Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

jan.jirek · Příspěvekod **jan.jirek** » 07 říj 2015 22:01

Ahoj, poslední týden pozoruji, že mi NOD odstraňuje nějaký vir z počítač. Nemohu se ho ale zbavit. Do té složky se dostanu, jen nevím jestli ji mám třeba smazat, nebo ne. Díky za rady.
Odkaz na printscreen.
http://prntscr.com/8oqaga

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:59:22, on 07.10.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Honza\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Honza\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9451 bytes

Reklama

Příspěvekod **Orcus** » 07 říj 2015 23:10

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

jan.jirek · Příspěvekod **jan.jirek** » 08 říj 2015 11:03

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 08.10.2015
Čas skenování: 10:53
Protokol:
Správce: Ano

Verze: 2.1.8.1057
Databáze malwaru: v2015.10.08.01
Databáze rootkitů: v2015.10.06.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto

OS: Windows 10
CPU: x64
Souborový systém: NTFS
Uživatel: Honza

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 353024
Uplynulý čas: 5 min, 4 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 0
(Nenalezeny žádné škodlivé položky)

Moduly: 0
(Nenalezeny žádné škodlivé položky)

Klíče registru: 2
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\ATUpdaters, , [48397cd8f398b77fd8537165669e02fe],
PUP.Optional.TweakBit, HKLM\SOFTWARE\WOW6432NODE\TWEAKBIT\Google Analytics Package, , [275ad0845734979f2b02f7df788ca65a],

Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)

Data registru: 0
(Nenalezeny žádné škodlivé položky)

Složky: 0
(Nenalezeny žádné škodlivé položky)

Soubory: 0
(Nenalezeny žádné škodlivé položky)

Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)

(end)

# AdwCleaner v5.012 - Logfile created 08/10/2015 at 11:02:21
# Updated 08/10/2015 by Xplode
# Database : 2015-10-07.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Honza - DESKTOP-9L3U9LF
# Running from : C:\Users\Honza\Downloads\adwcleaner_5.012.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

Task Found : update-sys
Task Found : update-S-1-5-21-354208527-1655738457-999857751-1001
Task Found : update-sys
Task Found : update-S-1-5-21-354208527-1655738457-999857751-1001
Task Found : update-sys

***** [ Registry ] *****

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [784 bytes] ##########

Příspěvekod **jaro3** » 08 říj 2015 15:14

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
klikni na „Prohledat-Scan“, po prohledání klikni na „ Cleaning (Vymazat)“

Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [C?].txt) , jeho obsah sem celý vlož.

Stáhni si Junkware Removal Tool by Thisisu
http://www.bleepingcomputer.com/downloa ... oval-tool/
na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

. spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si RogueKiller by Adlice Software
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“ , v okně na pak na „Open TXT“ a celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

jan.jirek · Příspěvekod **jan.jirek** » 08 říj 2015 23:16

# AdwCleaner v5.012 - Logfile created 08/10/2015 at 23:00:26
# Updated 08/10/2015 by Xplode
# Database : 2015-10-07.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Honza - DESKTOP-9L3U9LF
# Running from : C:\Users\Honza\Downloads\adwcleaner_5.012.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : update-sys
[-] Task Deleted : update-S-1-5-21-354208527-1655738457-999857751-1001
[-] Task Deleted : update-sys
[-] Task Deleted : update-S-1-5-21-354208527-1655738457-999857751-1001
[-] Task Deleted : update-sys

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [878 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Home x64
Ran by Honza on 08.10.2015 at 23:03:05,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Chrome

[C:\Users\Honza\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Honza\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Honza\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Honza\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.10.2015 at 23:05:00,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V10.10.9.0 (x64) [Oct 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.10240) 64 bits version
Spuštěno : Normální režim
Uživatel : Honza [Práva správce]
Started from : C:\Users\Honza\Downloads\RogueKillerX64.exe
Mód : Prohledat -- Datum : 10/08/2015 23:12:57

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO mSATA 120GB +++++
--- User ---
[MBR] d6f9b3b3b717b1be3c17d9b3fd376d5d
[BSP] 28971e2ee5bcdbbafad430baf3b5302c : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 113906 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] ba9de387faa54d740b29ca7b7ef0b965
[BSP] 8f105968235ed6af6c0edca2b9495cc3 : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 953868 MB
User = LL1 ... OK
User = LL2 ... OK

TEN ROGUEKILLER JSEM SPUSTIL JEŠTĚ JEDNOU:

RogueKiller V10.10.9.0 (x64) [Oct 5 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 10 (10.0.10240) 64 bits version
Spuštěno : Normální režim
Uživatel : Honza [Práva správce]
Started from : C:\Users\Honza\Downloads\RogueKillerX64.exe
Mód : Prohledat -- Datum : 10/08/2015 23:19:33

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Lightshot : C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe -> Nalezeno
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 17 (Driver: Nahrán) ¤¤¤
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glEnd : Unknown @ 0xb18 (jmp qword [gs:0xb18])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glPopAttrib : Unknown @ 0xda0 (jmp qword [gs:0xda0])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glDisable : Unknown @ 0xd90 (jmp qword [gs:0xd90])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glBegin : Unknown @ 0xa00 (jmp qword [gs:0xa00])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glEvalPoint2 : Unknown @ 0xdf8 (jmp qword [gs:0xdf8])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glPushAttrib : Unknown @ 0xda8 (jmp qword [gs:0xda8])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glEnable : Unknown @ 0xd98 (jmp qword [gs:0xd98])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glEvalCoord1f : Unknown @ 0xdc0 (jmp qword [gs:0xdc0])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glEvalCoord2f : Unknown @ 0xde0 (jmp qword [gs:0xde0])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glNormal3f : Unknown @ 0xb80 (jmp qword [gs:0xb80])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glVertex3f : Unknown @ 0xd00 (jmp qword [gs:0xd00])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glMultMatrixd : Unknown @ 0xe28 (jmp qword [gs:0xe28])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glTranslated : Unknown @ 0xe60 (jmp qword [gs:0xe60])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glMultMatrixf : Unknown @ 0xe20 (jmp qword [gs:0xe20])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glScalef : Unknown @ 0xe58 (jmp qword [gs:0xe58])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glTranslatef : Unknown @ 0xe68 (jmp qword [gs:0xe68])
[IAT:Inl(Hook.IEAT)] (explorer.exe @ GLU32.dll) OPENGL32.dll - glTexCoord2f : Unknown @ 0xc00 (jmp qword [gs:0xc00])

