Zpomalení stolního počítače

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: memphisto, Mods_senior, Security team

Uživatelský avatar
BAJLA
Level 3
Level 3
Příspěvky: 501
Registrován: duben 14
Bydliště: Olomoucký kraj
Pohlaví: Muž

Re: Zpomalení stolního počítače

Příspěvekod BAJLA » 06 lis 2017 10:01

Vždy býval počítač rychlý tet je pořád spomalený.



Reklama
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37272
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Zpomalení stolního počítače

Příspěvekod jaro3 » 06 lis 2017 17:44

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
BAJLA
Level 3
Level 3
Příspěvky: 501
Registrován: duben 14
Bydliště: Olomoucký kraj
Pohlaví: Muž

Re: Zpomalení stolního počítače

Příspěvekod BAJLA » 06 lis 2017 18:19

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Martin (06-11-2017 18:18:46)
Running from C:\Documents and Settings\Martin\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) (2017-09-01 15:56:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1292428093-1500820517-839522115-500 - Administrator - Enabled)
Guest (S-1-5-21-1292428093-1500820517-839522115-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1292428093-1500820517-839522115-1000 - Limited - Disabled)
Martin (S-1-5-21-1292428093-1500820517-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Martin
SUPPORT_388945a0 (S-1-5-21-1292428093-1500820517-839522115-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM\...\uTorrent) (Version: 2.2.1 - )
4K Video Downloader 4.2 (HKLM\...\4K Video Downloader_is1) (Version: 4.2.1.2185 - Open Media LLC)
AMD Catalyst Install Manager (HKLM\...\{33C731E7-B72A-1587-A3EF-054FCC011A3C}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{FC57FC53-104C-415C-98D7-B05E659461A9}) (Version: 10.50.03 - Broadcom Corporation)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.71.1081 - AB Team, d.o.o.)
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM\...\{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 4 - Modern Warfare(TM) (HKLM\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform)
CrystalDiskInfo 7.5.0 (HKLM\...\CrystalDiskInfo_is1) (Version: 7.5.0 - Crystal Dew World)
Google Chrome (HKLM\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HydraVision (HKLM\...\{6CA72F0B-B7BF-AD64-B58B-C0189B3ACE12}) (Version: 4.2.242.0 - Advanced Micro Devices, Inc.) Hidden
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
PicPick (HKLM\...\PicPick) (Version: 4.2.6 - NGWIN)
Skype™ 7.36 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.36.150 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.7270 - Analog Devices)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version: - )
WebFldrs XP (HKLM\...\{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}) (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031517 - Microsoft Corporation)
WinRAR 5.50 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [2013-12-23] (Advanced Micro Devices, Inc.)

==================== Scheduled Tasks=============================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Zaloha usb.job => C:\WINDOWS\system32\ntbackup.exeŏbackup C:\Documents and Settings\Martin\Local Settings\Data aplikací\Microsoft\Windows NT\NTBackup\data\Zaloha usb.bks /n Backup.bkf vytvořeno 6.11.2017 v 18:13 /d Sada vytvořena 6.11.2017 v 18:13 /v:no /r:no /rs:no /hc:off /m normal /j Zaloha usb /l:s /f C:\Documents and Settings\All Users\Dokumenty\Záloha usb\Backup.bkf

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


ShortcutWithArgument: C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-infobars

==================== Loaded Modules (Whitelisted) ==============

2016-06-29 19:01 - 2016-06-29 19:01 - 008166536 _____ () C:\Program Files\SpeedFan\speedfan.exe
2017-11-03 22:55 - 2017-11-06 17:06 - 000158720 _____ () C:\Documents and Settings\Martin\Local Settings\Temp\sfareca00001.dll
2017-11-03 12:11 - 2017-11-06 17:06 - 000192512 _____ () C:\Documents and Settings\Martin\Local Settings\Temp\sfamcc00001.dll
2017-09-15 15:53 - 2017-09-24 22:12 - 000066872 _____ () C:\WINDOWS\system32\PnkBstrA.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-10-03 14:05 - 2017-11-03 12:10 - 000000753 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1292428093-1500820517-839522115-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Martin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
DNS Servers: 10.0.0.138
sharedaccess => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: KernelFaultCheck => %systemroot%\system32\dumprep 0 -k

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\uTorrent\uTorrent.exe] => Enabled:µTorrent

