Prosím o kontrolu logu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

ADA64
nováček
Příspěvky: 33
Registrován: červen 16
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod ADA64 » 30 kvě 2017 22:04

4) a
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-05-2017
Ran by JAG (30-05-2017 20:48:46)
Running from C:\Users\JAG\Desktop
Windows 10 Pro Version 1607 (X64) (2016-08-26 09:05:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-377955874-304036406-2546264200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-377955874-304036406-2546264200-503 - Limited - Disabled)
Guest (S-1-5-21-377955874-304036406-2546264200-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-377955874-304036406-2546264200-1002 - Limited - Enabled)
JAG (S-1-5-21-377955874-304036406-2546264200-1000 - Administrator - Enabled) => C:\Users\JAG

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security 10.0.390.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personální firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 21.2.1 - HP Inc.) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.20) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Alcor Micro Smart Card Reader Driver (x32 Version: 1.7.45.1 - Alcor Micro Corp.) Hidden
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{185db067-38cd-4521-a43e-c39b96ee1389}) (Version: 19.50.1 - Intel Corporation)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Apple Mobile Device Support (HKLM\...\{0A596141-97D5-45FA-9281-98DFAF48D579}) (Version: 10.3.2.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Balíček ovladače systému Windows - Cambridge Silicon Radio (CSRBC) USB (10/26/2012 2.4.0.0) (HKLM\...\20C7EDA3129B3FF8F72F9BF59252B718B554FBDC) (Version: 10/26/2012 2.4.0.0 - Cambridge Silicon Radio)
Balíček ovladače systému Windows - Plantronics, Inc. (usbser.ntamd64) Ports (04/21/2009 5.1) (HKLM\...\07AFE62D73C8799E9E5689F86FB9F48389717BA3) (Version: 04/21/2009 5.1 - Plantronics, Inc.)
Balíček ovladače systému Windows - SuperTooth Hands Free Kit DFU driver (02/09/2016 2.4.0.7) (HKLM\...\2517ADEBF91C46544B723681D0D421F4712E905F) (Version: 02/09/2016 2.4.0.7 - SuperTooth)
Balíček ovladače systému Windows - SuperTooth Hands Free Kit DFU driver (05/31/2016 2.4.0.8) (HKLM\...\FB0FBB65486B6831D73661ED08602522B7317206) (Version: 05/31/2016 2.4.0.8 - SuperTooth)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
calibre 64bit (HKLM\...\{25F3B6EB-16FD-435C-9546-B6B3D2C5D8D0}) (Version: 2.79.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Connect2 (HKLM-x32\...\Connect2_is1) (Version: 4.2.0.3818 - Lenovo)
CrystalDiskInfo 7.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.5 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dot4 (HKLM\...\{3EEDA265-C6F3-4EC1-A317-1C9315DEDDDE}) (Version: 1.0.0.0 - HP)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.81.0000 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON L550 Series Printer Uninstall (HKLM\...\EPSON L550 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
ESET Smart Security (HKLM\...\{7B931A02-53C9-42BA-BA69-327A1BDD16D1}) (Version: 10.0.369.1 - ESET, spol. s r.o.)
Falcon 4.0 (HKLM-x32\...\Falcon 4.0) (Version: - )
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppQFolderCM1312 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{5B1A59DA-D1EC-4C3A-A996-DF011A0A9668}) (Version: 6.2.2.39 - Apple Inc.)
Inst5676 (Version: 8.01.57 - Softex Inc.) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 20.1 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.3.60 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{3F5D407B-86F5-4CA5-8F83-7C00BBB69080}) (Version: 5.1.23.0 - Intel Corporation)
Intel(R) Wireless Bluetooth(R)(patch version 17.1.1450.402) (HKLM\...\{302600C1-6BDF-4FD1-1411-148929CC1385}) (Version: 17.1.1411.0502 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.33 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Interphone Menu (HKLM-x32\...\{F21D9811-BBC4-4DAC-8B18-651F9A74AD82}) (Version: 6.4.04 - Interphone)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
iTunes (HKLM\...\{F0C7385A-9D20-45F3-8101-05D383885180}) (Version: 12.6.1.25 - Apple Inc.)
Lenovo Active Protection System (Version: 1.82.00.07 - Lenovo) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.20 - Lenovo)
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.18.0 - Lenovo)
Lenovo Mobile Broadband Activation (HKLM-x32\...\{A95D9DF7-CF34-421A-A1DC-936A49A4DAEA}) (Version: 4.6.0004.00 - Lenovo Group Limited)
Lenovo Moto Smart Assistant (HKLM-x32\...\{C050AF2D-DD41-455E-A65E-628637B4A9CC}) (Version: 3.0.0.6 - Lenovo)
Lenovo Mouse Suite (HKLM\...\MouseSuite98) (Version: 6.74 - Lenovo)
Lenovo On Screen Display (Version: 8.86.06 - Lenovo) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (Version: 1.67.12.24 - Lenovo) Hidden
Lenovo PowerENGAGE (HKLM-x32\...\{15B15395-FF53-44E1-ADAD-FCC279E3CA10}) (Version: 2.51.0040 - Lenovo Inc.)
Lenovo QuickControl (HKLM-x32\...\{04128C8C-7812-4DCC-816E-9C8AB1D6EECE}) (Version: 2.40 - Lenovo Group Limited)
Lenovo Service Bridge (HKU\S-1-5-21-377955874-304036406-2546264200-1000\...\dda9ca0b023f4c56) (Version: 1.6.6.0 - Lenovo)
Lenovo Settings – Power (x32 Version: 2.00.000 - Lenovo) Hidden