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO mSATA 120GB +++++
--- User ---
[MBR] d6f9b3b3b717b1be3c17d9b3fd376d5d
[BSP] 28971e2ee5bcdbbafad430baf3b5302c : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 450 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 923648 | Size: 100 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1128448 | Size: 16 MB
3 - Basic data partition | Offset (sectors): 1161216 | Size: 113906 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++
--- User ---
[MBR] ba9de387faa54d740b29ca7b7ef0b965
[BSP] 8f105968235ed6af6c0edca2b9495cc3 : Empty|VT.Unknown MBR Code
Partition table:
0 - Basic data partition | Offset (sectors): 2048 | Size: 953868 MB
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **jaro3** » 09 říj 2015 09:23

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir i firewall.
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + informuj o problémech.

jan.jirek · Příspěvekod **jan.jirek** » 09 říj 2015 17:32

Díky za vše.

Postnu ještě zoek:

Zoek.exe v5.0.0.1 Updated 08-October-2015
Tool run by Honza on 09.10.2015 at 17:21:30,27.
Microsoft Windows 10 Home 10.0.10240 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Honza\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

09.10.2015 17:22:02 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\Belarc deleted successfully
C:\PROGRA~2\Fii deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Honza\AppData\Local\Adobe deleted successfully
C:\Users\Honza\AppData\Local\NetworkTiles deleted successfully
C:\Users\Honza\AppData\Local\NVIDIA Corporation deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\z87yldkh.default\prefs.js:

Added to C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\z87yldkh.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Belarc not found
C:\PROGRA~2\Fii not found
C:\PROGRA~2\SamsungPrinterLiveUpdateInstaller deleted
C:\PROGRA~2\Skillbrains deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Honza\AppData\Local\updater.log deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\Windows\Syswow64\Windows.Devices.Midi.dll" not deleted
"C:\Windows\Syswow64\Windows.Devices.WiFi.dll" not deleted
"C:\Windows\Syswow64\Windows.Gaming.Input.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.FaceAnalysis.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.Import.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.MediaControl.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.Speech.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.Speech.UXRes.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.Streaming.ps.dll" not deleted
"C:\Windows\Syswow64\Windows.Networking.Connectivity.dll" not deleted
"C:\Windows\Syswow64\Windows.UI.Immersive.dll" not deleted
"C:\Windows\Syswow64\Windows.UI.Input.Inking.dll" not deleted
"C:\Windows\Syswow64\Windows.UI.Xaml.Maps.dll" not deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\z87yldkh.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\z87yldkh.default
- NoSquint - %ProfilePath%\extensions\nosquint@urandom.ca.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\z87yldkh.default
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
9291708CCD967887AF94BE708B43D64D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013

==== Chromium Look ======================

GeoGebra - Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnbaboaihhkjoaolfnfoablhllahjnee
AdBlock - Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Honza\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Honza\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Honza\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=103 folders=24 30828474 bytes)

==== Empty Temp Folders ======================

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Honza\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\Syswow64\Windows.Devices.Midi.dll" not deleted
"C:\Windows\Syswow64\Windows.Devices.WiFi.dll" not deleted
"C:\Windows\Syswow64\Windows.Gaming.Input.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.FaceAnalysis.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.Import.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.MediaControl.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.Speech.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.Speech.UXRes.dll" not deleted
"C:\Windows\Syswow64\Windows.Media.Streaming.ps.dll" not deleted
"C:\Windows\Syswow64\Windows.Networking.Connectivity.dll" not deleted
"C:\Windows\Syswow64\Windows.UI.Immersive.dll" not deleted
"C:\Windows\Syswow64\Windows.UI.Input.Inking.dll" not deleted
"C:\Windows\Syswow64\Windows.UI.Xaml.Maps.dll" not deleted

==== EOF on 09.10.2015 at 17:31:07,12 ======================

jan.jirek · Příspěvekod **jan.jirek** » 09 říj 2015 18:01

A poslední hijack

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 18:01:21, on 09.10.2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Honza\Downloads\setup-lightshot.exe
C:\Users\Honza\AppData\Local\Temp\is-3BO8V.tmp\setup-lightshot.tmp
C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
C:\Users\Honza\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Honza\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9081 bytes

Příspěvekod **jerabina** » 09 říj 2015 18:48

Co problémy? Každopádně to ještě není na 100%, takže to doděláme:

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit Farbar Recovery Scan Tool (FRST)
32bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
64bit.:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
a ulož jej na plochu. ,pak spusť FRST jako správce
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

jan.jirek · Příspěvekod **jan.jirek** » 09 říj 2015 21:17

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:08-10-2015
Ran by Honza (administrator) on DESKTOP-9L3U9LF (09-10-2015 21:15:47)
Running from C:\Users\Honza\Downloads
Loaded Profiles: Honza (Available Profiles: Honza)
Platform: Windows 10 Home (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.3.0.0\Lightshot.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-07-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-07-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-07-31] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-07-31] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634896 2015-07-24] (NVIDIA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-31] (Synaptics Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2015-08-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2015-08-09] (Lenovo(beijing) Limited)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [462712 2012-03-09] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKU\S-1-5-21-354208527-1655738457-999857751-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2900560 2015-10-09] (Valve Corporation)
HKU\S-1-5-21-354208527-1655738457-999857751-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-354208527-1655738457-999857751-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [465920 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-354208527-1655738457-999857751-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 217.31.204.130 193.29.206.206
Tcpip\..\Interfaces\{a812833b-bc79-47e5-90ff-22c1f073fe44}: [DhcpNameServer] 217.31.204.130 193.29.206.206

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-354208527-1655738457-999857751-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-354208527-1655738457-999857751-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-09-12] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-07-31] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\z87yldkh.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-22] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Extension: NoSquint - C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\z87yldkh.default\Extensions\nosquint@urandom.ca.xpi [2015-08-02]
FF Extension: Adblock Plus - C:\Users\Honza\AppData\Roaming\Mozilla\Firefox\Profiles\z87yldkh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-02]