==================== Restore Points =========================

23-09-2017 09:08:15 Kontrolní bod systému
24-09-2017 11:14:50 Kontrolní bod systému
24-09-2017 21:54:56 Removed Call of Duty(R) 4 - Modern Warfare(TM)
26-09-2017 15:33:29 Kontrolní bod systému
28-09-2017 07:05:53 Kontrolní bod systému
29-09-2017 12:25:35 Kontrolní bod systému
30-09-2017 14:11:18 Kontrolní bod systému
01-10-2017 11:20:56 Odebráno: ESET NOD32 Antivirus
01-10-2017 17:53:29 Nainstalováno: Driver Booster
01-10-2017 17:56:03 Odebráno: Driver Booster
03-10-2017 09:44:37 Kontrolní bod systému
03-10-2017 13:37:50 JRT Pre-Junkware Removal
03-10-2017 13:48:39 Installed Sophos Virus Removal Tool.
03-10-2017 14:05:03 zoek.exe restore point
03-10-2017 16:01:03 JRT Pre-Junkware Removal
03-10-2017 16:01:51 Removed Sophos Virus Removal Tool.
04-10-2017 20:08:44 Kontrolní bod systému
05-10-2017 20:39:28 Kontrolní bod systému
07-10-2017 06:48:11 Kontrolní bod systému
08-10-2017 11:02:25 Kontrolní bod systému
09-10-2017 14:31:26 Kontrolní bod systému
10-10-2017 16:01:07 Kontrolní bod systému
11-10-2017 20:06:31 Kontrolní bod systému
12-10-2017 17:37:35 Odebráno: ESET NOD32 Antivirus
12-10-2017 21:17:15 SlimDrivers Installing Drivers
12-10-2017 21:17:36 Konfigurováno SoundMAX
12-10-2017 21:17:48 Instalováno SoundMAX
12-10-2017 21:25:59 SlimDrivers Installing Drivers
12-10-2017 21:42:21 Removed SlimDrivers
14-10-2017 13:11:24 Kontrolní bod systému
15-10-2017 13:21:39 Kontrolní bod systému
16-10-2017 19:48:37 Kontrolní bod systému
19-10-2017 11:45:57 Kontrolní bod systému
20-10-2017 19:57:59 Kontrolní bod systému
21-10-2017 20:08:58 Kontrolní bod systému
23-10-2017 13:59:52 Kontrolní bod systému
23-10-2017 18:44:42 Nainstalováno: Driver Booster
23-10-2017 18:46:01 Driver Booster : Adobe Flash Player ActiveX
23-10-2017 19:32:19 Odebráno: Driver Booster
25-10-2017 14:25:30 Kontrolní bod systému
26-10-2017 14:56:16 Kontrolní bod systému
28-10-2017 12:43:14 Kontrolní bod systému
28-10-2017 13:22:10 Installed Sophos Virus Removal Tool.
28-10-2017 14:04:38 Removed Sophos Virus Removal Tool.
29-10-2017 20:26:59 Kontrolní bod systému
31-10-2017 01:21:11 Kontrolní bod systému
31-10-2017 22:53:01 JRT Pre-Junkware Removal
31-10-2017 23:13:11 Operace obnovení
02-11-2017 18:17:41 Kontrolní bod systému
02-11-2017 18:39:50 Installed Sophos Virus Removal Tool.
02-11-2017 22:24:15 Removed Sophos Virus Removal Tool.
03-11-2017 12:10:11 zoek.exe restore point
04-11-2017 13:54:48 Kontrolní bod systému
05-11-2017 20:31:50 Odebráno: ESET NOD32 Antivirus
05-11-2017 22:14:51 Nainstalováno Windows XP KB942288-v3.
05-11-2017 22:26:11 Operace obnovení
05-11-2017 22:39:22 Installiert PC Inspector File Recovery
05-11-2017 23:21:29 Odebráno: ESET NOD32 Antivirus
06-11-2017 11:03:58 Entfernt PC Inspector File Recovery
Check "winmgmt" service or repair WMI.


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/30/2017 06:34:50 PM) (Source: MsiInstaller) (EventID: 10005) (User: MARTIN-POČÍTAČ)
Description: Product: O&O Defrag Professional -- Your operating system is not supported.

Error: (10/30/2017 06:34:01 PM) (Source: MsiInstaller) (EventID: 10005) (User: MARTIN-POČÍTAČ)
Description: Product: O&O Defrag Professional -- Your operating system is not supported.


System errors:
=============
Error: (11/06/2017 06:15:15 PM) (Source: Vyměnitelné úložiště) (EventID: 111) (User: )
Description: Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny Generic Flash Disk USB Device.

Error: (11/06/2017 06:15:14 PM) (Source: Vyměnitelné úložiště) (EventID: 111) (User: )
Description: Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny Generic Flash Disk USB Device.

Error: (11/06/2017 05:06:43 PM) (Source: Vyměnitelné úložiště) (EventID: 111) (User: )
Description: Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny Generic Flash Disk USB Device.

Error: (11/06/2017 05:06:43 PM) (Source: Vyměnitelné úložiště) (EventID: 111) (User: )
Description: Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny Generic Flash Disk USB Device.

Error: (11/06/2017 04:35:49 PM) (Source: Vyměnitelné úložiště) (EventID: 111) (User: )
Description: Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny Generic Flash Disk USB Device.

Error: (11/06/2017 04:35:48 PM) (Source: Vyměnitelné úložiště) (EventID: 111) (User: )
Description: Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny Generic Flash Disk USB Device.

Error: (11/06/2017 12:51:31 AM) (Source: Vyměnitelné úložiště) (EventID: 111) (User: )
Description: Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny Generic Flash Disk USB Device.

Error: (11/06/2017 12:51:30 AM) (Source: Vyměnitelné úložiště) (EventID: 111) (User: )
Description: Službě RSM se nepodařilo načíst médium v jednotce Jednotka 0 knihovny Generic Flash Disk USB Device.

