007E    0000            ADD [BX+SI], AL   
0x0080    0000            ADD [BX+SI], AL   
0x0082    0000            ADD [BX+SI], AL   
0x0084    0000            ADD [BX+SI], AL   
0x0086    0000            ADD [BX+SI], AL   
0x0088    0000            ADD [BX+SI], AL   
0x008A    0000            ADD [BX+SI], AL   
0x008C    0000            ADD [BX+SI], AL   
0x008E    0000            ADD [BX+SI], AL   
0x0090    0000            ADD [BX+SI], AL   
0x0092    0000            ADD [BX+SI], AL   
0x0094    0000            ADD [BX+SI], AL   
0x0096    0000            ADD [BX+SI], AL   
0x0098    0000            ADD [BX+SI], AL   
0x009A    0000            ADD [BX+SI], AL   
0x009C    0000            ADD [BX+SI], AL   
0x009E    0000            ADD [BX+SI], AL   
0x00A0    0000            ADD [BX+SI], AL   
0x00A2    0000            ADD [BX+SI], AL   
0x00A4    0000            ADD [BX+SI], AL   
0x00A6    0000            ADD [BX+SI], AL   
0x00A8    0000            ADD [BX+SI], AL   
0x00AA    0000            ADD [BX+SI], AL   
0x00AC    0000            ADD [BX+SI], AL   
0x00AE    0000            ADD [BX+SI], AL   
0x00B0    0000            ADD [BX+SI], AL   
0x00B2    0000            ADD [BX+SI], AL   
0x00B4    0000            ADD [BX+SI], AL   
0x00B6    0000            ADD [BX+SI], AL   
0x00B8    0000            ADD [BX+SI], AL   
0x00BA    0000            ADD [BX+SI], AL   
0x00BC    0000            ADD [BX+SI], AL   
0x00BE    0000            ADD [BX+SI], AL   
0x00C0    0000            ADD [BX+SI], AL   
0x00C2    0000            ADD [BX+SI], AL   
0x00C4    0000            ADD [BX+SI], AL   
0x00C6    0000            ADD [BX+SI], AL   
0x00C8    0000            ADD [BX+SI], AL   
0x00CA    0000            ADD [BX+SI], AL   
0x00CC    0000            ADD [BX+SI], AL   
0x00CE    0000            ADD [BX+SI], AL   
0x00D0    0000            ADD [BX+SI], AL   
0x00D2    0000            ADD [BX+SI], AL   
0x00D4    0000            ADD [BX+SI], AL   
0x00D6    0000            ADD [BX+SI], AL   
0x00D8    0000            ADD [BX+SI], AL   
0x00DA    0000            ADD [BX+SI], AL   
0x00DC    0000            ADD [BX+SI], AL   
0x00DE    0000            ADD [BX+SI], AL   
0x00E0    0000            ADD [BX+SI], AL   
0x00E2    0000            ADD [BX+SI], AL   
0x00E4    0000            ADD [BX+SI], AL   
0x00E6    0000            ADD [BX+SI], AL   
0x00E8    0000            ADD [BX+SI], AL   
0x00EA    0000            ADD [BX+SI], AL   
0x00EC    0000            ADD [BX+SI], AL   
0x00EE    0000            ADD [BX+SI], AL   
0x00F0    0000            ADD [BX+SI], AL   
0x00F2    0000            ADD [BX+SI], AL   
0x00F4    0000            ADD [BX+SI], AL   
0x00F6    0000            ADD [BX+SI], AL   
0x00F8    0000            ADD [BX+SI], AL   
0x00FA    0000            ADD [BX+SI], AL   
0x00FC    0000            ADD [BX+SI], AL   
0x00FE    0000            ADD [BX+SI], AL   
0x0100    0000            ADD [BX+SI], AL   
0x0102    0000            ADD [BX+SI], AL   
0x0104    0000            ADD [BX+SI], AL   
0x0106    0000            ADD [BX+SI], AL   
0x0108    0000            ADD [BX+SI], AL   
0x010A    0000            ADD [BX+SI], AL   
0x010C    0000            ADD [BX+SI], AL   
0x010E    0000            ADD [BX+SI], AL   
0x0110    0000            ADD [BX+SI], AL   
0x0112    0000            ADD [BX+SI], AL   
0x0114    0000            ADD [BX+SI], AL   
0x0116    0000            ADD [BX+SI], AL   
0x0118    0000            ADD [BX+SI], AL   
0x011A    0000            ADD [BX+SI], AL   
0x011C    0000            ADD [BX+SI], AL   
0x011E    0000            ADD [BX+SI], AL   
0x0120    0000            ADD [BX+SI], AL   
0x0122    0000            ADD [BX+SI], AL   
0x0124    0000            ADD [BX+SI], AL   
0x0126    0000            ADD [BX+SI], AL   
0x0128    0000            ADD [BX+SI], AL   
0x012A    0000            ADD [BX+SI], AL   
0x012C    0000            ADD [BX+SI], AL   
0x012E    0000            ADD [BX+SI], AL   
0x0130    0000            ADD [BX+SI], AL   
0x0132    0000            ADD [BX+SI], AL   
0x0134    0000            ADD [BX+SI], AL   
0x0136    0000            ADD [BX+SI], AL   
0x0138    0000            ADD [BX+SI], AL   
0x013A    0000            ADD [BX+SI], AL   
0x013C    0000            ADD [BX+SI], AL   
