Prosím o pomoc zatížený disk a podezření na viry

Příspěvekod **jaro3** » 16 srp 2018 18:29

Ještě RK.

Reklama

darkmarek · Příspěvekod **darkmarek** » 18 srp 2018 13:11

RogueKiller V12.12.31.0 (x64) [Aug 10 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Marek [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/18/2018 10:24:20 (Duration : 02:23:08)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 22 ¤¤¤
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\Simplitec -> Found
[PUP.Gen1] (X86) HKEY_LOCAL_MACHINE\Software\SlimWare Utilities Inc -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : https://www.seznam.cz/?clid=22668 -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : https://www.seznam.cz/?clid=22668 -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08172018024536587\Software\Microsoft\Internet Explorer\Main | Search Bar : https://www.seznam.cz/?clid=22668 -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-08172018024536587\Software\Microsoft\Internet Explorer\Main | Search Bar : https://www.seznam.cz/?clid=22668 -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {7930B529-2F8B-455C-B25F-A368ACDFB207} : v2.25|Action=Allow|Active=TRUE|Dir=Out|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {F0DD1DCF-FD68-4B10-A6CB-FD635AFD53DE} : v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe|Name=HD-OBS| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {0C0F0B53-64A2-44F6-A5C1-3F5E5FA28680} : v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9E3CB8CC-7EBC-4412-AC09-2678F4DCFE73} : v2.10|Action=Allow|Active=TRUE|Dir=Out|App=C:\Program Files (x86)\Protected Search\ProtectedSearch.exe|Name=Protected Search| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {CA847730-A1E1-492E-A7A0-547821818758} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe|Name=PandoraService| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {C3EB4F88-E407-41AA-8E1E-E36404134F4C} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe|Name=PandoraService| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | TCP Query User{15CF62D1-377A-4196-9B16-DBCC62CA4CC4}C:\users\marek\appdata\local\google\chrome\application\chrome.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\marek\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe|Defer=User| [x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | UDP Query User{676C3021-6380-4EC6-BF3E-80FDAC14FA7B}C:\users\marek\appdata\local\google\chrome\application\chrome.exe : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\marek\appdata\local\google\chrome\application\chrome.exe|Name=chrome.exe|Desc=chrome.exe|Defer=User| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DD00AC5A-04F7-4817-878B-407133927202} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\simplitec\KMPFaster\PowerSuite.exe|Name=Simplitec simplitec Power Suite| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9609C6E5-EF67-48A6-AC99-C549F6A9A7B9} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\simplitec\KMPFaster\PowerSuite.exe|Name=Simplitec simplitec Power Suite| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E7BDF2A3-5D98-4056-8B03-96666FA126D2} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|App=C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe|Name=simplitec Powersuite Tray TCP|Desc=Service Channel|EmbedCtxt=Simplitec Group| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {17EE79E8-D514-4927-B3B9-B70C633091A9} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe|Name=simplitec Powersuite Tray UDP|Desc=Service Channel|EmbedCtxt=Simplitec Group| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {9E0BC977-084A-4DD7-9832-F9D73D2BCAC5} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|App=C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe|Name=simplitec Powersuite Tray UDP|Desc=Service Channel|EmbedCtxt=Simplitec Group| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {6D4979E0-B7D2-40D5-8F21-38F0B34C1281} : v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|App=C:\Program Files (x86)\simplitec\KMPFaster\ServiceProvider.exe|Name=simplitec Powersuite Tray UDP|Desc=Mobile Device Multicast|EmbedCtxt=Simplitec Group| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {E5BEABB5-DFCE-4EBE-B7FF-AB88B8AE526B} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe|Name=PandoraService| [x] -> Found
[PUP.Gen1] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {46F5757C-A50D-47AD-A399-E009BF43CDDB} : v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe|Name=PandoraService| [x] -> Found