Lenovo Solution Center (HKLM\...\{AFDE512F-7BCD-46B6-91C0-230812139EEF}) (Version: 3.4.002.006 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.076.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0053 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0009.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Message Center Plus (HKLM\...\{EE4D9822-C7F3-4386-8703-889CDDA22FAA}) (Version: 3.4.0001.00 - Lenovo Group Limited)
Metric Collection SDK (x32 Version: 1.1.0008.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office 2010 pro podnikatele (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-377955874-304036406-2546264200-1000\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Milestone XProtect Smart Client 2014 (64-bit) (HKLM\...\{2DAA8349-5698-4F3F-B634-F31AE3159CC6}) (Version: 9.0.1.510 - Milestone Systems A/S)
Milestone XProtect Smart Client 2014 (64-bit) (Version: 9.0.1.510 - Milestone Systems A/S) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 48.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 48.0.1 (x86 cs)) (Version: 48.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.1 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 45.8.0 (x86 cs)) (Version: 45.8.0 - Mozilla)
NetSpot (HKU\S-1-5-21-377955874-304036406-2546264200-1000\...\a6e43da6e76c5494) (Version: 1.0.0.334 - Etwok LLC)
Nitro Pro (HKLM\...\{DFC74C3C-2BA0-496F-BA23-D08D4E246F46}) (Version: 11.0.1.16 - Nitro)
OldMHUUninstaller (x32 Version: 3.2.0.0 - Plantronics, Inc.) Hidden
OldMHUUninstallerMSI (x32 Version: 3.2.0.0 - Plantronics, Inc.) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Plantronics Hub Software (HKLM-x32\...\{f8ba0898-296f-4924-8307-398ef8a8470c}) (Version: 3.9.51725.1341 - Plantronics, Inc.)
Plantronics Hub Software (Version: 3.9.51725.1341 - Plantronics, Inc.) Hidden
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{E92BB800-BCC5-4C25-8102-AC2C3B7C7C1E}) (Version: 5.5 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{9C912B1E-06DD-43EF-BB2B-45CB2C88BAAE}) (Version: 5.5 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21247 - Realtek Semiconductor Corp.)
RTL Winter Sports 2008 (Demo) (HKLM-x32\...\RTL Winter Sports 2008 (Demo)) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
Sierra Wireless EM7345 4G LTE Software (HKLM-x32\...\SWIIntelDrvInstaller) (Version: 2.32.10970.4625 - Sierra Wireless, Inc.)
Ski Challenge 2008 (HKU\S-1-5-21-377955874-304036406-2546264200-1000\...\SC08-CAN_MAIN) (Version: - )
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.6.0 - Sophos Limited)
Spotify (HKU\S-1-5-21-377955874-304036406-2546264200-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
SuperTooth Update (HKLM-x32\...\{FAC31E4D-67DC-4E12-9184-CFCB7D4B288F}) (Version: 1.0.16 - SuperTooth)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: - )
Synaptics WBF DDK 5011 (Advanced) (HKLM\...\{9C7B6DA0-852C-46DB-8D8C-F8B25C7F1354}) (Version: 4.5.507.0 - Synaptics)
Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - )
Synology Cloud Station Backup (remove only) (HKLM\...\Synology Cloud Station Backup) (Version: 4.2.4.4393 - Synology, Inc.)
Synology Photo Station Uploader (remove only) (HKLM-x32\...\Photo Station Uploader) (Version: 1.4.0.080 - Synology)
Telegram Desktop version 1.1.2 (HKU\S-1-5-21-377955874-304036406-2546264200-1000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.1.2 - Telegram Messenger LLP)
ThinkPad Settings Dependency (HKLM\...\{08515684-CE49-47EF-B509-326A2E91BC5C}_is1) (Version: 3.0.1.48 - Lenovo)
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 7.14.1114.2014 - Lenovo)
ThinkVantage Password Manager (HKLM-x32\...\{70EE2BAA-F82A-4B8A-950E-649EFD64D5B9}) (Version: 4.70.2.0 - Lenovo Group Limited)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0a - Ghisler Software GmbH)
Verizon Wireless Mobile Broadband Self Activation (HKLM-x32\...\{193CA6A6-E735-40B1-AA92-F611B291792C}) (Version: 3.2.2 - Smith Micro Software, Inc.)
Vision32 (HKLM\...\Vision32_is1) (Version: - Vision Praha s.r.o.)
Vision32 (HKLM-x32\...\Vision32_is1) (Version: - Vision Praha s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Driver Package - Intel (e1dexpress) Net (07/15/2014 12.12.50.7202) (HKLM\...\9831220A78BC6CDB16870D8F80FF2AB41814019A) (Version: 07/15/2014 12.12.50.7202 - Intel)
Windows Driver Package - Intel Corporation (iaStorA) HDC (11/06/2014 13.6.0.1002) (HKLM\...\55320B67E6FF26D5CF6A352973677B5A68BD028B) (Version: 11/06/2014 13.6.0.1002 - Intel Corporation)
Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03) (HKLM\...\FA3F6F3D6E8958FDDEE1E09CC77DFA71B0D7835A) (Version: 11/07/2014 1.67.09.03 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wise Folder Hider Pro (HKLM-x32\...\Wise Folder Hider Pro_is1) (Version: 3.41 - WiseCleaner.com, Inc.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.72.0.388 - Zemana Ltd.)
Zoner Photo Studio 17 (HKLM\...\ZonerPhotoStudio17_CZ_is1) (Version: 17.0.1.12 - ZONER software)
Zoner Photo Studio 18 (HKLM\...\ZonerPhotoStudio18_SK_is1) (Version: 18.0.1.10 - ZONER software)
Zoner Photo Studio X (HKLM\...\ZonerPhotoStudioX_CZ_is1) (Version: 19.1610.2.7 - ZONER software)



Reklama
ADA64
nováček
Příspěvky: 33
Registrován: červen 16
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod ADA64 » 30 kvě 2017 22:05