Chrome:
=======
CHR Profile: C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-09]
CHR Extension: (Dokumenty Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-09]
CHR Extension: (Disk Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-14]
CHR Extension: (YouTube) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-14]
CHR Extension: (Vyhledávání Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-14]
CHR Extension: (Tabulky Google) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-14]
CHR Extension: (Gmail) - C:\Users\Honza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-31] (Intel Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-07-31] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-14] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [251632 2015-07-14] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [178520 2015-07-14] (ESET)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [231520 2015-07-14] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53360 2015-07-14] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-14] (ESET)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew00.sys [3349984 2015-07-10] (Intel Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-31] (Synaptics Incorporated)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 21:15 - 2015-10-09 21:15 - 02194944 _____ (Farbar) C:\Users\Honza\Downloads\FRST64.exe
2015-10-09 21:15 - 2015-10-09 21:15 - 00013691 _____ C:\Users\Honza\Downloads\FRST.txt
2015-10-09 21:15 - 2015-10-09 21:15 - 00000000 ____D C:\FRST
2015-10-09 20:08 - 2015-10-09 20:08 - 00016148 _____ C:\Windows\system32\DESKTOP-9L3U9LF_Honza_HistoryPrediction.bin
2015-10-09 17:44 - 2015-10-09 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-10-09 17:44 - 2015-10-09 17:44 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2015-10-09 17:31 - 2015-10-09 17:31 - 00000008 __RSH C:\ProgramData\ntuser.pol
2015-10-09 17:30 - 2015-10-09 17:21 - 00024064 _____ C:\Windows\zoek-delete.exe
2015-10-09 17:19 - 2015-10-09 17:30 - 00000000 ____D C:\Users\Honza\AppData\Local\CrashDumps
2015-10-08 23:06 - 2015-10-09 17:12 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-10-08 23:06 - 2015-10-08 23:23 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-08 11:06 - 2015-10-09 17:31 - 00000700 _____ C:\Windows\PFRO.log
2015-10-08 10:40 - 2015-10-08 10:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-07 20:50 - 2015-10-09 20:08 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-10-07 16:12 - 2015-10-07 16:12 - 00002870 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-10-07 16:12 - 2015-10-07 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-07 16:12 - 2015-10-07 16:12 - 00000000 ____D C:\Program Files\CCleaner
2015-10-01 06:47 - 2015-09-25 02:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2015-10-01 06:47 - 2015-09-25 02:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2015-10-01 06:47 - 2015-09-25 02:13 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2015-10-01 06:47 - 2015-09-25 01:34 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2015-10-01 06:47 - 2015-09-25 01:34 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2015-10-01 06:47 - 2015-09-25 01:24 - 00796160 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2015-10-01 06:47 - 2015-09-25 01:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-01 06:47 - 2015-09-25 01:23 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-10-01 06:47 - 2015-09-25 01:17 - 02178560 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-10-01 06:47 - 2015-09-25 01:08 - 03586560 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-10-01 06:47 - 2015-09-25 01:07 - 01382400 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-10-01 06:47 - 2015-09-25 01:06 - 01423872 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2015-10-01 06:47 - 2015-09-25 01:05 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2015-10-01 06:47 - 2015-09-25 01:01 - 00856576 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2015-10-01 06:47 - 2015-09-25 01:01 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2015-10-01 06:47 - 2015-09-25 01:00 - 01205248 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2015-10-01 06:47 - 2015-09-25 01:00 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2015-10-01 06:47 - 2015-09-25 01:00 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2015-10-01 06:47 - 2015-09-25 01:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2015-10-01 06:47 - 2015-09-25 00:53 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2015-10-01 06:47 - 2015-09-25 00:43 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2015-10-01 06:47 - 2015-09-25 00:43 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-01 06:47 - 2015-09-25 00:42 - 01795072 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-10-01 06:47 - 2015-09-25 00:25 - 00928256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2015-10-01 06:47 - 2015-09-25 00:25 - 00625152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2015-10-01 06:47 - 2015-09-25 00:25 - 00579584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2015-10-01 06:47 - 2015-09-25 00:25 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2015-10-01 06:47 - 2015-09-25 00:25 - 00525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2015-10-01 06:47 - 2015-09-25 00:24 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2015-10-01 06:47 - 2015-09-25 00:19 - 00466432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2015-10-01 06:47 - 2015-09-19 07:14 - 00102304 _____ (Microsoft Corporation) C:\Windows\system32\omadmapi.dll
2015-10-01 06:47 - 2015-09-17 08:50 - 02464216 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2015-10-01 06:47 - 2015-09-17 08:50 - 01563392 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2015-10-01 06:47 - 2015-09-17 08:50 - 00099664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-10-01 06:47 - 2015-09-17 08:50 - 00088384 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2015-10-01 06:47 - 2015-09-17 08:49 - 08020816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-01 06:47 - 2015-09-17 08:49 - 06487248 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2015-10-01 06:47 - 2015-09-17 08:49 - 01563472 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2015-10-01 06:47 - 2015-09-17 08:49 - 00894256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-10-01 06:47 - 2015-09-17 08:49 - 00553808 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2015-10-01 06:47 - 2015-09-17 08:49 - 00501008 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 02824248 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 02494712 _____ C:\Windows\system32\CoreUIComponents.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 02432336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-10-01 06:47 - 2015-09-17 08:48 - 02156400 _____ (Microsoft Corporation) C:\Windows\system32\hevcdecoder.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 01983824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-10-01 06:47 - 2015-09-17 08:48 - 00809352 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 00784136 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 00584656 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 00555768 _____ (Microsoft Corporation) C:\Windows\system32\directmanipulation.