¤¤¤ Tasks : 8 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\3CytMDtBqglwrvpAbE1HHw0pFb.job -- C:\Users\Marek\AppData\Roaming\3CytMDtBqglwrvpAbE1HHw0pFb.exe (--c=d7U5Le+OWaeMGNvKB8dyBkLrA6c7BrwhgYPx2MK+S1dJRihrPBjJlQE92HSmowsD94pa62d0It+o4HkU++b6GQUMRc+++Wman/M8xCPmFVQi7BWtT6AsajW2nhLT3Zs8PZSdRNWzkRpuEMAN9J0neCwq2ra/8Y5vGiMIhYNbOWJ7Ux4JF/nB5XHF7pqFvr4xpsKIsyNja8m9roPua/SMRVlabcsfeJC7A5I1X9nmZAUqF7V6wTFU7nBKOv5O4ChTEwKJKYJ+OgmRQRB/vUDqh+CYrvG1NdahfcLdeM3VlOmni3OzC9Av8cXP8Vlpgu042zWwa6wmyEdASz1eww3m/g==) -> Found
[Suspicious.Path] %WINDIR%\Tasks\foEoHIycwaJS59hwck07FWUNdYD.job -- C:\Users\Marek\AppData\Roaming\foEoHIycwaJS59hwck07FWUNdYD.exe (--c=eGiBuMcqWzvW+xAY1eX6uGRQytulQnsADzxSZNVRORtwpU4cTLqrnHCAg8Dinl/XSEfyS2MxZ58rAiWfwy+cA4f4wW1c2a5Twiqho6Jm/wYIsloEg5d2l2MbGn4pR+l1Usv8HPS67jZPZ530fzrvmU8XA6FuTahrRZ6IzYSukk2ydiuGG9L1sXRQ3j9uSjduVRsvkDR3MTZj+wOXUVyrGI3DoGuTrzYyyXm5J18M/12r+fR08lPqsdcdHHYgFNehxWJ52HxEzElvTlJckt8sAVagkfdxEKhfw/W90fxbR2B6CPEYi10Tw15/R9Uqb0wKdCImJCJR2KLSeU9jpD0qow==) -> Found
[Suspicious.Path] %WINDIR%\Tasks\GmCe4Ryun12OPOueDlbFkpfVBHT.job -- C:\Users\Marek\AppData\Roaming\GmCe4Ryun12OPOueDlbFkpfVBHT.exe (--c=gavDVtei3mFNfG5yMgKEW784lwaQ44CBAd6RAg5F/YGq5nhw440BsGRunzPx8Lf9f1zZxkoF46jjEr7yUf4q+ExhVLV6dANmu/qTvU8xVl79UWwwmTyzrnsAKkAZONIxEYCP1k1JlyC02mZJ6x/JHsn1msEgkjBSuAhtMpShJuiOQKgZIBnS0Gxg/KXZ8l3CoT/vl+E9FHCDJXLboUEnbsjYKn1JxuR3uYz5EMP3IngtrdMvN2gdEQBGlED2CgPsWQSy65MraBnfR/sSUoZg80hufnGjTLVBmVDp9bK+UQ2LzmteJn5bQfmEvQBCjzJodhfl97uBNDuGbah+l6Szpg==) -> Found
[Suspicious.Path] %WINDIR%\Tasks\jBMvedAOGPvAe275ePW2rh9VAPN.job -- C:\Users\Marek\AppData\Roaming\jBMvedAOGPvAe275ePW2rh9VAPN.exe (--c=aFcNx5XwYF+dU8EtJGW6IAGW+Q5tP0CH9cj17uFbf+VE7vrMSZJ1YLM6iD998on/1KI91Vy8eazmLjKpnX8rHh53g0vg5lueYHCsAWty6iuWWR4Q9X/UG3WgfaOQnujE+aU0N/PeWVb6DCRQ5o9kjOWVHVwOT4rsjTe8v1qQFOu9piK45zghr7yiw/vk5wVatgAtR2YnSCEWmO/wm6fev6NcJ+C1oyfCrepN5HmifYjBc6X9r5/tIjwz8Hu8KKECTuGsqynwQgtuBHKedFTGamj0SVZjIkqEPAMXZUqP3BcH++/vz7Y++tEIWVeRMzwNtTF4t7MosommK7vE8+7sHA==) -> Found
[Suspicious.Path] %WINDIR%\Tasks\jDehN53F2VzAYc.job -- C:\Users\Marek\AppData\Roaming\jDehN53F2VzAYc.exe (--c=wU7CIUj9fIMmZ83rfsVo8Q7D9XD9vQRSsHv/ockHYgcBQTF6x/TYuGa9BjBlEfp67SgW9EzcWIQJwouEuTHnGyxBa3kHssOQQIiS/K9WpX1mlG05gPH8h0H0+8vDOVxvcOTTotJUH0PMr5rcWY5pUz6gvklk5JcnR48xrxKupzUvYG/+KU+/eXwtrWaFiekkpoeNGq6tvoaem7OFry10f/+hcirCPBmHJMbim3OMiURGwLL1W5Vfp5PTMv+aKS7YWN3HSUfrOkmorAr2GIrdY2eS6T4T37RpvOj2i/rlBUIQZtmNJDSmblZquNZAoSKfmD1tCx/M7+1Ug8LftR1xoA==) -> Found
[PUP.Gen0] %WINDIR%\Tasks\mQrMZ4PGIygNX6hyvsNCi2.job -- C:\Users\Marek\AppData\Roaming\mQrMZ4PGIygNX6hyvsNCi2.exe (--c=QBdZIjUoHSRvxr8RzAHaLewCHxxG3/HLNaA6IoiUHnF3hHy3WRdg9jDz0JVZjFuxdUPI0rvEaeBafAzxpvLrNy/0mOdxHMHEMT+NMyCMX37bGpbzx9dBoWsOt0OamztHUqWL2SgDev5uRdvIWCbENU7uJak59XKBnlKEBlhDFWqoMBohbwYiik6+veD3JkKOtS6Yai/t9g3IjDAzQbqSEgz7JhEadgfjcmJ5T8YX6BWjWkQfB4NubhVmjzJu3Jb2Qn4fa5NgyBhvVGoBWVdXNJ8BGNBv7j89MyUnlPWGofMh4NZw3mqWadOkNcSp+m7spUVR5FgVMMBgnBmaX0Satg==) -> Found
[Suspicious.Path] %WINDIR%\Tasks\nampDQG2qLbs7z.job -- C:\Users\Marek\AppData\Roaming\nampDQG2qLbs7z.exe (--c=vcFuD3mRrProYsI7wdpePYl96By2Z6+dkNW+fWhcRI0whvbCAbTCkVN/owokGz2wNvcbMH5ysCnZnfx3AzVEoK5vhddog6RJoXnTThXtDB6tAmJqFEUICoFJsMbfJf7qKmBtzR5bjPoddD4Wtnvn8CqXyfQIZ2cdzwl+oNTHllimQUhHlE8S4zgOPt/qVsut2R3daT+I809xs7ufgDr6dVcLuTN9v3ytcfiF9sKyldeCKGeMfULvIB5UQb8lmA2dqd0h7GVecrziyHlQ181GGpl05++NBQm9eSvJHLkRQzQ4x+okM3zaQ/vJ8+kYg8TQ6z18DzgXNhGpRmRq2q220w==) -> Found
[Suspicious.Path] %WINDIR%\Tasks\Pajxp7Hpr4C2.job -- C:\Users\Marek\AppData\Roaming\Pajxp7Hpr4C2.exe (--c=hfiRUC3nC2febvDgU5xtBz8PEEJS+Ri5tAWMEryakxl0cwtkgumvNY/d5WUk29O4+9E6K/Mf0Ha2WFbMkiZUDbcNhPHIbIloTIXkSQZjtUqgb9Ylr0DxPH0wX/BIebVUIgcgsI/Tg8JZp4rivFvqFR0jVrIijy/F8XUg6LXB5r2+brnLtPrzEt6NPkgt+I9GD8soD2Jg5S60iF4oS9iDaXfcek5C3J2M5bJYtl3t8DCM2zDmHlY1GxolIqH3UIGu3GmpXdwpoJVC8umBSrBuAp+dO1MxYUOhguQBildgEfuXK2jU0nvegNnu+z3g+t0jAU+s3vtBaerKujIfRUmGpA==) -> Found