4) b
==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-377955874-304036406-2546264200-1000_Classes\CLSID\{08e43923-4959-4026-b19d-802f3f7c3472}\InprocServer32 -> C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0398706F-E140-4237-926B-86C5F3E9BF8B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {051036C9-5035-4921-8A61-1682852FD63C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {08A57219-4F8E-4C95-AB47-B7FBAB55EA02} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\JAG\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {09F1D2F5-911F-4B7C-A868-8114BDFA0B01} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {10372C58-C97F-43DE-9207-5C99BF4FC5BD} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {1316FB4D-D374-40DF-9088-6247C2E1C3D9} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {156D1F72-EE98-47D9-BFEB-E0BB77753F0A} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {157D196F-A1BF-4291-973C-6723A9A7101C} - System32\Tasks\TVT\LaunchFR => C:\Program Files (x86)\Lenovo\Factory Recovery\FRReminder.exe
Task: {16FED8F4-E9BA-44F9-8C1A-8D195FD43E6C} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-06-24] (Realtek Semiconductor)
Task: {17A4AEA5-57F6-4F42-BCE7-A88E7654B867} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {17B3E039-BC50-4005-95C3-E4EFE8C7F7E0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {1A89B67F-49E7-40ED-BBC7-1B34D97ACA5D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {1A8F9B0B-3C5A-4796-826A-6F59D9286594} - System32\Tasks\TVT\UpdateRnR => C:\Program Files (x86)\Common Files\LENOVO\Scheduler\tvtsetsched.exe [2013-03-11] ()
Task: {1F54DF3C-87D5-43B0-839D-AFD29B2BF190} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2A9CB976-F674-4A94-9983-4EF10ED3ED89} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2BE3B392-18B2-4BCD-AF7F-80670AC908F3} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {2E8968DF-27A0-46E6-87C5-7C002D4F8394} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {36386059-E7C1-4501-B8DB-5C9D9DED3AD4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\4ba5ac09-caae-419b-b8d9-bb910e727445 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-04-25] (Lenovo Group Limited)
Task: {37BEA6C7-A5BE-452B-AAB9-744870436662} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {37EFD5FD-0404-4551-8133-53806A5B0ECC} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {383A1014-5DE5-463A-8F92-337DB31BB713} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {38457DFF-2A2F-4E4E-8F85-6C33C5EC5656} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {389DA856-48A3-41C4-B0B5-789C97433F6D} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {38B50C3A-2F96-4014-A9AB-8995196D5AF7} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {395779B6-98C7-4246-A0B3-6169ADDF0751} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {3A654804-B066-47ED-BC47-1765A4A8F24D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {3C4A9E89-4A6C-481A-B37F-5C72C653ABDA} - System32\Tasks\GridinSoft Anti-Malware => C:\Program Files\GridinSoft Anti-Malware\gsam.exe
Task: {3D788925-9206-4136-A70B-676DF9712849} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {492C4BF8-B884-4899-9A83-39F6806F9B99} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {49AE270B-1F25-4403-809B-2ED7E50601FE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5937493D-C173-4A9C-8E5B-3EFF6DFD68ED} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => Sc.exe START ImControllerService
Task: {5B532639-4871-4E4E-83A5-1DD18C11FB79} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {5F39D2D1-B8C0-4D22-990C-0DBF115350EB} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {60729402-4B55-4A70-BB24-F0E047EA4526} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {626F2915-D495-4CB1-8A34-6589054E8187} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe [2017-05-11] (Adobe Systems Incorporated)
Task: {63DF35D6-FCF0-48D4-8BDF-57AB145EFE24} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {64651655-BA2C-437A-AB15-C803D6489012} - \Lenovo\Lenovo Service Bridge\S-1-5-21-377955874-304036406-2546264200-1000 -> No File <==== ATTENTION
Task: {648FB4E5-4B05-41D6-8698-79B70216C4B9} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\d2496a78-0516-4e03-8c0e-e8fa9e5bc6d5 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2017-04-25] (Lenovo Group Limited)
Task: {670B74BE-D3D1-4723-8249-36AAFE5179FB} - System32\Tasks\Lenovo\Message Center Plus Launcher => C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe [2015-03-23] (Lenovo)
Task: {677C3EAF-7397-454B-A6DC-9EA64DAC3061} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => %ProgramFiles%\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {6BF5FDA7-226C-43DE-8F2B-0E0BDEE717FC} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-12-07] (Lenovo)
Task: {6CF9A59C-2635-47BB-BC63-CDE87404C470} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {6D6785C3-2118-437A-8016-2613D6EAFE8A} - \WiseCleaner\WFHProSkipUAC -> No File <==== ATTENTION
Task: {7C3B6E64-C83E-4620-8FB7-B3A449B34489} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {7D893781-4E61-42C4-B02F-6FC0238129AC} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-06-24] (Realtek Semiconductor)
Task: {803D5B07-083E-4530-BA72-9886455AA1DD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {8242F399-3CBF-43B3-9863-653DCA62E3F9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {82F8BBB6-6DC3-4250-8E21-F0E72472DC88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-24] (Google Inc.)
Task: {83BF00D0-3044-4CC3-8684-0A590CB8A249} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {8A419DC5-9F57-4839-97DD-3823F53D2A72} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {8BF0998D-AB08-4469-BCBE-4B0A4C2B29B2} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-12-07] (Lenovo)
Task: {8DA503CA-312E-44EA-91E1-1406EAD28F64} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2017-05-09] ()
Task: {91AE54A4-993B-4C4A-9ACD-B0A76CBCBD4B} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {95530495-9D7E-4D05-9D2C-024EFA583980} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {95841C49-138E-4E39-8EB0-02270D3659FC} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-06-24] (Realtek Semiconductor)
Task: {9EA28D5E-461A-4A0E-97BE-F2B8AEDA15D9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {9F788B1F-04C6-4388-A568-267F3B8CFBFC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {A0A85B27-1816-41E7-8A91-DA0E0E048B84} - System32\Tasks\DolbySelectorTask => %ProgramFiles%\Dolby Digital Plus\ddp.exe
Task: {A870A2FC-06EA-454C-981B-DF100E016FF2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {B1B34104-FB14-45DD-B0E2-13F0A9E41A58} - System32\Tasks\RtsCM => C:\WINDOWS\RtsCM64.exe [2017-05-09] (Realtek Semiconductor Corp.)
Task: {B4414567-6DE2-4B4F-918A-B16A2758469B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {B71BE21E-DA45-4D72-A9E3-96DF760E9452} - System32\Tasks\Lenovo\Lenovo PowerENGAGE => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {BA3276CF-A02F-4943-B8E0-691A6C52455B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {BA5540AA-4FDA-49E7-8A26-69DF385A2F80} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\Windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {BCB2CFEF-9C9B-49E1-BC34-BC688D7E6F8A} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {BED109AC-532D-4913-8D42-CF8C30FE5443} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2016-12-07] ()
Task: {C6498D32-8460-424F-8A8E-FC08718CE2FC} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D30B60B1-761F-4FA4-A199-CDFB9D1C44CF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D4AF71D0-C576-406B-AC52-7529428DEABD} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D4E0DA21-BB0C-467A-938A-39CC7F65555F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {D9AAB681-6447-4AB9-B11A-DC1D12DFCCF8} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {D9DABF40-3F93-4DBB-8620-8BBF97448B87} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {DA714698-B9F8-4CF0-B8FE-4474FAADB6E6} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {DBF3C294-1F8A-465C-BF78-2E3C3181FE1B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {DD3D0DF9-45F3-4E2C-AB8C-091AE3EC8B2E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {DD749C41-B291-4FE4-9384-BF1A7A8CF048} - System32\Tasks\Lenovo\Lenovo PowerENGAGE Update => C:\Program Files (x86)\Lenovo Registration\lenovoreg.exe [2015-01-09] (Aviata Inc)
Task: {E1FCDBE6-FC1C-44EE-88F9-B2A14146840E} - \PMTask -> No File <==== ATTENTION
Task: {E329C9FF-6FD7-4BC6-8C58-6078034ECBD7} - System32\Tasks\Lenovo Active Protection System => C:\WINDOWS\system32\TpShUI.exe [2016-11-17] (Lenovo.)
Task: {E82E2F4B-E67C-41C9-B12D-5FAF402239A6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E8608961-DACB-4867-8231-C1727D0C5916} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-11] (Adobe Systems Incorporated)
Task: {EB8CE162-6884-4485-8A3E-08316F276CCF} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-12-07] (Lenovo)
Task: {ED1CD4A7-A32D-4AAB-A137-16704D3416E3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {EFAD4F22-91FF-4E74-BC1F-94E72A212BA1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Lenovo Active Protection System.job => TpShUI exe WORKGROUP JAG PC