Error: (11/05/2017 10:14:56 PM) (Source: NtServicePack) (EventID: 4379) (User: MARTIN-POČÍTAČ)
Description: Windows XP KB942288-v3 - instalace opravy hotfix se nezdařila.
Instalace aktualizace KB942288-v3 nebyla dokončena.

Error: (11/05/2017 10:14:54 PM) (Source: NtServicePack) (EventID: 4373) (User: MARTIN-POČÍTAČ)
Description: Windows XP KB942288-v3 - instalace se nezdařila.
Přístup byl odepřen.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 21%
Total physical RAM: 2045.89 MB
Available physical RAM: 1610.36 MB
Total Virtual: 3938.91 MB
Available Virtual: 3676.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:143.15 GB) (Free:8.79 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive e: (DISK USB) (Removable) (Total:29 GB) (Free:7.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 143.1 GB) (Disk ID: A029A029)
Partition 1: (Active) - (Size=143.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 29 GB) (Disk ID: 002E3345)
Partition 1: (Not Active) - (Size=29 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Uživatelský avatar
BAJLA
Level 3
Level 3
Příspěvky: 501
Registrován: duben 14
Bydliště: Olomoucký kraj
Pohlaví: Muž

Re: Zpomalení stolního počítače

Příspěvekod BAJLA » 06 lis 2017 18:19

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-11-2017 02
Ran by Martin (administrator) on MARTIN-POČÍTAČ (06-11-2017 18:18:14)
Running from C:\Documents and Settings\Martin\Plocha
Loaded Profiles: Martin (Available Profiles: Martin)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
() C:\Program Files\SpeedFan\speedfan.exe
() C:\WINDOWS\system32\PnkBstrA.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2013-12-23] (ATI Technologies Inc.)
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1292428093-1500820517-839522115-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [nltide3] => cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\RunOnce: [WUAppSetup] => C:\Program Files\Common Files\logishrd\WUApp32.exe [466648 2017-09-01] ()
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Documents and Settings\Martin\Nabídka Start\Programy\Po spuštění\SpeedFan.lnk [2017-09-06]
ShortcutTarget: SpeedFan.lnk -> C:\Program Files\SpeedFan\speedfan.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{74E47B30-1FC9-49C3-B8A1-D95FEC436045}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-1292428093-1500820517-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-21-1292428093-1500820517-839522115-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Toolbar: HKU\S-1-5-21-1292428093-1500820517-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)