¤¤¤ Files : 10 ¤¤¤
[PUP.Gen1][Folder] C:\ProgramData\simplitec -> Found
[PUP.AutoIt.Gen][File] C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\neoSearch\neoSearch Readme.lnk [LNK@] C:\Users\Marek\AppData\Roaming\KOSHYJ~1.COM\NEOSEA~1\NEOSEA~1.EXE help -> Found
[PUP.AutoIt.Gen][File] C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\neoSearch\neoSearch.lnk [LNK@] C:\Users\Marek\AppData\Roaming\KOSHYJ~1.COM\NEOSEA~1\NEOSEA~1.EXE -> Found
[PUP.AutoIt.Gen][File] C:\Users\Marek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com\neoSearch\Uninstall neoSearch.lnk [LNK@] C:\Users\Marek\AppData\Roaming\KOSHYJ~1.COM\NEOSEA~1\NEOSEA~1.EXE uninstall -> Found
[PUP.AutoIt.Gen][File] C:\Users\Marek\AppData\Roaming\KoshyJohn.com\neoSearch\neoSearch.exe -> Found
[PUP.AutoIt.Gen][File] C:\Users\Marek\AppData\Roaming\KoshyJohn.com\neoSearch\nSindex.exe -> Found
[PUP.AutoIt.Gen][File] C:\Users\Marek\AppData\Roaming\KoshyJohn.com\neoSearch\res\tray\nS_tray.exe -> Found
[PUP.Gen1][Folder] C:\ProgramData\simplitec -> Found
[PUP.Gen3][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml -> Found
[PUP.Gen1][Folder] C:\Program Files (x86)\simplitec -> Found

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400BPVT-22HXZT3 +++++
--- User ---
[MBR] 1a412983ab5d079cef915bd6e5301738
[BSP] d58966e6e17b1dc3495ee1d1c2d2d4e0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 595018 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

darkmarek · Příspěvekod **darkmarek** » 18 srp 2018 13:13

Všechny položky který RogueKiller našel jsem dal smazat snad to nebyla chyba.

Příspěvekod **jaro3** » 20 srp 2018 18:58

no snad ne , když tak ještě jednou a zkontroluj všechny položky , zda jsou smazány.:
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- klikni na „Start Scan“. V novém okně nic neměň a klikni dole na „Start Scan“,
po jeho skončení - vše zatrhni (dej zatržítka vlevo od nálezů , do bílých políček)
- pak klikni na "Remove Selected"
- Počkej, dokud Status box nezobrazí " Removal finished, please review result "
- Klikni na "Open report " a pak na " Open TXT“ a zkopíruj ten log a vlož obsah té zprávy prosím sem. Log je možno nalézt v C:\ProgramData\RogueKiller\Logs - Zavři RogueKiller.

Vypni antivir i firewall.
Stáhni Zoek.exe
http://download.bleepingcomputer.com/smeenk/zoek.exe

klik nahoře vpravo na .rar-file a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
-pozor , náběh programu může trvat déle.
Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log Zkopíruj sem celý obsah toho logu.
Pokud budou problémy , spusť zoek v nouz. režimu.

Stáhni si Zemana AntiMalware Free z tohoto odkazu:
https://www.zemana.com/Download/AntiMal ... .Setup.exe
a ulož si ho na plochu.
Poklepej na tento soubor na ploše a postupuj podle pokynů k instalaci programu.
Přijmi licenci k používání programu EULA , pokud se nabídne.
Pokud je k dispozici aktualizace programu , klepni na tlačítko „Update now“ ( aktualizovat nyní).
Můžeš si zatrhnout i vytvoření bodu obnovy:
Klikni na ozubené kolečko , poté na „Skenování“ a zatrhni „vytvářet body obnovy“.
Vrať se zpět ( klikni na domeček).
Zavři všechny otevřené soubory, složky a prohlížeče
Neměň žádné nastavení. Klikni na „Skenovat“.
Po skenu lze vidět , zda jsou nějaké nákazy. Klikni na „Další“. Nákazy budou přemístěny do karantény.
Když je skenování dokončeno, objeví se tisková zpráva , zkopíruj sem celý obsah té zprávy.
Jinak můžeš zprávy vidět , když klikneš vpravo nahoře na „ zprávy“.