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\JAG\Desktop\Jiri - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\JAG\AppData\Local\Google\Chrome\User Data\Spouštěč aplikací Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\JAG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Spouštěč aplikací Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\JAG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikace Chrome\Clicking Speed Test.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1" --app-id=ainfcnbaendflhcngeajchpabooflble
ShortcutWithArgument: C:\Users\JAG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Jiri - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\JAG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spouštěč aplikací Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --show-app-list
ShortcutWithArgument: C:\Users\JAG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Jiří - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-11 12:01 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-05 19:17 - 2016-10-05 19:17 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-10 10:55 - 2017-05-10 10:55 - 00287256 _____ () C:\Program Files (x86)\Synology\CloudStationBackup\bin\vss-service-x64.exe
2016-11-29 01:23 - 2016-11-29 01:23 - 00100080 _____ () C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\firmwareupdaterservice.exe
2015-05-19 09:11 - 2015-05-19 09:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
2017-05-25 19:31 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-09-14 16:35 - 2016-09-14 16:35 - 00418496 _____ () C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe
2016-09-14 16:35 - 2016-09-14 16:35 - 02735296 _____ () C:\Program Files\Nitro\Pro 11\Nitro_KissMetrics.dll
2015-12-13 00:29 - 2015-07-09 12:17 - 00184088 _____ () C:\Program Files\Lenovo\Lenovo Mouse Suite\Service\PelService.exe
2016-03-18 07:41 - 2016-03-18 07:41 - 00248840 _____ () C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
2016-11-29 01:23 - 2016-11-29 01:23 - 00564464 _____ () C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareApp.exe
2017-05-26 14:56 - 2017-04-28 08:03 - 00200056 _____ () C:\Program Files (x86)\ThinkPad\Utilities\CZ\PWMRT64V.DLL
2016-09-19 00:19 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-16 00:43 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-16 00:43 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-16 00:43 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-16 00:43 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-11 12:01 - 2017-04-28 01:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-11 12:01 - 2017-04-28 01:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-20 20:18 - 2014-10-21 11:29 - 00601376 _____ () C:\Program Files\Lenovo\Password Manager\pwm_website_config.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-05-09 03:05 - 2017-05-09 03:05 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2017-05-19 20:17 - 2017-05-19 20:17 - 00065536 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2017-05-24 22:34 - 2017-03-25 16:26 - 00089960 _____ () C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
2017-05-26 03:04 - 2017-05-26 03:05 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-26 03:04 - 2017-05-26 03:05 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-26 03:04 - 2017-05-26 03:05 - 43202048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-26 03:04 - 2017-05-26 03:05 - 02442752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.16.595.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-16 09:29 - 2017-05-09 18:55 - 00023416 _____ () C:\Program Files (x86)\Lenovo\System Update\SUService.exe
2017-05-24 22:34 - 2017-03-25 16:28 - 00954216 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00331632 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00253808 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00143208 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00360296 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00040808 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00495472 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00081776 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00089960 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00073584 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00298856 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00978800 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00339816 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00171888 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00130920 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2017-05-24 22:34 - 2017-03-25 16:28 - 00724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2017-05-24 22:34 - 2015-05-21 14:32 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00114536 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00266088 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2017-05-24 22:34 - 2017-03-25 16:27 - 00188264 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2015-08-29 15:00 - 2011-08-02 21:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2015-08-29 15:00 - 2011-08-02 21:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2015-06-24 01:07 - 2015-06-24 01:07 - 01243936 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-21 11:26 - 2014-10-21 11:26 - 00546592 _____ () C:\Program Files (x86)\Lenovo\Password Manager\pwm_website_config.dll
2017-05-30 20:40 - 2017-05-30 20:40 - 00098816 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32api.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00110080 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\pywintypes27.dll
2017-05-30 20:40 - 2017-05-30 20:40 - 00364544 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\pythoncom27.dll
2017-05-30 20:40 - 2017-05-30 20:40 - 00320512 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32com.shell.shell.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00914432 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\_hashlib.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 01176576 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\wx._core_.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00806400 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\wx._gdi_.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00816128 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\wx._windows_.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 01067008 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\wx._controls_.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00733184 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\wx._misc_.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00682496 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\pysqlite2._sqlite.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00088064 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\_ctypes.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00686080 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\unicodedata.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00119808 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32file.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00108544 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32security.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00007168 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\hashobjs_ext.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00017920 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\thumbnails_ext.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00088064 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\usb_ext.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00012800 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\common.time34.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00018432 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32event.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00167936 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32gui.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00046080 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\_socket.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 01303552 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\_ssl.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00128512 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\_elementtree.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00127488 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\pyexpat.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00038912 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32inet.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00036864 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\_psutil_windows.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00524248 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\windows._lib_cacheinvalidation.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00011264 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32crypt.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00123392 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\wx._wizard.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00077312 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\wx._html2.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00027648 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\_multiprocessing.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00020480 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\_yappi.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00035840 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32process.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00078848 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\wx._animate.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00024064 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32pipe.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00010240 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\select.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00025600 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32pdh.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00017408 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32profile.pyd
2017-05-30 20:40 - 2017-05-30 20:40 - 00022528 ____R () C:\Users\JAG\AppData\Local\Temp\_MEI106722\win32ts.pyd
2017-05-09 00:45 - 2017-05-09 00:45 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 00:44 - 2017-05-09 00:44 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-10-05 19:18 - 2016-10-05 19:18 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2016-12-08 16:38 - 2014-09-09 14:30 - 00603648 _____ () C:\Program Files\Zoner\Photo Studio 17\Program32\SpiderMonkey.dll
2017-01-30 12:52 - 2017-01-30 12:52 - 01926632 ____R () C:\Program Files (x86)\Skype\Phone\roottools.dll
2017-02-06 17:03 - 2017-02-06 17:03 - 63799296 _____ () C:\Program Files (x86)\Plantronics\Spokes3G\libcef.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 00123918 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\libgcc_s_dw2-1.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 01026062 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\libstdc++-6.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 00524460 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\libcurl-4.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 03036942 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\libsqlite3-0.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 01798570 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\icuuc53.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 00115214 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\zlib1.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 21565192 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\icudt53.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 03095505 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\icuin53.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 00712704 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\platforms\qwindows.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 00031744 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\imageformats\qgif.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 00046080 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\imageformats\qicns.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 00032768 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\imageformats\qico.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 00516608 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\imageformats\qjp2.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 00243200 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\imageformats\qjpeg.dll
2017-05-24 23:14 - 2017-05-24 23:14 - 00431616 _____ () C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\imageformats\qtiff.dll