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 00537080 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-10-01 06:47 - 2015-09-17 08:48 - 00505696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2015-10-01 06:47 - 2015-09-17 08:48 - 00476760 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 00406864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-10-01 06:47 - 2015-09-17 08:48 - 00395088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-10-01 06:47 - 2015-09-17 08:48 - 00332624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-10-01 06:47 - 2015-09-17 08:48 - 00278352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-10-01 06:47 - 2015-09-17 08:48 - 00243760 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-10-01 06:47 - 2015-09-17 08:47 - 01397088 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-10-01 06:47 - 2015-09-17 08:44 - 00781976 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2015-10-01 06:47 - 2015-09-17 08:43 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-10-01 06:47 - 2015-09-17 08:39 - 00081488 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-01 06:47 - 2015-09-17 08:37 - 01295712 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2015-10-01 06:47 - 2015-09-17 08:37 - 01168736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-10-01 06:47 - 2015-09-17 08:28 - 05120056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2015-10-01 06:47 - 2015-09-17 08:28 - 02154808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2015-10-01 06:47 - 2015-09-17 08:28 - 01357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2015-10-01 06:47 - 2015-09-17 08:28 - 00441168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2015-10-01 06:47 - 2015-09-17 08:28 - 00407608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-10-01 06:47 - 2015-09-17 08:28 - 00074880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2015-10-01 06:47 - 2015-09-17 08:27 - 01766952 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2015-10-01 06:47 - 2015-09-17 08:27 - 00454512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directmanipulation.dll
2015-10-01 06:47 - 2015-09-17 08:26 - 02446648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-10-01 06:47 - 2015-09-17 08:26 - 01895568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hevcdecoder.dll
2015-10-01 06:47 - 2015-09-17 08:26 - 00646672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2015-10-01 06:47 - 2015-09-17 08:26 - 00508248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-10-01 06:47 - 2015-09-17 08:26 - 00434376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2015-10-01 06:47 - 2015-09-17 08:26 - 00428128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2015-10-01 06:47 - 2015-09-17 08:25 - 00962400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-10-01 06:47 - 2015-09-17 08:21 - 00658528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2015-10-01 06:47 - 2015-09-17 08:20 - 00764416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2015-10-01 06:47 - 2015-09-17 08:12 - 16708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-10-01 06:47 - 2015-09-17 08:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2015-10-01 06:47 - 2015-09-17 08:10 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2015-10-01 06:47 - 2015-09-17 08:09 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2015-10-01 06:47 - 2015-09-17 08:09 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2015-10-01 06:47 - 2015-09-17 08:08 - 00494592 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2015-10-01 06:47 - 2015-09-17 08:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Speech.Pal.dll
2015-10-01 06:47 - 2015-09-17 08:08 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2015-10-01 06:47 - 2015-09-17 08:07 - 21875712 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-10-01 06:47 - 2015-09-17 08:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\CellularAPI.dll
2015-10-01 06:47 - 2015-09-17 08:06 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2015-10-01 06:47 - 2015-09-17 08:06 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2015-10-01 06:47 - 2015-09-17 08:05 - 02226688 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2015-10-01 06:47 - 2015-09-17 08:05 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2015-10-01 06:47 - 2015-09-17 08:04 - 07569408 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2015-10-01 06:47 - 2015-09-17 08:04 - 00910848 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2015-10-01 06:47 - 2015-09-17 08:04 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2015-10-01 06:47 - 2015-09-17 08:03 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2015-10-01 06:47 - 2015-09-17 08:03 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2015-10-01 06:47 - 2015-09-17 08:03 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2015-10-01 06:47 - 2015-09-17 08:03 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll
2015-10-01 06:47 - 2015-09-17 08:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2015-10-01 06:47 - 2015-09-17 08:02 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2015-10-01 06:47 - 2015-09-17 08:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-01 06:47 - 2015-09-17 08:00 - 24595456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-01 06:47 - 2015-09-17 08:00 - 03248640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-10-01 06:47 - 2015-09-17 08:00 - 02417664 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-10-01 06:47 - 2015-09-17 08:00 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2015-10-01 06:47 - 2015-09-17 08:00 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-01 06:47 - 2015-09-17 07:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2015-10-01 06:47 - 2015-09-17 07:57 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2015-10-01 06:47 - 2015-09-17 07:57 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2015-10-01 06:47 - 2015-09-17 07:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2015-10-01 06:47 - 2015-09-17 07:57 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2015-10-01 06:47 - 2015-09-17 07:56 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2015-10-01 06:47 - 2015-09-17 07:56 - 00521728 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2015-10-01 06:47 - 2015-09-17 07:56 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\configmanager2.dll
2015-10-01 06:47 - 2015-09-17 07:55 - 02236416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-01 06:47 - 2015-09-17 07:55 - 01601536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2015-10-01 06:47 - 2015-09-17 07:55 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx02000.dll
2015-10-01 06:47 - 2015-09-17 07:55 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2015-10-01 06:47 - 2015-09-17 07:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2015-10-01 06:47 - 2015-09-17 07:55 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll
2015-10-01 06:47 - 2015-09-17 07:55 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\dmcsps.dll
2015-10-01 06:47 - 2015-09-17 07:55 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2015-10-01 06:47 - 2015-09-17 07:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wwancfg.dll
2015-10-01 06:47 - 2015-09-17 07:54 - 03781120 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2015-10-01 06:47 - 2015-09-17 07:54 - 00780288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-10-01 06:47 - 2015-09-17 07:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 06:47 - 2015-09-17 07:53 - 07055872 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2015-10-01 06:47 - 2015-09-17 07:52 - 06572032 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2015-10-01 06:47 - 2015-09-17 07:52 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2015-10-01 06:47 - 2015-09-17 07:52 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-10-01 06:47 - 2015-09-17 07:52 - 00856576 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2015-10-01 06:47 - 2015-09-17 07:52 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-10-01 06:47 - 2015-09-17 07:52 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2015-10-01 06:47 - 2015-09-17 07:52 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2015-10-01 06:47 - 2015-09-17 07:52 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-10-01 06:47 - 2015-09-17 07:52 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-10-01 06:47 - 2015-09-17 07:52 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\SubscriptionMgr.dll