Vlož nový log z HJT + informuj o problémech.

darkmarek · Příspěvekod **darkmarek** » 25 srp 2018 10:50

Omlouvám se roguekiller blbne pokaždé spadne a někdy se objeví černá obrazovka a musím pc restartovat. Zkoušel jsem jej i přepsat na winlogon nebo přeinstalovat nepomáhá to. Dříve jsem tam napsal Winlogon.exe místo jen Winlogon. Jsem fakt neznalec. Takže jede třeba několik hodin ale nedokončí se. Posílám log který jsem dělal ještě předtím než jsem si všiml vaší odpovědi ale to jsem neměl při skenování vypnutý antivir ani firewall.

darkmarek · Příspěvekod **darkmarek** » 25 srp 2018 10:50

RogueKiller V12.12.31.0 (x64) [Aug 10 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : Marek [Administrator]
Started from : C:\Program Files\RogueKiller\Winlogon.exe.exe
Mode : Scan -- Date : 08/23/2018 21:53:43 (Duration : 05:32:33)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 1a412983ab5d079cef915bd6e5301738
[BSP] d58966e6e17b1dc3495ee1d1c2d2d4e0 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31459328 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 31664128 | Size: 595018 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

Příspěvekod **jaro3** » 25 srp 2018 10:54

Ještě to další.

darkmarek · Příspěvekod **darkmarek** » 25 srp 2018 14:29

Zoek.exe v5.0.0.2 Updated 03-May-2018(Online Version)
Tool run by Marek on so 25.08.2018 at 11:56:14,58.
Microsoft Windows 10 Home 10.0.16299 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marek\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

25.8.2018 12:10:52 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\1899011c-a55c-4aa2-945a-a0d6b38eb81f deleted successfully
C:\PROGRA~2\6d2bb59e-508b-491e-80df-73387289d908 deleted successfully
C:\PROGRA~2\7946f43f-ce28-4a53-8750-6a4b91de694f deleted successfully
C:\PROGRA~2\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b deleted successfully
C:\PROGRA~2\Age of Empires II deleted successfully
C:\PROGRA~2\Alcohol Soft deleted successfully
C:\PROGRA~2\Dostihy 3000 Deluxe deleted successfully
C:\PROGRA~2\EA SPORTS deleted successfully
C:\PROGRA~2\Firefly Studios deleted successfully
C:\PROGRA~2\FreeTime deleted successfully
C:\PROGRA~2\Gabest deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\Softland deleted successfully
C:\PROGRA~2\Webteh deleted successfully
C:\PROGRA~2\WinRAR deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\IDM deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Marek\AppData\Roaming\dlg deleted successfully
C:\Users\Marek\AppData\Roaming\DMCache deleted successfully
C:\Users\Marek\AppData\Roaming\spidla deleted successfully
C:\Users\Marek\AppData\Roaming\Spyware Terminator deleted successfully
C:\Users\Marek\AppData\Roaming\TP deleted successfully
C:\Users\Marek\AppData\Roaming\WarThunder deleted successfully
C:\Users\Marek\AppData\Roaming\Windows Live Writer deleted successfully
C:\Users\Guest\AppData\Local\VirtualStore deleted successfully
C:\Users\Marek\AppData\Local\cache deleted successfully
C:\Users\Marek\AppData\Local\DBG deleted successfully
C:\Users\Marek\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Marek\AppData\Local\EmieSiteList deleted successfully
C:\Users\Marek\AppData\Local\EmieUserList deleted successfully
C:\Users\Marek\AppData\Local\NetworkTiles deleted successfully
C:\Users\Marek\AppData\Local\Package Cache deleted successfully
C:\Users\Marek\AppData\Local\PlaceholderTileLogoFolder deleted successfully
C:\Users\Marek\AppData\Local\Skype deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\DBG deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\DBG deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74198672-5F7D-4FE9-A611-4AC1D5A66A15} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74198672-5F7D-4FE9-A611-4AC1D5A66A15} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{921D28CB-5580-4219-8FBD-803CC5FDD138} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\{74198672-5F7D-4FE9-A611-4AC1D5A66A15} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{74198672-5F7D-4FE9-A611-4AC1D5A66A15} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{74198672-5F7D-4FE9-A611-4AC1D5A66A15} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{D2CE3E00-F94A-4740-988E-03DC2F38C34F} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{1EA00BE1-6E54-4E2A-8099-680300BF23E1} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{921D28CB-5580-4219-8FBD-803CC5FDD138} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{0FB6A909-6086-458F-BD92-1F8EE10042A0} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{5CB02877-EFBC-4317-B608-9E24B11BAB40} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{82A76710-4F98-4957-92BE-99648A4E2475} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} deleted successfully
HKEY_USERS\S-1-5-21-2367062692-840817020-3150738865-1001\Software\Mozilla\Firefox\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{74198672-5F7D-4FE9-A611-4AC1D5A66A15} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\avg@toolbar deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\fmdownloader@gmail.com deleted successfully

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\uflozdnw.default-1469733371159-1530198315290\prefs.js:

Added to C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\uflozdnw.default-1469733371159-1530198315290\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\uflozdnw.default-1469733371159-1530198315290

user.js not found
---- Lines searchengine removed from prefs.js ----
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\",\"bookmarkSeparator\",\"copyURL\",\"emailLink\",\"sendToDevice
---- FireFox user.js and prefs.js backups ----

prefs_25.08.2018_1329_.backup

==== Deleting Files \ Folders ======================

C:\PROGRA~2\1899011c-a55c-4aa2-945a-a0d6b38eb81f not found
C:\PROGRA~2\6d2bb59e-508b-491e-80df-73387289d908 not found
C:\PROGRA~2\7946f43f-ce28-4a53-8750-6a4b91de694f not found
C:\PROGRA~2\8a9babaa-d527-4b3a-9dbf-f6d4d5a9ba3b not found
C:\PROGRA~2\Age of Empires II not found
C:\PROGRA~2\Alcohol Soft not found
C:\PROGRA~2\Dostihy 3000 Deluxe not found
C:\PROGRA~2\EA SPORTS not found
C:\PROGRA~2\Firefly Studios not found
C:\PROGRA~2\FreeTime not found
C:\PROGRA~2\Gabest not found
C:\PROGRA~2\Softland not found
C:\PROGRA~2\Webteh not found
C:\PROGRA~2\WinRAR not found
C:\PROGRA~3\Špidla Data Processing, s.r.o not found
C:\PROGRA~2\Winamp deleted
C:\Users\Marek\.android deleted
C:\PROGRA~2\Prince of Persia deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\install.exe deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.004 deleted
C:\Users\Marek\AppData\Roaming\LogFile.txt deleted
C:\PROGRA~3\defraggler_list.txt deleted
C:\PROGRA~3\{FC2FD2E5-FEA7-43E3-881A-69B474BBAAC9} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Marek\AppData\Local\HWVendorDetection.log deleted
C:\Users\Marek\AppData\Local\CrashRpt deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\AVAST Software deleted
C:\windows\SysNative\Tasks\Avast TUNEUP Update deleted
C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-2367062692-840817020-3150738865-1001 deleted
C:\windows\SysNative\Tasks\AvastUpdateTaskMachineCore deleted
C:\windows\SysNative\Tasks\AvastUpdateTaskMachineUA deleted
C:\Users\Marek\Downloads\bsplayer270.setup.exe deleted
C:\Users\Marek\Downloads\bsplayer_installer.exe deleted
C:\Users\Marek\Downloads\bsplayer_installer1.exe deleted
C:\Users\wangzhisong deleted
C:\windows\SysNative\GroupPolicy\machine deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
"C:\WINDOWS\Installer\9f851.msi" deleted
"C:\Users\Marek\AppData\Roaming\foEoHIycwaJS59hwck07FWUNdYD" deleted
"C:\Users\Marek\AppData\Roaming\jDehN53F2VzAYc" deleted
"C:\Users\Marek\AppData\Roaming\mQrMZ4PGIygNX6hyvsNCi2" deleted
"C:\Users\Marek\AppData\Roaming\Pajxp7Hpr4C2" deleted
"C:\Users\Marek\AppData\Roaming\yang\yang.cfg" deleted
"C:\Users\Marek\AppData\Local\AVAST Software\APM\kv_pam.db" not deleted
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek\de58KhluebssNAIqFfl2.dat" not deleted
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek\de58KhluebssNAIq\kv_pam.db" not deleted
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek\de58KhluebssNAIq\kv_pamcore.db" not deleted
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek\de58KhluebssNAIq\kv_pampub.db" not deleted
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek\de58KhluebssNAIq\pam.db" not deleted
"C:\Users\Marek\AppData\Roaming\yang" deleted
"C:\Users\Marek\AppData\Local\AVAST Software" not deleted
"C:\Users\Marek\AppData\Local\AVAST Software\APM" not deleted
"C:\Users\Marek\AppData\Local\AVAST Software\Avast" not deleted
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek" not deleted
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek\de58KhluebssNAIq" not deleted
"C:\Users\Marek\AppData\Local\AVAST Software\Avast\Bodyguard" not deleted

==== Orphaned Tasks deleted from Registry ======================

Avast TUNEUP Update deleted
avastBCLRestartS-1-5-21-2367062692-840817020-3150738865-1001 deleted
AvastUpdateTaskMachineCore deleted
AvastUpdateTaskMachineUA deleted
Games\UpdateCheck_S-1-5-21-2367062692-840817020-3150738865-501 deleted
OfficeSoftwareProtectionPlatform deleted
OfficeSoftwareProtectionPlatform\SvcRestartTask deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\uflozdnw.default-1469733371159-1530198315290
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"ytfmdownloader@gmail.com"="C:\Program Files (x86)\Freemake\Freemake Youtube Mp3 Converter\BrowserPlugin\Firefox\ytfmdownloader@gmail.com" [18.08.2014 22:41]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{ea614400-e918-4741-9a97-7a972ff7c30b}"="C:\Program Files (x86)\Seznam.cz\firefox" [26.12.2011 19:38]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\uflozdnw.default-1469733371159-1530198315290
- __MSG_avastAppName__ - %ProfilePath%\extensions\sp@avast.com.xpi
- Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
- Avast Online Security - %ProfilePath%\extensions\wrc@avast.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

==== Firefox Plugins ======================

Profilepath: C:\Users\Marek\AppData\Roaming\Mozilla\Firefox\Profiles\uflozdnw.default-1469733371159-1530198315290
- C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_134.dll - [?]
FC18E6D133877BE07C753552705A5B8C - C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll - Silverlight Plug-In
81D6D6EE6226773449C5CBE9496EDAF6 - C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrlui.dll - Microsoft® Silverlight
E7931ACD23BEE167AD6E14042C4462D7 - C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U141
9EB2B37950EB5D87B6E0366042A952CA - C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.1410.15
- C:\Program Files x86\Pando Networks\Media Booster\npPandoWebPlugin.dll - [?]
3CD19649B2C3023D65E67C056457A2BC - C:\Users\Marek\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