FireFox:
========
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.youtube.com/?gl=CZ&hl=cs
CHR StartupUrls: Default -> "hxxps://www.google.cz/"
CHR Profile: C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default [2017-11-06]
CHR Extension: (Magic Actions for YouTube™) - C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif [2017-11-04]
CHR Extension: (AdBlock) - C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-11-04]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [643072 2013-12-23] (ATI Technologies Inc.) [File not signed]
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) [File not signed]
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2017-09-24] ()
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [6852096 2013-12-23] (ATI Technologies Inc.) [File not signed]
R3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [96256 2017-10-23] (Advanced Micro Devices)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DigiartyVirtualCDBus; C:\WINDOWS\System32\drivers\DigiartyVirtualCDBus.sys [163616 2017-09-15] (Digiarty Software, Inc.)
R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2017-09-01] (REALiX(tm))
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0 speedfan; C:\WINDOWS\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 IntelIde; no ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SenFiltService; system32\drivers\Senfilt.sys [X]
S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\WINDOWS\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 18:18 - 2017-11-06 18:18 - 000006033 _____ C:\Documents and Settings\Martin\Plocha\FRST.txt
2017-11-06 18:17 - 2017-11-06 18:18 - 000000000 ____D C:\FRST
2017-11-06 18:16 - 2017-11-06 18:16 - 001799680 _____ (Farbar) C:\Documents and Settings\Martin\Plocha\FRST.exe
2017-11-06 18:13 - 2017-11-06 18:13 - 000000892 _____ C:\WINDOWS\Tasks\Zaloha usb.job
2017-11-06 16:44 - 2017-11-06 16:44 - 000001934 _____ C:\usbflashcopy.ini
2017-11-06 16:43 - 2017-11-06 17:12 - 000000000 ____D C:\Documents and Settings\All Users\Dokumenty\Záloha usb
2017-11-06 16:41 - 2017-11-06 16:41 - 000294400 _____ C:\usbflashcopy.exe
2017-11-06 10:44 - 2017-11-06 10:44 - 000000000 ____D C:\Program Files\EaseUS
2017-11-06 00:51 - 2017-11-06 18:15 - 000000000 ____D C:\WINDOWS\system32\NtmsData
2017-11-05 23:07 - 2017-11-06 11:04 - 000000000 ____D C:\Program Files\Runtime Software
2017-11-05 22:30 - 2017-11-06 17:05 - 000000000 ____D C:\Program Files\Recuva
2017-11-05 22:14 - 2008-04-14 07:52 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2017-11-05 22:14 - 2008-04-14 07:51 - 002843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-11-05 22:14 - 2008-04-14 07:51 - 002843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi(2).dll
2017-11-05 22:14 - 2008-04-14 07:51 - 000271360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2017-11-05 22:14 - 2008-04-14 07:51 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2017-11-05 22:14 - 2008-04-13 20:09 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2017-11-05 09:57 - 2017-11-05 09:57 - 000000512 _____ C:\Documents and Settings\Martin\Plocha\MBR.dat
2017-11-05 09:56 - 2017-11-05 09:56 - 005200384 _____ (AVAST Software) C:\Documents and Settings\Martin\Plocha\aswmbr.exe
2017-11-04 10:39 - 2017-11-04 10:39 - 000000000 ____D C:\RescueCD Logs
2017-11-04 10:33 - 2017-11-04 10:33 - 000001657 _____ C:\Documents and Settings\Martin\Plocha\CrystalDiskInfo.lnk
2017-11-04 10:33 - 2017-11-04 10:33 - 000000000 ____D C:\Program Files\CrystalDiskInfo
2017-11-04 10:33 - 2017-11-04 10:33 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\CrystalDiskInfo
2017-11-04 03:23 - 2017-11-04 10:32 - 000000000 ____D C:\Kaspersky Rescue Disk 10.0
2017-11-03 23:12 - 2017-11-03 23:20 - 000000000 ____D C:\Documents and Settings\Martin\Heaven
2017-11-03 23:11 - 2017-11-03 23:11 - 000728064 _____ C:\Documents and Settings\Martin\Local Settings\Data aplikací\file__0.localstorage
2017-11-03 23:11 - 2017-11-03 23:11 - 000000000 ____D C:\Program Files\Unigine
2017-11-03 23:08 - 2017-11-03 23:08 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2017-11-03 23:07 - 2017-11-03 23:07 - 000000000 ____D C:\Documents and Settings\Martin\Data aplikací\WinRAR
2017-11-03 19:20 - 2017-11-03 19:21 - 000000000 ___SD C:\ComboFix
2017-11-03 12:27 - 2017-11-03 12:27 - 000000000 ____D C:\Qoobox
2017-11-03 12:27 - 2011-06-26 07:45 - 000256000 _____ C:\WINDOWS\PEV.exe
2017-11-03 12:27 - 2010-11-07 18:20 - 000208896 _____ C:\WINDOWS\MBR.exe