2015-10-01 06:47 - 2015-09-17 07:51 - 13027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-10-01 06:47 - 2015-09-17 07:51 - 02660864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2015-10-01 06:47 - 2015-09-17 07:51 - 01812480 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2015-10-01 06:47 - 2015-09-17 07:51 - 01203712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2015-10-01 06:47 - 2015-09-17 07:51 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-10-01 06:47 - 2015-09-17 07:51 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-10-01 06:47 - 2015-09-17 07:51 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2015-10-01 06:47 - 2015-09-17 07:50 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2015-10-01 06:47 - 2015-09-17 07:50 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-10-01 06:47 - 2015-09-17 07:50 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2015-10-01 06:47 - 2015-09-17 07:50 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\LocationPeWiFi.dll
2015-10-01 06:47 - 2015-09-17 07:50 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\LocationPeCell.dll
2015-10-01 06:47 - 2015-09-17 07:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\buttonconverter.sys
2015-10-01 06:47 - 2015-09-17 07:49 - 02740224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-01 06:47 - 2015-09-17 07:49 - 01290240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2015-10-01 06:47 - 2015-09-17 07:49 - 01010176 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2015-10-01 06:47 - 2015-09-17 07:49 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2015-10-01 06:47 - 2015-09-17 07:49 - 00439296 _____ (Microsoft Corporation) C:\Windows\system32\LocationWebproxy.dll
2015-10-01 06:47 - 2015-09-17 07:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\LocationGeofences.dll
2015-10-01 06:47 - 2015-09-17 07:49 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2015-10-01 06:47 - 2015-09-17 07:49 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\LocationCrowdsource.dll
2015-10-01 06:47 - 2015-09-17 07:49 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\LocationPeIP.dll
2015-10-01 06:47 - 2015-09-17 07:49 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\LocationWiFiAdapter.dll
2015-10-01 06:47 - 2015-09-17 07:49 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Speech.Pal.dll
2015-10-01 06:47 - 2015-09-17 07:48 - 02093056 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2015-10-01 06:47 - 2015-09-17 07:48 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2015-10-01 06:47 - 2015-09-17 07:48 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2015-10-01 06:47 - 2015-09-17 07:48 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2015-10-01 06:47 - 2015-09-17 07:48 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\ncryptprov.dll
2015-10-01 06:47 - 2015-09-17 07:48 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-01 06:47 - 2015-09-17 07:47 - 07523328 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-10-01 06:47 - 2015-09-17 07:47 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2015-10-01 06:47 - 2015-09-17 07:47 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-01 06:47 - 2015-09-17 07:47 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2015-10-01 06:47 - 2015-09-17 07:46 - 00928256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2015-10-01 06:47 - 2015-09-17 07:46 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2015-10-01 06:47 - 2015-09-17 07:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2015-10-01 06:47 - 2015-09-17 07:46 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2015-10-01 06:47 - 2015-09-17 07:46 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2015-10-01 06:47 - 2015-09-17 07:46 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2015-10-01 06:47 - 2015-09-17 07:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\HttpsDataSource.dll
2015-10-01 06:47 - 2015-09-17 07:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\syncmlhook.dll
2015-10-01 06:47 - 2015-09-17 07:45 - 19325440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-01 06:47 - 2015-09-17 07:45 - 04791296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-01 06:47 - 2015-09-17 07:45 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-10-01 06:47 - 2015-09-17 07:45 - 00869376 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2015-10-01 06:47 - 2015-09-17 07:45 - 00832512 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2015-10-01 06:47 - 2015-09-17 07:45 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2015-10-01 06:47 - 2015-09-17 07:45 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2015-10-01 06:47 - 2015-09-17 07:44 - 01844736 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2015-10-01 06:47 - 2015-09-17 07:44 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2015-10-01 06:47 - 2015-09-17 07:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2015-10-01 06:47 - 2015-09-17 07:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\syncutil.dll
2015-10-01 06:47 - 2015-09-17 07:43 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2015-10-01 06:47 - 2015-09-17 07:43 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-10-01 06:47 - 2015-09-17 07:43 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2015-10-01 06:47 - 2015-09-17 07:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2015-10-01 06:47 - 2015-09-17 07:42 - 02646528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-10-01 06:47 - 2015-09-17 07:41 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2015-10-01 06:47 - 2015-09-17 07:40 - 06101504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2015-10-01 06:47 - 2015-09-17 07:40 - 01918464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-10-01 06:47 - 2015-09-17 07:40 - 01162240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2015-10-01 06:47 - 2015-09-17 07:39 - 00587264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-01 06:47 - 2015-09-17 07:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-01 06:47 - 2015-09-17 07:38 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2015-10-01 06:47 - 2015-09-17 07:37 - 18806272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-10-01 06:47 - 2015-09-17 07:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2015-10-01 06:47 - 2015-09-17 07:36 - 01171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2015-10-01 06:47 - 2015-09-17 07:35 - 05079552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2015-10-01 06:47 - 2015-09-17 07:35 - 02207232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-01 06:47 - 2015-09-17 07:35 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2015-10-01 06:47 - 2015-09-17 07:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-01 06:47 - 2015-09-17 07:34 - 00253440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2015-10-01 06:47 - 2015-09-17 07:33 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2015-10-01 06:47 - 2015-09-17 07:32 - 03579904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-01 06:47 - 2015-09-17 07:32 - 00336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2015-10-01 06:47 - 2015-09-17 07:32 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2015-10-01 06:47 - 2015-09-17 07:32 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-01 06:47 - 2015-09-17 07:31 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-10-01 06:47 - 2015-09-17 07:31 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptprov.dll
2015-10-01 06:47 - 2015-09-17 07:30 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2015-10-01 06:47 - 2015-09-17 07:29 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-10-01 06:47 - 2015-09-17 07:29 - 00701952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2015-10-01 06:47 - 2015-09-17 07:29 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2015-10-01 06:47 - 2015-09-17 07:29 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2015-10-01 06:47 - 2015-09-17 07:28 - 00473088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2015-10-01 06:47 - 2015-09-17 07:26 - 00899584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2015-10-01 06:47 - 2015-09-17 07:16 - 00512000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2015-10-01 06:47 - 2015-09-13 04:05 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-10-01 06:47 - 2015-09-13 03:41 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-09-29 17:38 - 2015-09-29 17:38 - 00049152 _____ C:\Users\Honza\Desktop\Náběrový formulář RD..xls