==== Chromium Look ======================

Google Chrome Version: 68.0.3440.106

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - No path found[]

Docs - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Freemake Video Downloader - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Freemake Youtube Download Button - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Skype for Chromium - Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Chrome Media Router - Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Chromium Fix ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl deleted successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\elbjpfdfllhaioofjgmiaekihidancnc deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\klndknbpjdlnodpkflabnkeodeldbbbf deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\oanofegliaibpfkffbpjniogdgmelija deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdfcfnapnfjlcegjcmmflkgongpfbhjj_0.localstorage deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdfcfnapnfjlcegjcmmflkgongpfbhjj_0.localstorage-journal deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_hoklmmgfnpapgjgcpechhaamimifchmp_0.localstorage deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kkcclcadpbpmghheoljbeeekjlknbcak_0.localstorage deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpkhmmacbjndakceaikggpnnnddijeen_0.localstorage deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mpkhmmacbjndakceaikggpnnnddijeen_0.localstorage-journal deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\__0.localstorage deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Storage\__0.localstorage-journal deleted successfully
C:\Users\Marek\Appdata\Roaming\Opera Software\Opera Stable\Local Storage\browser_startpage_0.localstorage deleted successfully
C:\Users\Marek\Appdata\Roaming\Opera Software\Opera Stable\Local Storage\browser_startpage_0.localstorage-journal deleted successfully
C:\Users\Marek\Appdata\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_kkcclcadpbpmghheoljbeeekjlknbcak_0.localstorage deleted successfully
C:\Users\Marek\Appdata\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage deleted successfully
C:\Users\Marek\Appdata\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_knohfebhibeknbfioecpdmdkjkjdnjnl_0.localstorage-journal deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_advert.uloz.to_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_eshop.tescoma.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_go.eu.bbelements.com_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_ona.idnes.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_stars24.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_uloz.to_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_veda-a-technika.eurozpravy.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.cnews.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.databazeknih.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.epravo.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.mojezdravi.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.tyden.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.ulekare.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.zive.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\https_zoommagazin.iprima.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\databases\http_www.blesk.cz_0 deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gpdjojdkbbmdfjfahjcgigfpmkopogic deleted successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkcclcadpbpmghheoljbeeekjlknbcak deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP"
"Start Default_Page_URL"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Start Page"="http://www.google.com/"
"Start Default_Page_URL"="http://www.google.com/"
"Default_Search_URL"="http://www.google.com/"
"Search Page"="http://www.google.com/"
"Search Bar"="http://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
HKLM\Wow6432Node\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKCU\SearchScopes "DefaultScope"="{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}"
HKCU\SearchScopes\1CE1DA6C34774AFC908A04A1A0357FF0 - http://badoo.com/startpage/?source=bsb&q={searchTerms}
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0} - http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
HKCU\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=
HKCU\SearchScopes\{759f11e8-619b-4411-8df3-188076f850d2} - http://www.firmy.cz/phr/{searchTerms}?sourceid=QuickSearch_7625
HKCU\SearchScopes\{88f35a13-d52f-4187-a6d3-d2bfc65ec261} - http://www.mapy.cz/?query={searchTerms}&sourceid=QuickSearch_7625
HKCU\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B} - http://www.bing.com/search?FORM=UP97DF& ... =071513&q={searchTerms}&src=IE-SearchBox
HKCU\SearchScopes\{CBDE7F90-91D6-408F-AD97-EC3CF1722592} - http://www.webhledani.cz/results.aspx?i=42&tp=ie&q={searchTerms}
HKCU\SearchScopes\{f8dee56f-a078-43de-bc97-eff41b1eb7a4} - http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=QuickSearch_7625

==== Reset Google Chrome ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Preferences.acp was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF350708f.TMP was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF3de1e890.TMP was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully
C:\Users\Marek\Appdata\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Web Data.acp was reset successfully
C:\Users\Marek\Appdata\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Marek\Appdata\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9FFE606D318357844B55EADCE2B76067 deleted successfully
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_CURRENT_USER\Software\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D606EFF9-3813-4875-B455-AECD2E7B0676} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Avast Driver Updater deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9FFE606D318357844B55EADCE2B76067 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marek\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Marek\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Edge Cache ======================

Edge Cache Emptied Successfully

==== Empty Chrome Cache ======================

C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Marek\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=4033 folders=1313 971860804 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Users\Guest\AppData\Local\Temp emptied successfully
C:\Users\Marek\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Marek\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Marek\AppData\Local\AVAST Software\APM\kv_pam.db" not found
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek\de58KhluebssNAIqFfl2.dat" not found
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek\de58KhluebssNAIq\kv_pam.db" not found
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek\de58KhluebssNAIq\kv_pamcore.db" not found
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek\de58KhluebssNAIq\kv_pampub.db" not found
"C:\Users\Marek\AppData\Local\AVAST Software\APM\Marek\de58KhluebssNAIq\pam.db" not found
"C:\Users\Marek\AppData\Local\AVAST Software" not found

==== EOF on so 25.08.2018 at 14:18:38,55 ======================

darkmarek · Příspěvekod **darkmarek** » 25 srp 2018 17:38

Zemana AntiMalware 2.74.2.150 (instalační verze)