2017-11-03 12:27 - 2009-04-20 05:56 - 000060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2017-11-03 12:27 - 2000-08-31 01:00 - 000518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2017-11-03 12:27 - 2000-08-31 01:00 - 000406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2017-11-03 12:27 - 2000-08-31 01:00 - 000212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2017-11-03 12:27 - 2000-08-31 01:00 - 000098816 _____ C:\WINDOWS\sed.exe
2017-11-03 12:27 - 2000-08-31 01:00 - 000080412 _____ C:\WINDOWS\grep.exe
2017-11-03 12:27 - 2000-08-31 01:00 - 000068096 _____ C:\WINDOWS\zip.exe
2017-11-03 12:25 - 2017-11-03 12:25 - 005660403 ____R (Swearware) C:\Documents and Settings\Martin\Plocha\ComboFix.exe
2017-11-03 12:13 - 2017-11-03 12:45 - 000000000 ____D C:\Program Files\Zemana AntiMalware
2017-11-03 12:12 - 2017-11-03 12:12 - 006625600 _____ (Zemana Ltd. ) C:\Documents and Settings\Martin\Plocha\Zemana.AntiMalware.Setup.exe
2017-11-03 12:10 - 2017-11-06 18:18 - 000000000 ____D C:\Documents and Settings\Martin\Local Settings\Temp
2017-11-03 12:10 - 2017-11-03 12:10 - 000000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2017-11-03 12:10 - 2017-11-03 12:10 - 000000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2017-11-03 12:10 - 2017-11-03 12:10 - 000000000 ____D C:\Documents and Settings\Default User\Local Settings\Temp
2017-11-03 12:10 - 2017-11-03 12:09 - 000024064 _____ C:\WINDOWS\zoek-delete.exe
2017-11-03 12:09 - 2017-11-03 12:09 - 001313792 _____ C:\Documents and Settings\Martin\Plocha\zoek.exe
2017-11-03 12:09 - 2017-11-03 12:09 - 000000000 ____D C:\zoek_backup
2017-11-02 21:54 - 2017-11-02 21:54 - 000000000 _____ C:\Documents and Settings\Martin\Plocha\RogueKiller.exe
2017-11-02 19:10 - 2017-11-02 19:10 - 000061629 _____ C:\Documents and Settings\Martin\Plocha\JRT.exe
2017-11-02 18:36 - 2017-11-02 18:36 - 000000000 ____D C:\Documents and Settings\Martin\Data aplikací\PicPick
2017-11-02 17:57 - 2017-11-02 17:57 - 008250832 _____ (Malwarebytes) C:\Documents and Settings\Martin\Plocha\AdwCleaner.exe
2017-11-02 17:57 - 2017-11-02 17:57 - 000448512 _____ (OldTimer Tools) C:\Documents and Settings\Martin\Plocha\TFC.exe
2017-11-02 17:57 - 2017-11-02 17:57 - 000050688 _____ (Atribune.org) C:\Documents and Settings\Martin\Plocha\ATF-Cleaner (1).exe
2017-11-02 11:39 - 2017-11-02 11:39 - 000388608 _____ (Trend Micro Inc.) C:\Documents and Settings\Martin\Plocha\hijackthis.exe
2017-11-01 12:56 - 2017-11-01 12:56 - 000000682 _____ C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
2017-11-01 12:56 - 2017-11-01 12:56 - 000000000 ____D C:\Program Files\CCleaner
2017-11-01 12:56 - 2017-11-01 12:56 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
2017-11-01 12:55 - 2017-11-01 12:55 - 010427120 _____ (Piriform Ltd) C:\ccsetup536.exe
2017-11-01 12:04 - 2011-06-21 11:24 - 000032768 _____ C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2017-10-31 23:16 - 2017-10-31 23:16 - 000000000 ____D C:\Documents and Settings\Martin\Local Settings\Data aplikací\SlimWare Utilities Inc
2017-10-31 23:14 - 2017-10-31 23:14 - 000000000 ____D C:\Program Files\VideoLAN
2017-10-31 23:14 - 2017-10-31 23:14 - 000000000 ____D C:\Program Files\Common Files\ODBC
2017-10-31 22:21 - 2017-11-02 17:57 - 000000000 ____D C:\Documents and Settings\Martin\Data aplikací\Skype
2017-10-31 21:39 - 2017-10-31 21:39 - 014147584 _____ C:\WINDOWS\system32\config\software.iodefrag.bak
2017-10-31 21:39 - 2017-10-31 21:39 - 000253952 _____ C:\WINDOWS\system32\config\default.iodefrag.bak
2017-10-31 21:39 - 2017-10-31 21:39 - 000045056 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2017-10-31 21:39 - 2017-10-31 21:39 - 000024576 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2017-10-31 21:39 - 2017-10-31 21:39 - 000000000 ____H C:\asc_rdflag
2017-10-31 21:20 - 2017-10-31 21:20 - 014147584 _____ C:\WINDOWS\system32\config\software.iobit
2017-10-31 21:20 - 2017-10-31 21:20 - 000253952 _____ C:\WINDOWS\system32\config\default.iobit
2017-10-31 21:20 - 2017-10-31 21:20 - 000045056 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2017-10-31 21:20 - 2017-10-31 21:20 - 000024576 _____ C:\WINDOWS\system32\config\SAM.iobit
2017-10-31 21:12 - 2017-10-31 23:14 - 000000000 ____D C:\Documents and Settings\Martin\Data aplikací\IObit
2017-10-30 13:28 - 2017-11-06 16:30 - 000000000 ____D C:\Documents and Settings\Martin\Data aplikací\uTorrent
2017-10-29 13:01 - 2017-10-29 13:01 - 000000000 ____D C:\Documents and Settings\Martin\Data aplikací\ATI