0x013E    0000            ADD [BX+SI], AL   
0x0140    0000            ADD [BX+SI], AL   
0x0142    0000            ADD [BX+SI], AL   
0x0144    0000            ADD [BX+SI], AL   
0x0146    0000            ADD [BX+SI], AL   
0x0148    0000            ADD [BX+SI], AL   
0x014A    0000            ADD [BX+SI], AL   
0x014C    0000            ADD [BX+SI], AL   
0x014E    0000            ADD [BX+SI], AL   
0x0150    0000            ADD [BX+SI], AL   
0x0152    0000            ADD [BX+SI], AL   
0x0154    0000            ADD [BX+SI], AL   
0x0156    0000            ADD [BX+SI], AL   
0x0158    0000            ADD [BX+SI], AL   
0x015A    0000            ADD [BX+SI], AL   
0x015C    0000            ADD [BX+SI], AL   
0x015E    0000            ADD [BX+SI], AL   
0x0160    0000            ADD [BX+SI], AL   
0x0162    0000            ADD [BX+SI], AL   
0x0164    0000            ADD [BX+SI], AL   
0x0166    0000            ADD [BX+SI], AL   
0x0168    0000            ADD [BX+SI], AL   
0x016A    0000            ADD [BX+SI], AL   
0x016C    0000            ADD [BX+SI], AL   
0x016E    0000            ADD [BX+SI], AL   
0x0170    0000            ADD [BX+SI], AL   
0x0172    0000            ADD [BX+SI], AL   
0x0174    0000            ADD [BX+SI], AL   
0x0176    0000            ADD [BX+SI], AL   
0x0178    0000            ADD [BX+SI], AL   
0x017A    0000            ADD [BX+SI], AL   
0x017C    0000            ADD [BX+SI], AL   
0x017E    0000            ADD [BX+SI], AL   
0x0180    0000            ADD [BX+SI], AL   
0x0182    0000            ADD [BX+SI], AL   
0x0184    0000            ADD [BX+SI], AL   
0x0186    0000            ADD [BX+SI], AL   
0x0188    0000            ADD [BX+SI], AL   
0x018A    0000            ADD [BX+SI], AL   
0x018C    0000            ADD [BX+SI], AL   
0x018E    0000            ADD [BX+SI], AL   
0x0190    0000            ADD [BX+SI], AL   
0x0192    0000            ADD [BX+SI], AL   
0x0194    0000            ADD [BX+SI], AL   
0x0196    0000            ADD [BX+SI], AL   
0x0198    0000            ADD [BX+SI], AL   
0x019A    0000            ADD [BX+SI], AL   
0x019C    0000            ADD [BX+SI], AL   
0x019E    0000            ADD [BX+SI], AL   
0x01A0    0000            ADD [BX+SI], AL   
0x01A2    0000            ADD [BX+SI], AL   
0x01A4    0000            ADD [BX+SI], AL   
0x01A6    0000            ADD [BX+SI], AL   
0x01A8    0000            ADD [BX+SI], AL   
0x01AA    0000            ADD [BX+SI], AL   
0x01AC    0000            ADD [BX+SI], AL   
0x01AE    0000            ADD [BX+SI], AL   
0x01B0    0000            ADD [BX+SI], AL   
0x01B2    0000            ADD [BX+SI], AL   
0x01B4    0000            ADD [BX+SI], AL   
0x01B6    0000            ADD [BX+SI], AL   
0x01B8    0c 9a           OR AL, 0x9a   
0x01BA    ec              IN AL, DX   
0x01BB    ea 0000 0000    JMP FAR 0x0:0x0   
0x01C0    0200            ADD AL, [BX+SI]   
0x01C2    ee              OUT DX, AL   
0x01C3    ff              DB 0xff   
0x01C4    ff              DB 0xff   
0x01C5    ff01            INC WORD [BX+DI]   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    00ff            ADD BH, BH   
0x01CB    ff              DB 0xff   
0x01CC    ff              DB 0xff   
0x01CD    ff00            INC WORD [BX+SI]   
0x01CF    0000            ADD [BX+SI], AL   
0x01D1    0000            ADD [BX+SI], AL   
0x01D3    0000            ADD [BX+SI], AL   
0x01D5    0000            ADD [BX+SI], AL   
0x01D7    0000            ADD [BX+SI], AL   
0x01D9    0000            ADD [BX+SI], AL   
0x01DB    0000            ADD [BX+SI], AL   
0x01DD    0000            ADD [BX+SI], AL   
0x01DF    0000            ADD [BX+SI], AL   
0x01E1    0000            ADD [BX+SI], AL   
0x01E3    0000            ADD [BX+SI], AL   
0x01E5    0000            ADD [BX+SI], AL   
0x01E7    0000            ADD [BX+SI], AL   
0x01E9    0000            ADD [BX+SI], AL   
0x01EB    0000            ADD [BX+SI], AL   
0x01ED    0000            ADD [BX+SI], AL   
0x01EF    0000            ADD [BX+SI], AL   
0x01F1    0000            ADD [BX+SI], AL   
0x01F3    0000            ADD [BX+SI], AL   
0x01F5    0000            ADD [BX+SI], AL   
0x01F7    0000            ADD [BX+SI], AL   
0x01F9    0000            ADD [BX+SI], AL   
0x01FB    0000            ADD [BX+SI], AL   
0x01FD    0055 aa         ADD [DI-0x56], DL