-------------------------------------------------------
Scan Result : Dokončeno
Scan Date : 2018.8.25
Operating System : Windows 10 64-bit
Processor : 4X Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz
BIOS Mode : Legacy
CUID : 12AE0DF9C9E8AE48EF606B
Scan Type : Skenování systému
Duration : 119m 55s
Scanned Objects : 268354
Detected Objects : 11
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Zapnuto
Detect All Extensions : Vypnuto
Scan Documents : Vypnuto
Domain Info : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Internet Explorer Search
Status : Skenováno
Object : WebHledani - http://webhledani.cz
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Internet Explorer Search

Internet Explorer Search
Status : Skenováno
Object : Search - http://badoo.com
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Podezřelé nastavení prohlížeče
Cleaning Action : Opravit
Related Objects :
Nastavení prohlížeče - Internet Explorer Search

wrc@avast.com
Status : Skenováno
Object : %appdata%\mozilla\firefox\profiles\uflozdnw.default-1469733371159-1530198315290\extensions\wrc@avast.com.xpi
MD5 : 72F7EBB68166E86CBDB80B0528464938
Publisher : -
Size : 789048
Version : -
Detection : PUA.FirefoxExt!Gr
Cleaning Action : Opravit
Related Objects :
Rozšíření prohlížeče - wrc@avast.com
Soubor - %appdata%\mozilla\firefox\profiles\uflozdnw.default-1469733371159-1530198315290\extensions\wrc@avast.com.xpi

Avast SafePrice | Comparison, deals, coupons
Status : Skenováno
Object : %localappdata%\google\chrome\user data\default\extensions\eofcbnmajmjmplflapaojjnihcjkigck
MD5 : -
Publisher : -
Size : -
Version : -
Detection : PUA.ChromeExt!Gr
Cleaning Action : Opravit
Related Objects :
Rozšíření prohlížeče - Avast SafePrice | Comparison, deals, coupons

SpywareTerminatorSetup (2).exe
Status : Skenováno
Object : %userprofile%\downloads\spywareterminatorsetup (2).exe
MD5 : 285F39DA2EBC518E0D5E68E3F20DDCEF
Publisher : Crawler Group, LLC
Size : 9694960
Version : 3.0.1.112
Detection : PUA:Win32/Crawler Group
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\downloads\spywareterminatorsetup (2).exe

SpywareTerminatorSetup.exe
Status : Skenováno
Object : %userprofile%\downloads\spywareterminatorsetup.exe
MD5 : E04A29568494CE957F5CB102279D1FF0
Publisher : Crawler, LLC
Size : 937232
Version : 3.0.0.74
Detection : Win32/Browser.Hijacker.Crawler!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\downloads\spywareterminatorsetup.exe

SpywareTerminatorSetup (1).exe
Status : Skenováno
Object : %userprofile%\downloads\spywareterminatorsetup (1).exe
MD5 : EF3DBB97F9B19F0FE07714BB65E4EFA3
Publisher : Crawler, LLC
Size : 952512
Version : 3.0.0.80
Detection : Win32/Browser.Hijacker.Crawler!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\downloads\spywareterminatorsetup (1).exe

icq_rfrset.exe
Status : Skenováno
Object : %userprofile%\downloads\icq_rfrset.exe
MD5 : DC21627B2EC35BE1F22030A5F22D48BF
Publisher : LLC Mail.Ru
Size : 47397888
Version : 10.0.12061.0
Detection : PUA:Win32/BrowserHijacker.Mail.Ru!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %userprofile%\downloads\icq_rfrset.exe

core.4.dll
Status : Skenováno
Object : %programfiles%\seznam.cz\bin\core.4.dll
MD5 : 3B2C68F5284FE9E3458226390AE779A1
Publisher : Seznam.cz, a.s.
Size : 1152024
Version : -
Detection : Adware:Win32/Seznam-DJ!Ep
Cleaning Action : Karanténa
Related Objects :
Soubor - %programfiles%\seznam.cz\bin\core.4.dll
Záznam registru - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}\@ = C:\Program Files (x86)\Seznam.cz\bin\core.4.dll
Záznam registru - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}\@ = C:\Program Files (x86)\Seznam.cz\bin\core.4.dll
Záznam registru - HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}\@ = C:\Program Files (x86)\Seznam.cz\bin\core.4.dll

battlevschess.exe
Status : Neúspěšné
Object : %programfiles%\steam\steamapps\common\battle vs chess\battlevschess.exe
MD5 : 7B492594D7FD1BFB15C40DFCBD60F453
Publisher : -
Size : 16457728
Version : 1.0.0.0
Detection :
Cleaning Action : Karanténa
Related Objects :
Soubor - %programfiles%\steam\steamapps\common\battle vs chess\battlevschess.exe
Naplánovaná úloha - C:\WINDOWS\System32\Tasks\{3500111B-068A-43E0-AD94-2D34CA7D54CC}
Naplánovaná úloha - C:\WINDOWS\System32\Tasks\{2DF4BA8A-4624-4AA5-87E6-5B11A7D46185}
Naplánovaná úloha - C:\WINDOWS\System32\Tasks\{2E8463E3-C458-42B3-ABE3-23B585D0979F}
Naplánovaná úloha - C:\WINDOWS\System32\Tasks\{58DB5BEB-6C98-49C4-B8C1-08330045FF34}
Naplánovaná úloha - C:\WINDOWS\System32\Tasks\{710F2BB2-8984-48C3-9A84-9CA5F56AFCD8}
Naplánovaná úloha - C:\WINDOWS\System32\Tasks\{8DC80D35-DBCD-428D-B58F-A7D94D696359}
Naplánovaná úloha - C:\WINDOWS\System32\Tasks\{C2CEC558-D92F-4698-BC6C-9FD4AEBC4877}
Naplánovaná úloha - C:\WINDOWS\System32\Tasks\{EF9EFD5B-1A16-4902-B9D5-2A0F84D7A114}