2015-09-26 13:20 - 2015-09-26 13:20 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Symbaloo
2015-09-10 22:25 - 2015-09-10 22:25 - 00000000 ____D C:\$WINDOWS.~BT
2015-09-10 21:57 - 2015-09-10 21:57 - 00000000 ___HD C:\$Windows.~WS
2015-09-10 20:42 - 2015-09-10 20:47 - 00000000 ____D C:\Program Files\RW-Everything
2015-09-10 20:35 - 2015-10-07 16:13 - 00000000 ____D C:\Windows\Minidump
2015-09-10 20:34 - 2015-09-10 20:42 - 00021760 _____ (RW-Everything) C:\Windows\system32\Drivers\RwDrv.sys
2015-09-10 16:21 - 2015-09-10 16:22 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Apple Computer
2015-09-10 16:21 - 2015-09-10 16:21 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\Users\Honza\AppData\Local\Apple Computer
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\Users\Honza\AppData\Local\Apple
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\ProgramData\Apple Computer
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\ProgramData\Apple
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\Program Files\iTunes
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\Program Files\iPod
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\Program Files\Bonjour
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-10 16:21 - 2015-09-10 16:21 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-09 07:37 - 2015-08-27 08:36 - 03620736 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-09 07:37 - 2015-08-27 08:32 - 00608936 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2015-09-09 07:37 - 2015-08-27 07:59 - 02880032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-09 07:37 - 2015-08-27 07:54 - 00541248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2015-09-09 07:37 - 2015-08-27 07:54 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-09 07:37 - 2015-08-27 07:51 - 02350592 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-09 07:37 - 2015-08-27 07:51 - 01774592 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-09 07:37 - 2015-08-27 07:49 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-09 07:37 - 2015-08-27 07:47 - 12503552 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-09 07:37 - 2015-08-27 07:43 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-09 07:37 - 2015-08-27 07:43 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-09 07:37 - 2015-08-27 07:42 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-09 07:37 - 2015-08-27 07:42 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.PicturePassword.dll
2015-09-09 07:37 - 2015-08-27 07:42 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-09 07:37 - 2015-08-27 07:39 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-09 07:37 - 2015-08-27 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-09 07:37 - 2015-08-27 07:16 - 02153472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-09 07:37 - 2015-08-27 07:16 - 01612288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 07:37 - 2015-08-27 07:12 - 00650752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-09 07:37 - 2015-08-27 07:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-09 07:37 - 2015-08-27 07:11 - 00484352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-09 07:37 - 2015-08-27 07:11 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-09 07:37 - 2015-08-27 07:09 - 11262464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-09 07:37 - 2015-08-27 07:08 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-09 21:15 - 2015-08-01 00:18 - 00000000 ____D C:\Program Files (x86)\Steam
2015-10-09 21:15 - 2015-08-01 00:10 - 00000000 ____D C:\Users\Honza\Documents\Soubory aplikace Outlook
2015-10-09 21:15 - 2015-07-31 23:17 - 00000000 ____D C:\Users\Honza\AppData\Roaming\Skype
2015-10-09 21:10 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\sru
2015-10-09 20:39 - 2015-08-14 18:23 - 00000992 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-09 20:19 - 2015-08-02 18:24 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-09 20:09 - 2015-08-01 08:12 - 00000000 ____D C:\Users\Honza\AppData\Local\Battle.net
2015-10-09 20:09 - 2015-08-01 08:12 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-10-09 17:36 - 2015-07-31 21:44 - 01674756 _____ C:\Windows\system32\PerfStringBackup.INI
2015-10-09 17:36 - 2015-07-10 18:02 - 00712230 _____ C:\Windows\system32\perfh005.dat
2015-10-09 17:36 - 2015-07-10 18:02 - 00141770 _____ C:\Windows\system32\perfc005.dat
2015-10-09 17:31 - 2015-08-14 18:23 - 00000988 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-09 17:31 - 2015-07-10 14:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-09 17:30 - 2015-07-10 11:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-10-09 17:29 - 2015-07-10 13:04 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2015-10-09 17:29 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2015-10-09 17:21 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\restore
2015-10-09 16:51 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\AppReadiness
2015-10-09 10:47 - 2015-08-02 22:56 - 00000000 ____D C:\Users\Honza\AppData\Roaming\vlc
2015-10-07 21:57 - 2015-07-31 21:43 - 00000000 ____D C:\Users\Honza\AppData\Local\VirtualStore
2015-10-07 16:13 - 2015-07-31 22:36 - 00000000 ____D C:\Windows\Panther
2015-10-07 16:07 - 2015-07-31 21:43 - 00000000 ____D C:\Users\Honza\AppData\Local\Packages
2015-10-03 20:04 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\rescache
2015-10-02 00:41 - 2015-08-31 08:31 - 00000424 _____ C:\Users\Honza\AppData\Local\UserProducts.xml
2015-10-01 09:15 - 2015-07-10 13:04 - 00000000 ___SD C:\Windows\SysWOW64\F12
2015-10-01 09:15 - 2015-07-10 13:04 - 00000000 ___SD C:\Windows\system32\F12
2015-10-01 09:15 - 2015-07-10 13:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-10-01 09:15 - 2015-07-10 13:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-01 09:15 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-10-01 09:15 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2015-10-01 09:15 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-01 09:15 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\Provisioning
2015-10-01 09:15 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\L2Schemas
2015-10-01 07:03 - 2015-07-10 12:55 - 00000000 ____D C:\Windows\CbsTemp
2015-09-30 22:21 - 2015-08-01 08:17 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-09-25 22:45 - 2015-08-14 18:24 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-25 17:32 - 2015-07-31 23:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-22 20:45 - 2015-08-05 17:47 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-09-16 10:34 - 2015-08-14 18:23 - 00004050 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 10:34 - 2015-08-14 18:23 - 00003818 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 18:12 - 2015-07-10 13:06 - 00812008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-15 18:12 - 2015-07-10 13:06 - 00178152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-13 16:22 - 2015-08-01 07:56 - 00000000 ____D C:\Users\Honza\AppData\Local\Google
2015-09-11 14:30 - 2015-08-12 16:07 - 00000000 ____D C:\Windows\system32\MRT
2015-09-10 22:28 - 2015-07-31 21:43 - 00000000 ____D C:\Users\Honza
2015-09-10 09:12 - 2015-07-10 14:20 - 00340160 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-09 20:39 - 2015-07-10 18:05 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-09 15:50 - 2015-07-10 13:04 - 00000000 ____D C:\Windows\system32\WinBioDatabase