ADA64
nováček
Příspěvky: 33
Registrován: červen 16
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod ADA64 » 30 kvě 2017 22:06

4) c
==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-05-28 16:56 - 00000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-377955874-304036406-2546264200-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^JAG^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk => C:\Windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk.Startup
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
MSCONFIG\startupreg: Daemon for Mouse Suite => C:\Program Files\Lenovo\Lenovo Mouse Suite\ICO.EXE 30
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: PWMTRV => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
MSCONFIG\startupreg: RtsCM => RTSCM64.EXE
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKU\S-1-5-21-377955874-304036406-2546264200-1000\...\StartupApproved\Run: => "Sidebar"
HKU\S-1-5-21-377955874-304036406-2546264200-1000\...\StartupApproved\Run: => "Spotify"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3EF7BD44-EA0F-4564-9AC6-35DCCE0DED04}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6A8CF3F5-0E44-49D8-9FA9-CA1EAF53C54C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D2519B61-41AD-490D-B1BF-61F5A9EB1DF7}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [TCP Query User{0FC2C9A4-EF47-45E9-A0C4-1590AEAA25BB}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{CA6C5BCF-C5F0-4989-864D-C65EA8F95C71}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{508C7FE6-2C27-42A5-928B-CC81930BF614}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{4947519F-C00F-4903-ABB6-CD84DCE88715}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{D9C214BF-6FC9-4D31-93BC-6CF5D9A7C98C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E37EC826-4728-48DA-94C6-4B9773AA6710}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FF4EF0F1-5920-4880-9C6E-58B72ACDD9B5}] => (Allow) LPort=2869
FirewallRules: [{2712B547-77EA-4971-ACC9-8828413BEA35}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{97B94CB4-A0AF-4D2B-A4D5-A041C3432748}C:\users\jag\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jag\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8739666B-76CF-4BBD-8331-E29D58818895}C:\users\jag\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\jag\appdata\roaming\spotify\spotify.exe
FirewallRules: [{CE8D986D-82BD-4BCB-8BC9-C9BC50948BD9}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{0D22CD7C-10F0-418F-93F3-9DDC594E582D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Converter Studio\Video Converter Studio.exe
FirewallRules: [{216EF30D-4411-45FB-9A84-188224850EDA}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe
FirewallRules: [{A92DECE7-9298-42B4-ABD2-6610B9D247B2}] => (Allow) C:\Program Files\Zoner\Photo Studio 17\Program32\MediaServer.exe
FirewallRules: [{3FA8AAB3-1EF4-45D0-B88E-E8DA4568488E}] => (Allow) C:\Program Files\Zoner\Photo Studio 18\Program32\MediaServer.exe
FirewallRules: [{FE193053-1938-43B6-8D9F-24D3DE7072E2}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{0E7163EE-9E84-4809-ABE5-EDE43A8DE149}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{E1EAF5E8-D73D-4FC6-B4AE-8F75B94C6A3B}] => (Allow) C:\Program Files (x86)\Lenovo\Connect2\Connect2.exe
FirewallRules: [{10EF6866-6B2E-4580-9A0A-20686E7865E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{06EA577E-DEA9-4F77-B1D5-F440D37599EF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{033852BF-6727-4EFA-B4AA-766AEEB7ED3F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{53F2B0F7-4891-4F14-A767-1612CD2EFE6D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4122B9CE-CCB9-49A1-832F-94CCE44038C4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{7477D3B4-304F-4656-9420-7921896FC223}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{F83E1ABD-32E1-46DE-B773-9A1315523894}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{84C14F5F-04BD-42B8-B55B-9559D80B40C7}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{A07D333E-85C0-4E7D-9283-B7FF96F105D3}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