{0d20dbe0-66ab-4d51-9456-cafd83763fff}
Status : Skenováno
Object : NE->c:\windows\system32\tasks\{0d20dbe0-66ab-4d51-9456-cafd83763fff}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)

{bbfbbba8-0953-4f6b-9c42-af005a2c2e44}
Status : Skenováno
Object : NE->c:\windows\system32\tasks\{bbfbbba8-0953-4f6b-9c42-af005a2c2e44}
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/CHR.TASKSCHD.GEN.A!Neng
Cleaning Action : Karanténa
Related Objects :
(null) - (null)

Cleaning Result
-------------------------------------------------------
Cleaned : 11
Reported as safe : 0
Failed : 0

darkmarek · Příspěvekod **darkmarek** » 25 srp 2018 17:51

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:48:36, on 25.8.2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.16299.0371)

Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
C:\Users\Marek\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkI ... id=UE01DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files (x86)\PDF24\pdf24.exe"
O4 - HKCU\..\Run: [GalaxyClient] C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Marek\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Voobly] "C:\Program Files (x86)\Voobly\voobly.exe" --startup
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent
O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\PROGRAM FILES\DAEMON TOOLS LITE\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [com.deezer.deezer-desktop] C:\Users\Marek\AppData\Local\Programs\deezer-desktop\Deezer.exe
O4 - HKCU\..\Run: [Spotify] C:\Users\Marek\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2367062692-840817020-3150738865-501\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'Guest')
O4 - HKUS\S-1-5-21-2367062692-840817020-3150738865-501\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'Guest')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'DefaultAppPool')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'DefaultAppPool')
O4 - Global Startup: Avast Cleanup Premium.lnk = C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupUI.exe
O4 - Global Startup: Kaspersky Software Updater Beta.lnk = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: SimilarWeb - {5D06ED6E-DA78-4486-A246-B131A2C39807} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.vizzed.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\DriverStore\FileRepository\nvaci.inf_amd64_f658c3ebd2a88192\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service: Služba %1!s! Update (avast) (avast) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba %1!s! Update (avastm) (avastm) - AVAST Software - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Avast Cleanup Premium (CleanupPSvc) - AVAST Software - C:\Program Files (x86)\AVAST Software\Avast Cleanup\TuneupSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GalaxyCommunication - GOG.com - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Packed Chess Free Server (PackedChessFreeServer) - PackedBytes - C:\Program Files (x86)\Packed Bytes\Packed Chess Free\PackedChessFreeServer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sophos Virus Removal Tool (SophosVirusRemovalTool) - Sophos Limited - C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\WINDOWS\system32\xbgmsvc.exe (file missing)
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe

--
End of file - 13437 bytes

darkmarek · Příspěvekod **darkmarek** » 25 srp 2018 18:02

Notebook byl velmi pomalý, poté s vaší pomocí se hodně zlepšil dokud jsem po skenu roguekiller vše nedal smazat. Poté byl pomalý úplně šíleně. Teď je to zas o dost lepší. Po použití zoek se u souborů a složek na disku c neukazoval jejich název a i například ikona disku c a další ikony po spuštění "Tento počítač" vypadaly vadně. Instalační Program Zemana Antimalware nešel vůbec spustit. Ale pomohl restart. Při spuštění zoek jsem na chvíli otevřel prohlížeč protože jsem si myslel že už skončil ale byl to omyl. Po půl minutě jsem jej zavřel. Nyní je notebook stále pomalý někdy dost hučí a disk je vytížený na 100 procent i když jsou všude samé nuly MB zatížení, nebo skoro nuly. Už delší dobu někdy přestávají pracovat některé programy před pár dny přestával fungovat po nějaké době pouštění hudby streamovací program Tidal.

Příspěvekod **jaro3** » 25 srp 2018 19:25

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKUS\S-1-5-21-2367062692-840817020-3150738865-501\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'Guest')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'DefaultAppPool')
O9 - Extra button: SimilarWeb - {5D06ED6E-DA78-4486-A246-B131A2C39807} - (no file)
O9 - Extra button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
O9 - Extra 'Tools' menuitem: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)

Stáhni si Memtest:

Políčko , ve kterém je napsáno:
All unused RAM , změň na 2048.
-dej Start , nech nejméně 2h běžet , pokud bude po 2h stále 0 errors , jsou v pořádku.
V případě vyšších kapacit RAM je třeba Memtest spustit několikrát , pro 2GB ( jednotlivá největší kapacita RAM) 2x , pro 4GB 3x , pro 8Gb 4x ap.
poklepej na Memtest , pak znovu a znovu , do políček všech Memtestů napiš 2048 , pak dej u všech Memtestů "Start".

Ještě zkontrolovat HDD na chyby ,popř. zkusit jeho defragmentaci ..

Stáhni si CrystalDiskInfo
Spusť program a klikni na Úpravy-Kopírovat. Poté sem vlož pomocí Ctrl+V obsah logu.

Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Re: Prosím o pomoc zatížený disk a podezření na viry

Kdo je online