honzikp · #10 Příspěvek od **honzikp** » 02 úno 2015 16:27

Pravděpodobně jsem něco udělal špatně nebo se někde stala chyba: Vytvořil jsem fixlist.txt (v něm byl zkopírován Váš text START až END) spustil jsem FRST a kliknul na FIX. Rozjelo se okno "Farbar Recovery Scan Tool" a to se zastavilo na Deleting temporary Files: C:/users/Jan/AppData/Local/MOZILLA/FIREFOX/PROFILES

Zatím jsem ho nechal, ale nevím co dál... ukončit ve právci úloh natvrdo?
Díky

#11 Příspěvek od **altrok** » 02 úno 2015 16:32

Chvalim za takovy popis situace

Vsechno jste udelal spravne, ale obcas se maze neco, co se brani nebo muze byt na poskozene casti disku, ktere ten Vas ma... nasilne proces ukoncete, restartujte PC a krok s fixlistem zopakujte.

Disk hlasi hodne chyb a minimalne bych casto zalohoval...

honzikp · #12 Příspěvek od **honzikp** » 02 úno 2015 16:53

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by Jan at 2015-02-02 16:39:53 Run:2
Running from C:\Users\Jan\Desktop
Loaded Profiles: Jan (Available profiles: UpdatusUser & Jan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Run: [Zoner Photo Studio Autoupdate] => C:\Program Files\Zoner\Photo Studio 16\Program32\ZPSTRAY.EXE [833024 2014-06-16] (ZONER software)
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\MountPoints2: {b10dcb58-a64d-11e4-826b-18cf5e5835d1} - "E:\Setup.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3382074861-2756563583-1283812587-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3382074861-2756563583-1283812587-1002 -> {10E10DB2-5E75-4F8D-A347-064404C40F0E} URL =
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
CHR DefaultSuggestURL: Profile 5 -> https://www.google.com/complete/search? ... earchTerms}
CHR Extension: (SourceApp) - C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\imbgpkjmflneoofikpcpiilpkjebkfla [2015-01-27]
CHR HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path