2017-10-25 17:26 - 2017-11-01 15:09 - 000000000 ____D C:\Documents and Settings\Martin\Data aplikací\BSplayer
2017-10-25 17:26 - 2017-10-25 17:26 - 010563576 _____ C:\bsplayer271.setup.exe
2017-10-25 17:26 - 2017-10-25 17:26 - 000000775 _____ C:\Documents and Settings\Martin\Plocha\BS.Player FREE.lnk
2017-10-25 17:26 - 2017-10-25 17:26 - 000000775 _____ C:\Documents and Settings\Martin\Nabídka Start\BS.Player FREE.lnk
2017-10-25 17:26 - 2017-10-25 17:26 - 000000000 ____D C:\Program Files\Webteh
2017-10-25 17:26 - 2017-10-25 17:26 - 000000000 ____D C:\Documents and Settings\Martin\Nabídka Start\Programy\BS.Player
2017-10-25 17:26 - 2017-10-25 17:26 - 000000000 ____D C:\Documents and Settings\Martin\Data aplikací\BSplayer Pro
2017-10-23 19:42 - 2017-10-24 20:46 - 000001851 _____ C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2017-10-23 19:42 - 2017-10-23 19:42 - 000001819 _____ C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Chrome.lnk
2017-10-23 19:42 - 2017-10-23 19:42 - 000000000 ____D C:\Documents and Settings\Martin\Local Settings\Data aplikací\Google
2017-10-23 19:41 - 2017-10-31 21:43 - 000000000 ____D C:\Program Files\Google
2017-10-23 19:40 - 2017-10-23 19:40 - 001130328 _____ (Google Inc.) C:\ChromeSetup.exe
2017-10-23 19:21 - 2017-10-23 19:21 - 000000000 ____D C:\Documents and Settings\Martin\Dokumenty\Stažené soubory
2017-10-22 19:17 - 2017-10-22 19:17 - 000000000 ____D C:\WINDOWS\system32\VIRepair
2017-10-22 18:56 - 2017-10-22 19:17 - 000000000 ____D C:\Program Files\TrueTransparency
2017-10-22 18:53 - 2017-10-22 19:18 - 000000000 ____D C:\WINDOWS\system32\VITrans
2017-10-22 18:53 - 2006-12-03 16:15 - 000111104 _____ C:\WINDOWS\system32\Uharc.exe
2017-10-22 18:53 - 2006-12-03 16:15 - 000069632 _____ C:\WINDOWS\system32\moveex.exe
2017-10-22 18:53 - 2006-12-03 16:15 - 000019968 _____ (Dead Knight) C:\WINDOWS\system32\reico.exe
2017-10-22 18:53 - 2006-12-03 16:14 - 000008636 _____ C:\WINDOWS\system32\modifype.exe
2017-10-22 18:52 - 2009-03-23 16:39 - 000020480 _____ (Windows X) C:\WINDOWS\system32\scrnrdr.exe
2017-10-20 15:27 - 2017-09-13 18:57 - 000001501 _____ C:\Documents and Settings\Martin\Plocha\Klávesnice na obrazovce.lnk
2017-10-18 22:40 - 2017-10-18 22:40 - 000000060 _____ C:\Documents and Settings\Martin\Dokumenty\emebdevideo.tk-video-55253-.url
2017-10-13 17:39 - 2017-10-13 17:39 - 000000434 _____ C:\Documents and Settings\Martin\Plocha\Zástupce - Zvuky a zvuková zařízení.lnk
2017-10-12 21:36 - 2017-10-12 21:36 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\ATI
2017-10-12 21:35 - 2017-10-12 21:35 - 000000143 _____ C:\Documents and Settings\All Users\Data aplikací\LaunchURL.bat
2017-10-12 21:34 - 2017-10-12 21:34 - 000000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\Catalyst Control Center
2017-10-12 21:33 - 2017-10-23 18:58 - 000096256 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\AtihdXP3.sys
2017-10-12 21:28 - 2017-10-30 22:52 - 000000000 ____D C:\AMD
2017-10-12 21:14 - 2017-10-31 23:14 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\ProductData
2017-10-11 20:25 - 2017-10-11 20:25 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\PicPick
2017-10-09 20:28 - 2017-10-23 17:34 - 000000000 ____D C:\Documents and Settings\Martin\Local Settings\Data aplikací\Adobe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-06 18:18 - 2017-09-01 16:58 - 000000000 ____D C:\Documents and Settings\Martin\Plocha
2017-11-06 17:06 - 2017-09-06 21:12 - 000000000 ____D C:\Program Files\SpeedFan
2017-11-06 17:06 - 2017-09-01 16:58 - 000000178 ___SH C:\Documents and Settings\Martin\ntuser.ini
2017-11-06 17:06 - 2017-09-01 16:57 - 000032592 _____ C:\WINDOWS\SchedLgU.Txt
2017-11-06 17:06 - 2017-09-01 16:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-06 16:43 - 2017-09-01 18:48 - 000000000 ___RD C:\Documents and Settings\All Users\Dokumenty
2017-11-06 11:04 - 2017-09-01 18:48 - 000000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2017-11-06 11:04 - 2017-09-01 18:48 - 000000000 ___RD C:\Documents and Settings\All Users\Nabídka Start
2017-11-06 11:04 - 2017-09-01 18:48 - 000000000 ____D C:\Documents and Settings\All Users\Plocha
2017-11-06 11:03 - 2017-09-01 17:59 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
2017-11-06 09:26 - 2017-09-01 17:58 - 000026624 _____ C:\Documents and Settings\Martin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-06 00:37 - 2017-09-01 20:01 - 000000000 ____D C:\Documents and Settings\Martin\Dokumenty\Filmy
2017-11-05 23:21 - 2017-09-01 18:44 - 000000000 ___HD C:\WINDOWS\inf
