Preventivka + pomalý pc

[Skelller]

1. To DNS jsem zkoušel kvůli zrychlení internetu.. Teď jsem to vrátil zpátky
2. VirusTotal.. Jediné bylo u unins000.exe a to bylo 1/57 antivirů.
3. Složka cs je prázná tak jsem ji vymazal, efba8d50e72f9a102f990543763803ba taky, ImCleanDisabled taky.. (zvláštní)







Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-04-2015 02
Ran by Hanis at 2015-04-24 15:21:23 Run:1
Running from C:\Users\Hanis\Desktop
Loaded Profiles: Hanis (Available profiles: Hanis)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-05] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll [2015-04-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll [2015-04-12] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Extension: Adblock Plus - C:\Users\Hanis\AppData\Roaming\Mozilla\Firefox\Profiles\vyl96395.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-04]
S2 PinnacleUpdateSvc; C:\Program Files\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [438272 2014-01-12] (PowerUp Software, LLC) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
2015-04-16 21:14 - 2015-04-16 21:14 - 00000000 ____D () C:\Users\Hanis\AppData\Roaming\TuneUp Software
2015-04-16 21:20 - 2015-04-16 21:20 - 00000000 ____D () C:\Users\Hanis\AppData\Local\Avg
2015-04-04 20:08 - 2015-04-17 17:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-04 19:34 - 2015-04-04 19:34 - 00000000 ____D () C:\Users\Hanis\AppData\Roaming\IObit
2015-04-04 19:34 - 2015-04-04 19:34 - 00000000 ____D () C:\ProgramData\IObit
Task: {176386E8-B3D3-4594-B4B1-9D3508B682BE} - System32\Tasks\Driver Booster SkipUAC (Hanis) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Task: {321EF836-9B64-4AC9-A840-6478CD141F30} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {4F1C2CB9-EB22-4917-92B6-6DCCAB3E7063} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-05] (Adobe Systems Incorporated)



*****************

Processes closed successfully.
Restore point was successfully created.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => Key deleted successfully.
"HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_134.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
C:\Windows\system32\Adobe\Director\np32dsw.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf" => Key deleted successfully.
C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf" => Key deleted successfully.
C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll not found.
"HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp" => Key deleted successfully.
C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll not found.
"HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf" => Key deleted successfully.
C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll not found.
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.40.2" => Key deleted successfully.
C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.40.2" => Key deleted successfully.
C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0" => Key deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll => Moved successfully.
"HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0" => Key deleted successfully.
c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll => Moved successfully.
"C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll" => not found.
C:\Users\Hanis\AppData\Roaming\Mozilla\Firefox\Profiles\vyl96395.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => Moved successfully.
PinnacleUpdateSvc => Service not found.
WinDefend => Service deleted successfully.
C:\Users\Hanis\AppData\Roaming\TuneUp Software => Moved successfully.
C:\Users\Hanis\AppData\Local\Avg => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Users\Hanis\AppData\Roaming\IObit => Moved successfully.
C:\ProgramData\IObit => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{176386E8-B3D3-4594-B4B1-9D3508B682BE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{176386E8-B3D3-4594-B4B1-9D3508B682BE}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Hanis) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Hanis)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2C59ECAF-3A27-4640-9F4B-519B05BDD70F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C59ECAF-3A27-4640-9F4B-519B05BDD70F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{321EF836-9B64-4AC9-A840-6478CD141F30}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{321EF836-9B64-4AC9-A840-6478CD141F30}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F1C2CB9-EB22-4917-92B6-6DCCAB3E7063}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F1C2CB9-EB22-4917-92B6-6DCCAB3E7063}" => Key deleted successfully.
C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => Key deleted successfully.


The system needed a reboot.

==== End of Fixlog 15:21:56 ====

[Reklama]

[mople71]

Ahoj, dodej prosím nové logy z FRST a info o problémech.

[Skelller]

Dám to radši na uložto, protože tu mám s tím vkládáním problémy jestli nevadí :)
http://ulozto.cz/xhTU49rR/frst-txt
http://ulozto.cz/xfGFfUZu/addition-txt

[mople71]

No pokud možno rozkouskuj to sem...

Případně Ti ještě uznám PasteBin, na uložto nepolezu.

[Skelller]

PasteBin neznám, díky (y) :)
http://pastebin.com/uA5sBc0K
http://pastebin.com/Wxkam514

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

SearchScopes: HKU\S-1-5-21-2669762385-3152402998-3147131645-1001 -> DefaultScope {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2669762385-3152402998-3147131645-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
C:\Windows\Tasks\ImCleanDisabled
C:\ProgramData\DP45977C.lfl

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

C:\Windows\system32\x64 -- podívej se , co je v té složce.

[Skelller]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-04-2015 02
Ran by Hanis at 2015-04-25 15:30:02 Run:2
Running from C:\Users\Hanis\Desktop
Loaded Profiles: Hanis (Available profiles: Hanis)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKU\S-1-5-21-2669762385-3152402998-3147131645-1001 -> DefaultScope {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2669762385-3152402998-3147131645-1001 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search?q={searchTerms}
C:\Windows\Tasks\ImCleanDisabled
C:\ProgramData\DP45977C.lfl
*****************

HKU\S-1-5-21-2669762385-3152402998-3147131645-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-2669762385-3152402998-3147131645-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}" => Key deleted successfully.
HKCR\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found.
C:\Windows\Tasks\ImCleanDisabled => Moved successfully.
C:\ProgramData\DP45977C.lfl => Moved successfully.

==== End of Fixlog 15:30:02 ====

[Skelller]

x64 taky prázdná...

[mople71]

Nevidím antivir...


Stáhni si antivirus: https://www.avast.com/cs-cz/index#compare-home

---------------------------------------------------------

Odinstaluj prosím tyto programy:

Kód: Vybrat vše

DAEMON Tools Toolbar
Foxit Cloud

Aplikuj fixlist pro FRST:

Na Ploše (musí na ní být umístěn FRST) vytvoř textový soubor s názvem fixlist, do něj zkopíruj následujcí skript a ulož.

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

Task: {2C162F9E-6A20-4F24-B5F3-9FC50CAD5634} - System32\Tasks\{B2492669-32A9-445D-9D80-E07600DB7184} => pcalua.exe -a E:\Autorun.exe -d E:\
HKU\S-1-5-21-2669762385-3152402998-3147131645-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20] ()

C:\Windows\system32\x64
C:\ProgramData\DP45977C.lfl
C:\Windows\Tasks\*.job

CMD: bitsadmin /reset /allusers
DisableService: FoxitCloudUpdateService

EmptyTemp:
End

Poté otevři FRST jako správce a klikni na tlačítko >Fix<. Po restartu PC se na Ploše objeví fixlog, jeho obsah prosím vlož do dalšího příspěvku.

---------------------------------------------------------

Všechny soubory této složky prosím otestuj na VirusTotal a dej mi sem odkazy na jejich test (pokud již byl soubor analyzován, klikni na Reanalyse): https://www.virustotal.com/

Kód: Vybrat vše

C:\Windows\system32\1029

Pokud tam tedy nějaké jsou...