28-05-2017 16:00:56 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2017 08:21:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {5d6b60b1-8219-4765-a1aa-06dd6efe7684}

Error: (05/30/2017 08:21:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {b161e3fa-987c-4337-aeb7-01076b31e29c}

Error: (05/30/2017 07:50:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {b161e3fa-987c-4337-aeb7-01076b31e29c}

Error: (05/30/2017 07:50:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {5d6b60b1-8219-4765-a1aa-06dd6efe7684}

Error: (05/30/2017 07:37:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {b161e3fa-987c-4337-aeb7-01076b31e29c}

Error: (05/30/2017 07:37:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {5d6b60b1-8219-4765-a1aa-06dd6efe7684}

Error: (05/30/2017 07:21:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {b161e3fa-987c-4337-aeb7-01076b31e29c}

Error: (05/30/2017 07:21:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {7e47b561-971a-46e6-96b9-696eeaa53b2a}
Název modulu pro zápis: MSMQ Writer (MSMQ)
Název instance zapisovače: MSMQ Writer (MSMQ)
ID instance modulu pro zápis: {5d6b60b1-8219-4765-a1aa-06dd6efe7684}

Error: (05/30/2017 07:20:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17062531

Error: (05/30/2017 07:20:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17062531


System errors:
=============
Error: (05/30/2017 08:42:11 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby ThinkVantage Registry Monitor Service bylo dosaženo časového limitu (30000 ms).

Error: (05/30/2017 08:40:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/30/2017 08:40:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/30/2017 08:40:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/30/2017 08:40:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
a APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (05/30/2017 08:40:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba WsAppService neuspěla při spuštění v důsledku následující chyby:
Systém nemůže nalézt uvedený soubor.

Error: (05/30/2017 08:39:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla při spuštění v důsledku následující chyby:
Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (05/30/2017 08:39:23 PM) (Source: DCOM) (EventID: 10010) (User: JAG-PC)
Description: Server {F9717507-6651-4EDB-BFF7-AE615179BCCF} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/30/2017 08:39:23 PM) (Source: DCOM) (EventID: 10010) (User: JAG-PC)
Description: Server {F9717507-6651-4EDB-BFF7-AE615179BCCF} se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/30/2017 07:20:43 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Na miniportu Sierra Wireless EM7345 4G LTE, {872799BA-FC8B-44B0-B6F1-E9EF7881A873}, došlo k události 71.


CodeIntegrity:
===================================
Date: 2017-05-30 20:47:09.756
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-30 20:47:09.754
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-30 20:46:09.424
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-30 20:46:09.421
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-30 20:46:05.560
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-30 20:46:05.557
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-30 20:45:49.709
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-30 20:45:49.704
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-30 20:45:44.768
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2017-05-30 20:45:44.765
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\ESET\ESET Smart Security\ekrn.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz
Percentage of memory in use: 28%
Total physical RAM: 12005.58 MB
Available physical RAM: 8641.25 MB
Total Virtual: 12773.58 MB
Available Virtual: 9267.78 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:459.53 GB) (Free:18.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:15.45 GB) (Free:4.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 1F4772FA)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=459.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=504 MB) - (Type=27)
Partition 4: (Not Active) - (Size=15.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37239
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 30 kvě 2017 23:27

Odinstaluj:
Sophos
Zemana Antimalware

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-377955874-304036406-2546264200-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: WSAllMyTubechrome - No CLSID Value
Handler: WSWSVCUchrome - No CLSID Value
FF Extension: (No Name) - C:\Users\JAG\AppData\Roaming\Mozilla\Firefox\Profiles\jp0977ax.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [not found]
FF Extension: (No Name) - C:\Users\JAG\AppData\Roaming\Mozilla\Firefox\Profiles\jp0977ax.default\extensions\anttoolbar@ant.com [not found]
CHR HKU\S-1-5-21-377955874-304036406-2546264200-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx
U3 aswMBR; C:\Users\JAG\AppData\Local\Temp\aswMBR.sys [62728 2017-05-30] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\JAG\AppData\Local\Temp\aswVmm.sys [224896 2017-05-30] () <==== ATTENTION
U3 idsvc; no ImagePath
C:\Users\JAG\AppData\Local\PeerDistRepub
C:\Users\JAG\AppData\Local\Resmon.ResmonCfg
C:\ProgramData\DP45977C.lfl
C:\ProgramData\hpzinstall.log
C:\ProgramData\mudtcpaz.vzs
C:\Users\JAG\AppData\Local\Temp\7za.exe
C:\Users\JAG\AppData\Local\Temp\DaS_21.exe
C:\Users\JAG\AppData\Local\Temp\hijackthis.exe
C:\Users\JAG\AppData\Local\Temp\NirCmd.exe
C:\Users\JAG\AppData\Local\Temp\PEVZ.EXE
C:\Users\JAG\AppData\Local\Temp\remove.exe
C:\Users\JAG\AppData\Local\Temp\sed.exe
C:\Users\JAG\AppData\Local\Temp\shortcut.exe
C:\Users\JAG\AppData\Local\Temp\swreg.exe
C:\Users\JAG\AppData\Local\Temp\swxcacls.exe
C:\Users\JAG\AppData\Local\Temp\wget.exe
C:\Users\JAG\AppData\Local\Temp\zoek-delete.exe

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

ADA64
nováček
Příspěvky: 33
Registrován: červen 16
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod ADA64 » 31 kvě 2017 22:25

1)
Sophos - odinstalováno

2)
Zemana Antimalware - odinstalace se kousla v momentě kdy se automaticky otevřelo okno Chromu, Chrom přestal reagoavat a odinstalátor nešel ukončit ani jako ukončit proces. Pomohl až restart, kdy se odinstalátor ukončil na trvrdo.
Po restartu už v seznamu programů Zemana Antimalware není, ale odinstalování neproběhlo korektně, tak nevím...