2017-11-05 22:26 - 2017-09-01 16:58 - 000000000 ____D C:\Documents and Settings\Martin
2017-11-05 22:26 - 2017-09-01 16:57 - 000000000 __SHD C:\Documents and Settings\NetworkService
2017-11-05 22:26 - 2017-09-01 16:57 - 000000000 __SHD C:\Documents and Settings\LocalService
2017-11-05 22:26 - 2017-09-01 16:53 - 000000000 ____D C:\WINDOWS\Registration
2017-11-05 22:14 - 2017-09-01 18:44 - 000000000 RSHDC C:\WINDOWS\system32\dllcache
2017-11-05 20:32 - 2017-09-01 18:47 - 000000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2017-11-05 13:12 - 2017-09-15 16:00 - 000022328 _____ C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2017-11-05 13:12 - 2017-09-15 15:59 - 000103736 _____ C:\WINDOWS\system32\PnkBstrB.exe
2017-11-05 09:54 - 2001-10-25 13:00 - 000002206 _____ C:\WINDOWS\system32\wpa.dbl
2017-11-04 16:41 - 2017-09-20 12:47 - 000000000 ____D C:\Documents and Settings\Martin\Plocha\Klipy
2017-11-03 23:21 - 2017-09-03 18:53 - 000000000 ____D C:\Program Files\MSI Afterburner
2017-11-03 23:21 - 2017-09-01 16:58 - 000000000 ___RD C:\Documents and Settings\Martin\Nabídka Start\Programy
2017-11-03 23:11 - 2017-09-01 16:58 - 000000000 ___HD C:\Documents and Settings\Martin\Local Settings\Data aplikací
2017-11-03 23:08 - 2017-09-01 16:54 - 000000000 ____D C:\WINDOWS\system32\DirectX
2017-11-03 23:07 - 2017-09-01 16:58 - 000000000 __RHD C:\Documents and Settings\Martin\Data aplikací
2017-11-03 12:28 - 2017-10-03 13:39 - 000089846 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-11-03 12:26 - 2017-10-03 13:39 - 000010801 _____ C:\WINDOWS\ZAM.krnl.trace
2017-11-02 13:19 - 2017-09-15 17:17 - 000002283 _____ C:\Documents and Settings\All Users\Plocha\Skype.lnk
2017-11-01 12:04 - 2017-09-01 16:58 - 000000000 ___RD C:\Documents and Settings\Martin\Dokumenty
2017-10-31 23:17 - 2017-09-01 18:47 - 000095072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-10-31 23:14 - 2017-09-01 17:52 - 000000000 ____D C:\Documents and Settings\All Users\Data aplikací\IObit
2017-10-31 22:07 - 2017-09-23 17:58 - 000000000 ____D C:\WINDOWS\Minidump
2017-10-31 21:51 - 2017-09-01 17:48 - 000000000 ____D C:\Program Files\IObit
2017-10-31 21:48 - 2017-09-01 16:58 - 000000000 ___HD C:\Documents and Settings\Martin\Šablony
2017-10-31 21:44 - 2001-10-25 13:00 - 000389938 _____ C:\WINDOWS\system32\perfh005.dat
2017-10-31 21:44 - 2001-10-25 13:00 - 000068916 _____ C:\WINDOWS\system32\perfc005.dat
2017-10-31 21:39 - 2017-09-01 18:47 - 014155776 _____ C:\WINDOWS\system32\config\software.iodefrag.old
2017-10-31 21:39 - 2017-09-01 18:47 - 000262144 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.old
2017-10-31 21:39 - 2017-09-01 18:47 - 000262144 _____ C:\WINDOWS\system32\config\SAM.iodefrag.old
2017-10-31 21:39 - 2017-09-01 18:47 - 000262144 _____ C:\WINDOWS\system32\config\default.iodefrag.old
2017-10-31 21:39 - 2017-09-01 17:18 - 000262144 _____ C:\WINDOWS\system32\config\ACEEvent.evt
2017-10-30 22:35 - 2017-09-01 17:18 - 000011184 _____ C:\Documents and Settings\Martin\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
2017-10-30 14:44 - 2001-10-25 13:00 - 000000477 _____ C:\WINDOWS\win.ini
2017-10-30 14:44 - 2001-10-25 13:00 - 000000227 _____ C:\WINDOWS\system.ini
2017-10-30 13:28 - 2017-09-01 17:44 - 000000000 ____D C:\Program Files\uTorrent
2017-10-29 10:24 - 2017-09-01 18:20 - 000000000 ____D C:\Program Files\Common Files\logishrd
2017-10-29 10:24 - 2017-09-01 16:52 - 000000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy\Příslušenství
2017-10-29 09:01 - 2017-09-01 18:48 - 000920954 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-10-29 08:56 - 2017-09-08 21:43 - 000000000 ____D C:\Documents and Settings\Martin\Local Settings\Data aplikací\ESET
2017-10-25 17:32 - 2017-09-01 18:47 - 000000222 ___SH C:\boot.ini
2017-10-25 17:26 - 2017-09-01 16:58 - 000000000 ___RD C:\Documents and Settings\Martin\Nabídka Start
2017-10-24 18:35 - 2017-10-05 16:30 - 000000000 ____D C:\Documents and Settings\Martin\Local Settings\Data aplikací\Mozilla
2017-10-23 19:33 - 2017-09-01 16:53 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-10-22 19:18 - 2017-09-01 16:53 - 000000000 ____D C:\Program Files\Outlook Express
2017-10-22 19:17 - 2017-09-01 18:44 - 000000000 ____D C:\WINDOWS\Media
2017-10-22 19:17 - 2017-09-01 18:44 - 000000000 ____D C:\WINDOWS\Cursors
2017-10-12 21:34 - 2017-09-01 17:14 - 000000000 ____D C:\Program Files\ATI Technologies
2017-10-12 21:17 - 2017-09-01 18:44 - 000000000 ____D C:\WINDOWS\system