2015-02-02 15:42 - 2015-02-02 15:42 - 00112640 _____ (forum.viry.cz) C:\Users\Jan\Desktop\FRSTLauncher.exe
2015-02-02 13:20 - 2015-02-02 13:24 - 00000000 ____D () C:\AdwCleaner
2015-02-02 13:19 - 2015-02-02 13:19 - 02194432 _____ () C:\Users\Jan\Desktop\adwcleaner_4.109.exe
2015-02-02 10:52 - 2015-02-02 10:52 - 00000000 ____D () C:\rsit
2015-02-02 10:52 - 2015-02-02 10:52 - 00000000 ____D () C:\Program Files\trend micro
2015-02-02 10:51 - 2015-02-02 10:51 - 01222144 _____ () C:\Users\Jan\Desktop\RSITx64.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Hosts:
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GoShortCut => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => Key not found.
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Zoner Photo Studio Autoupdate => Value not found.
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value not found.
"HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b10dcb58-a64d-11e4-826b-18cf5e5835d1}" => Key deleted successfully.
HKCR\CLSID\{b10dcb58-a64d-11e4-826b-18cf5e5835d1} => Key not found.
"C:\windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-3382074861-2756563583-1283812587-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{10E10DB2-5E75-4F8D-A347-064404C40F0E} => Key not found.
HKCR\CLSID\{10E10DB2-5E75-4F8D-A347-064404C40F0E} => Key not found.
Firefox DefaultSearchUrl deleted successfully.
Chrome DefaultSuggestURL not detected.
C:\Users\Jan\AppData\Local\Google\Chrome\User Data\Default\Extensions\imbgpkjmflneoofikpcpiilpkjebkfla directory not found.
HKU\S-1-5-21-3382074861-2756563583-1283812587-1002\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => Key not found.
"C:\Users\Jan\Desktop\FRSTLauncher.exe" => File/Directory not found.
"C:\AdwCleaner" => File/Directory not found.
"C:\Users\Jan\Desktop\adwcleaner_4.109.exe" => File/Directory not found.
"C:\rsit" => File/Directory not found.
"C:\Program Files\trend micro" => File/Directory not found.
"C:\Users\Jan\Desktop\RSITx64.exe" => File/Directory not found.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 347.2 MB temporary data.

The system needed a reboot.

==== End of Fixlog 16:40:09 ====

#13 Příspěvek od **altrok** » 02 úno 2015 17:11

Ted je po virove strance cisto, takze jeste uklidime cistici nastroje.

Stahnete a spustte DelFix - https://toolslib.net/downloads/viewdownload/2-delfix/
Oznacte jen moznost "Remove disinfection tools"
kliknete na Run

Az bude cas, tak napr. pres noc tam pustte chkdsk

Start -> Vsechny programy -> Prislusenstvi -> pravej klik na Prikazovy radek a Spustit jako spravce

vepiste chkdsk /r
enter a restartujte PC
tato kontrola a opravovani probihaji pred nactenim OS a trvaji az nekolik hodin

Po chkdsku bych rad videl novy log z CDI (CrystalDisk Info) a az bude cas, pustte tam sken z HD Tune... toto vezme cca 2 hodiny, ale s PC se da (byt pomaleji) pracovat.

Nainstalujte a spustte HD Tune - http://www.hdtune.com/files/hdtune_255.exe

Prejdete na zalozku Health a zkontrolujte, ze je ve sloupecku Status vsude hodnota OK a dole sviti zelene Health status: OK
Na zalozce Error Scan kliknete na Start. Po dokonceni testu udelejte screen a prilozte ho k dalsi odpovedi.

Toto jsou vsechno veci (krome snahy chkdsku), ktere situaci nevylepsi, ale daji detailnejsi informace o stavu disku.

honzikp · #14 Příspěvek od **honzikp** » 02 úno 2015 18:34

Děkuji za pomoc, chdisk spustím dnes přes noc a Crystal Disk zítra a vložím výsledek. Problém s diskem na 2 měsíce starém počítači mne děsí

Uvidím co dál. Ještě jednou díky.
Honza

#15 Příspěvek od **altrok** » 02 úno 2015 21:19

Nemate zac, zitra se ozvete...

Vy mate Win 8.1 a navod na chkdsk je psany pro Win 7... ve Vasem pripade spustte prikazovy radek nasledovne:
Win + X (klavesa Win je mezi levym Ctrl a levym Altem) a vyberte moznost Prikazovy radek (spravce)

VIRY.CZ

Preventivní kontrola

Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola

Re: Preventivní kontrola