3)
Windows/system/drivers => 53337 B
Edge => 207814 B
Chrome => 793448928 B
Firefox => 1877258 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 10832 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 10752 B
LocalService => 8162532 B
NetworkService => 371702 B
JAG => 292596221 B
DefaultAppPool => 4176 B

RecycleBin => 0 B
EmptyTemp: => 1.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 31-05-2017 22:11:56)

C:\ProgramData\DP45977C.lfl => moved successfully

==== End of Fixlog 22:11:56 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37239
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 31 kvě 2017 23:43

script v FRST smazat pouze jeden soubor , zkus to udělat znovu v nouz. režimu.

3)
Windows/system/drivers => 53337 B
Edge => 207814 B
Chrome => 793448928 B
Firefox => 1877258 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 10832 B
Users => 0 B
ProgramData => 0 B

to je co?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

ADA64
nováček
Příspěvky: 33
Registrován: červen 16
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod ADA64 » 04 čer 2017 18:26

Zopakováno dle zadání v nouzovém režimu a zde fixlog, tentokrát celý, omlouvám se:

Fix result of Farbar Recovery Scan Tool (x64) Version: 02-06-2017
Ran by JAG (04-06-2017 18:17:54) Run:2
Running from C:\Users\JAG\Desktop
Loaded Profiles: JAG (Available Profiles: JAG)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
Start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-377955874-304036406-2546264200-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Handler: WSAllMyTubechrome - No CLSID Value
Handler: WSWSVCUchrome - No CLSID Value
FF Extension: (No Name) - C:\Users\JAG\AppData\Roaming\Mozilla\Firefox\Profiles\jp0977ax.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [not found]
FF Extension: (No Name) - C:\Users\JAG\AppData\Roaming\Mozilla\Firefox\Profiles\jp0977ax.default\extensions\anttoolbar@ant.com [not found]
CHR HKU\S-1-5-21-377955874-304036406-2546264200-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lpdfbkehegfmedglgemnhbnpmfmioggj] - hxxps://clients2.google.com/service/update2/crx
U3 aswMBR; C:\Users\JAG\AppData\Local\Temp\aswMBR.sys [62728 2017-05-30] () [File not signed] <==== ATTENTION
U3 aswVmm; C:\Users\JAG\AppData\Local\Temp\aswVmm.sys [224896 2017-05-30] () <==== ATTENTION
U3 idsvc; no ImagePath
C:\Users\JAG\AppData\Local\PeerDistRepub
C:\Users\JAG\AppData\Local\Resmon.ResmonCfg
C:\ProgramData\DP45977C.lfl
C:\ProgramData\hpzinstall.log
C:\ProgramData\mudtcpaz.vzs
C:\Users\JAG\AppData\Local\Temp\7za.exe
C:\Users\JAG\AppData\Local\Temp\DaS_21.exe
C:\Users\JAG\AppData\Local\Temp\hijackthis.exe
C:\Users\JAG\AppData\Local\Temp\NirCmd.exe
C:\Users\JAG\AppData\Local\Temp\PEVZ.EXE
C:\Users\JAG\AppData\Local\Temp\remove.exe
C:\Users\JAG\AppData\Local\Temp\sed.exe
C:\Users\JAG\AppData\Local\Temp\shortcut.exe
C:\Users\JAG\AppData\Local\Temp\swreg.exe
C:\Users\JAG\AppData\Local\Temp\swxcacls.exe
C:\Users\JAG\AppData\Local\Temp\wget.exe
C:\Users\JAG\AppData\Local\Temp\zoek-delete.exe

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-377955874-304036406-2546264200-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKCR\PROTOCOLS\Handler\WSAllMyTubechrome => key not found.
HKCR\PROTOCOLS\Handler\WSWSVCUchrome => key not found.
C:\Users\JAG\AppData\Roaming\Mozilla\Firefox\Profiles\jp0977ax.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi => not found.
C:\Users\JAG\AppData\Roaming\Mozilla\Firefox\Profiles\jp0977ax.default\extensions\anttoolbar@ant.com => not found.
HKU\S-1-5-21-377955874-304036406-2546264200-1000\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpdfbkehegfmedglgemnhbnpmfmioggj => key removed successfully
aswMBR => service not found.
aswVmm => service not found.
idsvc => service not found.
C:\Users\JAG\AppData\Local\PeerDistRepub => moved successfully
"C:\Users\JAG\AppData\Local\Resmon.ResmonCfg" => not found.
C:\ProgramData\DP45977C.lfl => moved successfully
"C:\ProgramData\hpzinstall.log" => not found.
"C:\ProgramData\mudtcpaz.vzs" => not found.
"C:\Users\JAG\AppData\Local\Temp\7za.exe" => not found.
"C:\Users\JAG\AppData\Local\Temp\DaS_21.exe" => not found.
"C:\Users\JAG\AppData\Local\Temp\hijackthis.exe" => not found.
"C:\Users\JAG\AppData\Local\Temp\NirCmd.exe" => not found.
"C:\Users\JAG\AppData\Local\Temp\PEVZ.EXE" => not found.
"C:\Users\JAG\AppData\Local\Temp\remove.exe" => not found.
"C:\Users\JAG\AppData\Local\Temp\sed.exe" => not found.
"C:\Users\JAG\AppData\Local\Temp\shortcut.exe" => not found.
"C:\Users\JAG\AppData\Local\Temp\swreg.exe" => not found.
"C:\Users\JAG\AppData\Local\Temp\swxcacls.exe" => not found.
"C:\Users\JAG\AppData\Local\Temp\wget.exe" => not found.
"C:\Users\JAG\AppData\Local\Temp\zoek-delete.exe" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 34012795 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 126739 B
Edge => 0 B
Chrome => 211387270 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 3266 B
NetworkService => 0 B
JAG => 151698980 B
DefaultAppPool => 0 B