==================== Files in the root of some directories =======

2017-09-01 17:58 - 2017-11-06 09:26 - 000026624 _____ () C:\Documents and Settings\Martin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-11-03 23:11 - 2017-11-03 23:11 - 000728064 _____ () C:\Documents and Settings\Martin\Local Settings\Data aplikací\file__0.localstorage
2017-10-12 21:35 - 2017-10-12 21:35 - 000000143 _____ () C:\Documents and Settings\All Users\Data aplikací\LaunchURL.bat

Some files in TEMP:
====================
2017-11-03 12:11 - 2017-11-06 17:06 - 000192512 _____ () C:\Documents and Settings\Martin\Local Settings\Temp\sfamcc00001.dll
2017-11-03 22:55 - 2017-11-06 17:06 - 000158720 _____ () C:\Documents and Settings\Martin\Local Settings\Temp\sfareca00001.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

Uživatelský avatar
Orcus
člen Security týmu
Elite Level 10.5
Elite Level 10.5
Příspěvky: 10504
Registrován: duben 10
Bydliště: Okolo rostou 3 růže =o)
Pohlaví: Muž

Re: Zpomalení stolního počítače

Příspěvekod Orcus » 06 lis 2017 19:23

Kolik máš volného místa na disku?

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.


Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1292428093-1500820517-839522115-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [WUAppSetup] => C:\Program Files\Common Files\logishrd\WUApp32.exe [466648 2017-09-01] ()
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1292428093-1500820517-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-21-1292428093-1500820517-839522115-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Toolbar: HKU\S-1-5-21-1292428093-1500820517-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Společnost Microsoft)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
S4 IntelIde; no ImagePath


(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusť FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

+

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému.

Toto otestuj na Virustotal:
C:\Documents and Settings\Martin\Local Settings\Temp\sfareca00001.dll
C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [File not signed]
C:\WINDOWS\system32\drivers\Senfilt.sys [X]
C:\Documents and Settings\All Users\Data aplikací\LaunchURL.bat

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Láska hřeje, ale uhlí je uhlí. :fire:



Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.

Pár rad k bezpečnosti PC.

Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a jerabina

Pokud budete spokojeni , můžete podpořit naše fórum.

Uživatelský avatar
BAJLA
Level 3
Level 3
Příspěvky: 501
Registrován: duben 14
Bydliště: Olomoucký kraj
Pohlaví: Muž

Re: Zpomalení stolního počítače

Příspěvekod BAJLA » 06 lis 2017 19:31

Volné místo na disku je 20 GB.

Uživatelský avatar
BAJLA
Level 3
Level 3
Příspěvky: 501
Registrován: duben 14
Bydliště: Olomoucký kraj
Pohlaví: Muž

Re: Zpomalení stolního počítače

Příspěvekod BAJLA » 06 lis 2017 19:40

Fix result of Farbar Recovery Scan Tool (x86) Version: 02-11-2017 02
Ran by Martin (06-11-2017 19:34:58) Run:1
Running from C:\Documents and Settings\Martin\Plocha
Loaded Profiles: Martin (Available Profiles: Martin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1292428093-1500820517-839522115-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [WUAppSetup] => C:\Program Files\Common Files\logishrd\WUApp32.exe [466648 2017-09-01] ()
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1292428093-1500820517-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\S-1-5-21-1292428093-1500820517-839522115-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
Toolbar: HKU\S-1-5-21-1292428093-1500820517-839522115-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll [2008-04-14] (Spolenost Microsoft)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll [No File]
S2 SkypeUpdate; C:\Program Files\Skype\Updater\Updater.exe [317400 2017-04-05] (Skype Technologies) [File not signed]
S4 IntelIde; no ImagePath
*****************

Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully.
HKU\S-1-5-21-1292428093-1500820517-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\WUAppSetup => value removed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLowDiskSpaceChecks => value removed successfully.
HKU\S-1-5-21-1292428093-1500820517-839522115-1003\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1292428093-1500820517-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully.
HKLM\Software\Classes\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
HKU\S-1-5-21-1292428093-1500820517-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} => value removed successfully.
HKLM\Software\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383} => key removed successfully.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully.
HKLM\System\CurrentControlSet\Services\SkypeUpdate => key removed successfully.
SkypeUpdate => service removed successfully.
HKLM\System\CurrentControlSet\Services\IntelIde => key removed successfully.
IntelIde => service removed successfully.


The system needed a reboot.

==== End of Fixlog 19:35:03 ====


Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37272
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Zpomalení stolního počítače

Příspěvekod jaro3 » 06 lis 2017 21:37

Soubory Ok.

20GB je kolik procent?

Co problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra

Uživatelský avatar
BAJLA
Level 3
Level 3
Příspěvky: 501
Registrován: duben 14
Bydliště: Olomoucký kraj
Pohlaví: Muž

Re: Zpomalení stolního počítače

Příspěvekod BAJLA » 06 lis 2017 22:19

Image 1.jpg
Nemáte oprávnění prohlížet přiložené soubory.

Uživatelský avatar
BAJLA
Level 3
Level 3
Příspěvky: 501
Registrován: duben 14
Bydliště: Olomoucký kraj
Pohlaví: Muž

Re: Zpomalení stolního počítače

Příspěvekod BAJLA » 06 lis 2017 22:19

Je to lepší.

Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 37272
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž

Re: Zpomalení stolního počítače

Příspěvekod jaro3 » 07 lis 2017 10:13

Tak zkusíme poslední nástroj , pokud nezabere , bude to tím diskem.

Stáhni si OTL by OldTimer
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt

Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra


Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: CommonCrawl [Bot] a 2 hosti