==================== Files in the root of some directories =======

2015-08-31 08:31 - 2015-10-02 00:41 - 0000424 _____ () C:\Users\Honza\AppData\Local\UserProducts.xml
2015-07-31 21:44 - 2015-07-31 21:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-04 16:59

==================== End of FRST.txt ============================

jan.jirek · Příspěvekod **jan.jirek** » 09 říj 2015 21:18

Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by Honza (2015-10-09 21:16:12)
Running from C:\Users\Honza\Downloads
Windows 10 Home (X64) (2015-07-31 19:40:35)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-354208527-1655738457-999857751-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-354208527-1655738457-999857751-503 - Limited - Disabled)
Guest (S-1-5-21-354208527-1655738457-999857751-501 - Limited - Disabled)
Honza (S-1-5-21-354208527-1655738457-999857751-1001 - Administrator - Enabled) => C:\Users\Honza

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Balíček ovladače systému Windows - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Balíček ovladače systému Windows - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden
ESET Smart Security (HKLM\...\{4D8E383E-0AB7-482D-9327-BB92D53312B4}) (Version: 8.0.319.1 - ESET, spol s r. o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA Ovladače grafiky 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Systémový software PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 353.62 (Version: 353.62 - NVIDIA Corporation) Hidden
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.29.02(19.06.2014) - Samsung Electronics Co., Ltd.)
Samsung M2070 Series (HKLM-x32\...\Samsung M2070 Series) (Version: 1.17 (17.09.2014) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TeamSpeak 3 Client (HKU\S-1-5-21-354208527-1655738457-999857751-1001\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zobrazit uživatelskou příručku (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-354208527-1655738457-999857751-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

09-10-2015 17:21:55 zoek.exe restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2015-10-09 17:22 - 00000753 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {3BAFEEF1-A40A-45CC-BF89-B94E6265535B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-12] (Microsoft Corporation)
Task: {42D35024-2B74-49A1-963D-2F871266C854} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-09-12] (Microsoft Corporation)
Task: {5E86F0E3-355C-4552-B095-4800F6E0858E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {687FE1C4-E295-4F36-8BBB-6C35F39A58B8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd)
Task: {7CCDBC7C-1C7B-485F-A6FA-3FAE5A9DBDDD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {BE01CD4C-F389-4BAE-A368-99036F5D2735} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-14] (Google Inc.)
Task: {C75399E0-F8F6-4488-9634-B8A312503134} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {D045CC8A-EA19-457D-BA0B-0D008DA3F22E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-14] (Google Inc.)
Task: {D243C52F-FE07-4361-A287-07B2F3947C5F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)
Task: {D9B38951-887F-435E-86C6-0AB6494D0F5F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-12] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-31 22:29 - 2015-07-15 04:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-07-31 21:46 - 2015-07-23 03:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-01 08:22 - 2013-05-29 14:01 - 00034304 _____ () C:\Windows\System32\ssm4mlm.dll
2015-08-10 09:35 - 2015-06-03 11:58 - 00037888 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOB__J_1.DLL
2015-08-19 09:49 - 2015-08-11 11:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-31 23:47 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-10-01 06:47 - 2015-09-17 08:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-10-01 06:47 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 12:59 - 2015-07-10 12:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 06:47 - 2015-09-17 07:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 06:47 - 2015-09-17 07:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 06:47 - 2015-09-17 07:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 06:47 - 2015-09-17 07:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 18:05 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2012-03-09 09:58 - 2012-03-09 09:58 - 00462712 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-03-09 09:58 - 2012-03-09 09:58 - 00057208 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-09-16 21:33 - 2015-09-16 21:33 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2015-10-03 08:58 - 2015-10-03 08:58 - 00012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-10-03 08:58 - 2015-10-03 08:58 - 10814464 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-09-18 18:57 - 2015-09-18 18:57 - 03495936 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1509.14010.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-07-31 21:43 - 2015-07-31 21:43 - 00133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2015-07-31 22:23 - 2015-07-24 06:22 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-354208527-1655738457-999857751-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Honza\Desktop\eagle_fly_flap_wings_85898_1920x1080.jpg
DNS Servers: 217.31.204.130 - 193.29.206.206
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-354208527-1655738457-999857751-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-354208527-1655738457-999857751-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-354208527-1655738457-999857751-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D8E4FF9E-4E0B-40EF-ADBD-671D2582AED6}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{05AF6523-295F-4E9E-A122-B86DB3A53D75}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{E6D811F9-54F7-4030-A620-F227F0F6DA80}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7C9F3EF3-A301-4918-B558-CFA97E425485}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7C18F7F3-E3CB-4216-813C-7BE02350245E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{BF9BCBA1-D4B9-46E4-9923-03FF57DD0460}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{49797041-7C7C-441F-A23D-C12DEF327792}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{242988BF-78C5-4E1D-901D-C6B4D98E647D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5CDEE6CB-AE92-4540-A723-031F7F0FE3CC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{342954A8-2E39-44FA-B5AE-4C31D44CD5A1}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{7CF668E5-958D-4794-B376-77C2CB301C27}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{E4F1C6B9-ED9C-4D12-9F46-E1849183DF5C}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{6D249769-282C-4A31-A9C2-71E9632084E9}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{40743503-C70B-4567-AF2E-F844254599FB}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{135D78AB-9DBD-476D-82AA-BC0AEA796549}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{BA27B540-82C9-4A2F-8840-84DD5F21D93B}] => (Allow) C:\Windows\twain_32\Samsung\SLM2070\ScanCDLM\ScanCDLM.exe
FirewallRules: [{F2CE5D0A-1071-4192-A833-22B56CB0BBDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01DDE422-9D2C-4ADD-8EC6-2D0987B4A071}] => (Allow) D:\csgo\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{25CE29F1-14B0-488A-836E-C587A2466B1E}] => (Allow) D:\csgo\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CCE55C4B-1EAF-48C2-9090-9822865648DA}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{829674FA-2D3F-45B2-9366-4E67A80867AF}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{61B5780E-EE0F-4ABC-998D-F5B85879CD10}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{489E6E0F-097D-4289-8A17-4F5D026D2731}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe
FirewallRules: [{3497AC73-5F40-4598-A3B9-8D69456C5283}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{3F61EF48-19C4-44AA-9426-54F633910CB9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe
FirewallRules: [{D344E3FA-4558-471B-B1E5-12EAABFBCF23}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{386B059F-505A-46DF-965C-4466ADEB6BE5}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe
FirewallRules: [{D6FC7538-AD15-47F5-AEC2-F273BC7FA0EC}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{CC464A24-D6C2-4113-9539-392B6C4D9BFF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe
FirewallRules: [{9545A0EF-4880-4E4C-B3C7-43F097D1100E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{941F3381-58A8-4441-A7A4-D3C3024FEB55}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe
FirewallRules: [{7EB933F7-3900-4B95-B999-687483C1C8AF}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{2558F6CC-6519-4D7D-8C16-45C8D141BEFA}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe
FirewallRules: [{B9D85934-0366-41DB-A777-8BFC8842C1DB}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{1BB10039-BFCD-4E86-A975-06AFADE4F4F0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe
FirewallRules: [{8ADB8A81-CB7E-4394-B816-94742ED7E32E}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{7476EB55-8FEE-4FCD-8684-C3556D5197E4}] => (Allow) C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
FirewallRules: [{EC523C3B-6EC2-4381-8745-785DA3870BEE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{58BCFFDB-AA5E-4DCB-A7FF-1E9F94EB939B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AF054C7E-B1D2-4B19-9905-79FA11BBFE52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BEBC5E48-3EF8-497D-B60C-66B7E60439B3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BDD620E9-5C74-4B5A-98B6-0FFDF0D2CCEF}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2C54E13E-DAFF-4CCF-B719-AE92173E51CC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{63F0DA37-A0AC-4936-BA1B-47C90C08C23C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe
FirewallRules: [{A38537D1-126E-48FD-B891-64673FFFD613}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Arena\launcher\launcher.exe