RecycleBin => 203147993 B
EmptyTemp: => 572.6 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:18:13 ====

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37239
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 04 čer 2017 19:45

Vlož nový log z HJT + informuj o problémech.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

ADA64
nováček
Příspěvky: 33
Registrován: červen 16
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod ADA64 » 04 čer 2017 21:34

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:23:33, on 4.6.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 48.0.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareApp.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_desktop.exe
C:\Program Files (x86)\Lenovo\Password Manager\pwm_ie_helper_metro.exe
C:\Program Files (x86)\Lenovo\Password Manager\password_manager.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\JAG\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\JAG\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTray.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Plantronics\Spokes3G\PLTHub.exe
C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\cloud-backup-ui.exe
C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe
C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\cloud-backup-connect.exe
C:\Users\JAG\AppData\Local\CloudStationBackup\CloudStation.app\bin\cloud-backup-daemon.exe
C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
C:\Program Files (x86)\Lenovo\message center plus\mcplaunch.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Users\JAG\Desktop\HijackThis (1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" "C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" 60
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [DelaypluginInstall] C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
O4 - HKLM\..\Run: [PLTHub.exe] C:\Program Files (x86)\Plantronics\Spokes3G\PLTHub.exe -min
O4 - HKLM\..\Run: [ABNotify] C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [OneDrive] "C:\Users\JAG\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\JAG\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\JAG\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] "C:\Program Files\Zoner\Photo Studio 17\Program32\ZPSTRAY.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [XperiaCompanionAgent] "C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: Synology Cloud Station Backup.lnk = C:\Program Files (x86)\Synology\CloudStationBackup\bin\launcher.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://help.eset.com (HKLM)
O15 - ESC Trusted Zone: http://*.connectify.me
O15 - ESC Trusted Zone: http://*.fastspring.com
O15 - ESC Trusted Zone: http://help.eset.com (HKLM)
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: WSAllMyTubechrome - (no CLSID) - (no file)
O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AOMEI Backupper Scheduler Service (Backupper Service) - AOMEI Tech Co., Ltd. - C:\Program Files (x86)\AOMEI Backupper\ABService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cloud Station Backup VSS Service x64 - Unknown owner - C:\Program Files (x86)\Synology\CloudStationBackup\bin\vss-service-x64.exe
O23 - Service: Connect2 Hotspot Service (connect2hotspot) - Lenovo - C:\Program Files (x86)\Lenovo\Connect2\Connect2.Service.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: EpsonCustomerResearchParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Firmware Updater Service (FirmwareUpdaterService) - Unknown owner - C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\firmwareupdaterservice.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: @oem189.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: @oem181.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: System Interface Foundation Service (ImControllerService) - Lenovo Group Limited - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Lenovo EasyPlus Hotspot - Lenovo - C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe
O23 - Service: Lenovo EasyResume Service (Lenovo Instant On) - Lenovo Group Limited - C:\Program Files\Lenovo\InstantOn\InstantOnSrv.exe
O23 - Service: Lenovo Camera Mute (LENOVO.CAMMUTE) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Lenovo Keyboard Noise Reduction (LENOVO.TPKNRSVC) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
O23 - Service: Lenovo Virtual Camera Controller (LENOVO.TVTVCAM) - Lenovo Group Limited - C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
O23 - Service: Lenovo Auto Scroll (Lenovo.VIRTSCRLSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
O23 - Service: PowerENGAGE Maintenance Service (LenovoProdRegManager) - Aviata, Inc. - C:\Program Files (x86)\Lenovo Registration\EngageService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: lnvDiscoveryWinSvc - Lenovo - C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
O23 - Service: @oem189.inf,%Lenovo.svcDesc1%;Lenovo Platform Service (LPlatSvc) - Unknown owner - C:\WINDOWS\system32\LPlatSvc.exe (file missing)
O23 - Service: Lenovo Solution Center System Service (LSC.Services.SystemService) - Lenovo - C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool11 (NitroDriverReadSpool11) - Nitro Software, Inc. - C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe
O23 - Service: NitroUpdateService - Unknown owner - C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\SysWOW64\NLSSRV32.EXE
O23 - Service: Session Launcher Service (PelService) - Unknown owner - C:\Program Files\Lenovo\Lenovo Mouse Suite\Service\PelService.exe
O23 - Service: Plantronics Update Service (PlantronicsUpdateService) - Plantronics, Inc. - C:\Program Files (x86)\Plantronics\Spokes3G\SpokesUpdateService.exe
O23 - Service: Lenovo Settings Power Service (Power Manager DBC Service) - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Lenovo QuickControl Master Service (QuickControlMasterSvc) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe
O23 - Service: Lenovo QuickControl Service (QuickControlService) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: System Update (SUService) - Unknown owner - C:\Program Files (x86)\Lenovo\System Update\SUService.exe
O23 - Service: Sierra Wireless Service (SwiService) - Sierra Wireless, Inc. - C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\WINDOWS\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: UsbClientService - Unknown owner - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
O23 - Service: @oem7.inf,%WBFService_SvcDesc%;Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\WINDOWS\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @oem7.inf,%BioSyncService_SvcDesc%;BiometricSensorDataSynchronization (valWbioSyncSvc) - Unknown owner - C:\WINDOWS\system32\valWbioSyncSvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Wondershare Application Framework Service (WsAppService) - Unknown owner - C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe (file missing)
O23 - Service: Služba Xperia Companion (XperiaCompanionService) - Sony - C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 20536 bytes


WMI provider host jede pořád a stále vytěžuje procesor v rozmezí 6-15% :-(

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37239
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Prosím o kontrolu logu

Příspěvekod jaro3 » 05 čer 2017 09:32

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O18 - Protocol: WSAllMyTubechrome - (no CLSID) - (no file)
O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)


Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore)
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem.Jinak je zpráva zde:
v C: \ DelFix.txt


zkus tenhle návod:
https://answers.microsoft.com/en-us/win ... a4b?page=2
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 1 host