==================== Faulty Device Manager Devices =============

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Základní systémové zařízení
Description: Základní systémové zařízení
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/09/2015 05:21:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (10/09/2015 05:18:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: egui.exe, verze: 8.0.319.0, časové razítko: 0x559d2313
Název chybujícího modulu: ToastNotify.dll, verze: 8.0.319.0, časové razítko: 0x559d2398
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000002f3e
ID chybujícího procesu: 0x1434
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3
Úplný název chybujícího balíčku: egui.exe4
ID aplikace související s chybujícím balíčkem: egui.exe5

Error: (10/09/2015 12:58:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: egui.exe, verze: 8.0.319.0, časové razítko: 0x559d2313
Název chybujícího modulu: ToastNotify.dll, verze: 8.0.319.0, časové razítko: 0x559d2398
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000002f3e
ID chybujícího procesu: 0x1474
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3
Úplný název chybujícího balíčku: egui.exe4
ID aplikace související s chybujícím balíčkem: egui.exe5

Error: (10/08/2015 09:11:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-9L3U9LF)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (10/08/2015 11:41:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-9L3U9LF)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (10/07/2015 11:41:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: egui.exe, verze: 8.0.319.0, časové razítko: 0x559d2313
Název chybujícího modulu: ToastNotify.dll, verze: 8.0.319.0, časové razítko: 0x559d2398
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000002f3e
ID chybujícího procesu: 0x16f4
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3
Úplný název chybujícího balíčku: egui.exe4
ID aplikace související s chybujícím balíčkem: egui.exe5

Error: (10/07/2015 02:44:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2625

Error: (10/07/2015 02:44:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2625

Error: (10/07/2015 02:44:06 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/06/2015 04:33:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-9L3U9LF)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

System errors:
=============
Error: (10/09/2015 08:16:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Steam Client Service neuspěla při spuštění v důsledku následující chyby:
%%1053

Error: (10/09/2015 08:16:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Steam Client Service bylo dosaženo časového limitu (30000 ms).

Error: (10/09/2015 05:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (10/09/2015 05:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (10/09/2015 05:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (10/09/2015 05:30:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_Session1 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (10/09/2015 05:29:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/09/2015 05:29:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/09/2015 05:29:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/09/2015 05:29:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 22%
Total physical RAM: 8091.27 MB
Available physical RAM: 6277.75 MB
Total Virtual: 9371.27 MB
Available Virtual: 7368.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.24 GB) (Free:83.08 GB) NTFS
Drive d: (Nový svazek) (Fixed) (Total:931.51 GB) (Free:809.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 111.8 GB) (Disk ID: DEBB4520)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 6405F438)

Partition: GPT.

==================== End of Addition.txt ============================

Příspěvekod **jerabina** » 09 říj 2015 22:13

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKU\S-1-5-21-354208527-1655738457-999857751-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2900560 2015-10-09] (Valve Corporation)
HKU\S-1-5-21-354208527-1655738457-999857751-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53729824 2015-08-07] (Skype Technologies S.A.)
HKU\S-1-5-21-354208527-1655738457-999857751-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)

FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)

C:\Users\Honza\AppData\Local\Temp\is-3BO8V.tmp\setup-lightshot.tmp
C:\ProgramData\DP45977C.lfl

Task: {7CCDBC7C-1C7B-485F-A6FA-3FAE5A9DBDDD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-22] (Adobe Systems Incorporated)
Task: {BE01CD4C-F389-4BAE-A368-99036F5D2735} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-14] (Google Inc.)
Task: {D045CC8A-EA19-457D-BA0B-0D008DA3F22E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-14] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:
EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace Vyřešeno

Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Re: Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Re: Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Re: Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Re: Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Re: Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Re: Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Re: Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Re: Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Re: Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Re: Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Re: Prosím o kontrolu logu spojenou s problémem HTML\Spam.AB aplikace

Kdo je online