Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:38:31, on 15.4.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
FIREFOX: 37.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Users\HP\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\RunOnce: [SeznamInstall-uninstall:061e08e034022386c878af222e54ac5f] "C:\Users\HP\AppData\Local\Temp\\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe" -c "C:\Users\HP\AppData\Roaming\Seznam.cz"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 5315 bytes
Prosím o kontrolu logu, občas pomalý PC Vyřešeno
-
FooDMasteR
- Level 2.5
- Příspěvky: 283
- Registrován: duben 11
- Pohlaví:
- Stav:
Offline
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, občas pomalý PC
Odinstaluj:
Microsoft Security Essentials
===================================================
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
===================================================
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
===================================================
Stáhni AdwCleaner (by Xplode)
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
===================================================
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Microsoft Security Essentials
===================================================
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.
===================================================
Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.
===================================================
Stáhni AdwCleaner (by Xplode)
Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.
===================================================
Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na b] Kopírovat do schránky [/b]a a vlož sem celý log.
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Pokud budou problémy , spusť v nouz. režimu.
Láska hřeje, ale uhlí je uhlí. 
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
-
FooDMasteR
- Level 2.5
- Příspěvky: 283
- Registrován: duben 11
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, občas pomalý PC
Odinstalován.
AdwCleaner
# AdwCleaner v4.201 - Log vytvořen 15/04/2015 v 10:05:46
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-08.1 [Server]
# Operační system : Windows Vista (TM) Business Service Pack 2 (x86)
# Uživatelské jméno : HP - HP-NB
# Spuštěno z : C:\Users\HP\Desktop\adwcleaner_4.201.exe
# Nastavení : Sken
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Nalezeno : C:\ProgramData\Babylon
Složka Nalezeno : C:\Users\HP\AppData\Local\Rich Media Player
Složka Nalezeno : C:\Users\HP\AppData\Roaming\Babylon
Soubor Nalezeno : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\Babylon.xml
Soubor Nalezeno : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\bingp.xml
***** [ Naplánované úlohy ] *****
Úloha Nalezeno : LaunchSignup
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Nalezeno : HKCU\Software\APN PIP
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Klíč Nalezeno : HKCU\Software\Softonic
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Prod.cap
Klíč Nalezeno : HKLM\SOFTWARE\PIP
Klíč Nalezeno : HKLM\SOFTWARE\Speedchecker Limited
***** [ Prohlížeče ] *****
-\\ Internet Explorer v7.0.6002.18005
-\\ Mozilla Firefox v37.0.1 (x86 cs)
*************************
AdwCleaner[R0].txt - [1553 bytů] - [15/04/2015 10:05:46]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1611 bytů] ##########
Malwarebytes' Anti-Malware
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 15.4.2015
Čas skenování: 10:13:53
Protokol:
Správce: Ano
Verze: 2.01.4.1018
Databáze malwaru: v2015.04.15.03
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: HP
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 294961
Uplynulý čas: 13 min, 35 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 2
PUP.Optional.Babylon.A, HKU\S-1-5-21-2901653510-423565564-4026880338-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [607f412ba5e56ec8ddf9ca73fa09b34d],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, , [3da2620a2b5ff4424281a52eac578977],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 1
PUP.Optional.Babylon.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\babylon.xml, , [15ca600c17731323707ad332f410c63a],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
AdwCleaner
# AdwCleaner v4.201 - Log vytvořen 15/04/2015 v 10:05:46
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-08.1 [Server]
# Operační system : Windows Vista (TM) Business Service Pack 2 (x86)
# Uživatelské jméno : HP - HP-NB
# Spuštěno z : C:\Users\HP\Desktop\adwcleaner_4.201.exe
# Nastavení : Sken
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Nalezeno : C:\ProgramData\Babylon
Složka Nalezeno : C:\Users\HP\AppData\Local\Rich Media Player
Složka Nalezeno : C:\Users\HP\AppData\Roaming\Babylon
Soubor Nalezeno : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\Babylon.xml
Soubor Nalezeno : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\bingp.xml
***** [ Naplánované úlohy ] *****
Úloha Nalezeno : LaunchSignup
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Nalezeno : HKCU\Software\APN PIP
Klíč Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Klíč Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Klíč Nalezeno : HKCU\Software\Softonic
Klíč Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Nalezeno : HKLM\SOFTWARE\Classes\Prod.cap
Klíč Nalezeno : HKLM\SOFTWARE\PIP
Klíč Nalezeno : HKLM\SOFTWARE\Speedchecker Limited
***** [ Prohlížeče ] *****
-\\ Internet Explorer v7.0.6002.18005
-\\ Mozilla Firefox v37.0.1 (x86 cs)
*************************
AdwCleaner[R0].txt - [1553 bytů] - [15/04/2015 10:05:46]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1611 bytů] ##########
Malwarebytes' Anti-Malware
Malwarebytes Anti-Malware
www.malwarebytes.org
Datum skenování: 15.4.2015
Čas skenování: 10:13:53
Protokol:
Správce: Ano
Verze: 2.01.4.1018
Databáze malwaru: v2015.04.15.03
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: HP
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 294961
Uplynulý čas: 13 min, 35 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 2
PUP.Optional.Babylon.A, HKU\S-1-5-21-2901653510-423565564-4026880338-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, , [607f412ba5e56ec8ddf9ca73fa09b34d],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, , [3da2620a2b5ff4424281a52eac578977],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 1
PUP.Optional.Babylon.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\babylon.xml, , [15ca600c17731323707ad332f410c63a],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, občas pomalý PC
Znovu spusť MbAM a dej Skenovat nyní
Po proběhnutí programu se ti objeví hláška, tak klikni na „Vše do karantény“ -> „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a ulož na Plochu.
Zkopíruj sem celý obsah toho logu.
====================================================
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
====================================================
Stáhni si Junkware Removal Tool
na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
====================================================
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Po proběhnutí programu se ti objeví hláška, tak klikni na „Vše do karantény“ -> „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a ulož na Plochu.
Zkopíruj sem celý obsah toho logu.
====================================================
Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.
====================================================
Stáhni si Junkware Removal Tool
na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.
====================================================
Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
-
FooDMasteR
- Level 2.5
- Příspěvky: 283
- Registrován: duben 11
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, občas pomalý PC
MbAM
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 15.4.2015
Čas skenování: 19:41:53
Protokol: mbam.txt
Správce: Ano
Verze: 2.01.4.1018
Databáze malwaru: v2015.04.15.07
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: HP
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 294514
Uplynulý čas: 13 min, 3 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 2
PUP.Optional.Babylon.A, HKU\S-1-5-21-2901653510-423565564-4026880338-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Do karantény, [855e2e3efb8ffa3c1b19fd415ba8c937],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, Do karantény, [9c4767057d0d8caa5c82ffd440c3a060],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 1
PUP.Optional.Babylon.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\babylon.xml, Do karantény, [a241f8744842df577853a75e08fc25db],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
AdwCleaner
# AdwCleaner v4.201 - Log vytvořen 15/04/2015 v 20:04:46
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-15.1 [Server]
# Operační system : Windows Vista (TM) Business Service Pack 2 (x86)
# Uživatelské jméno : HP - HP-NB
# Spuštěno z : C:\Users\HP\Desktop\adwcleaner_4.201.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Smazáno : C:\ProgramData\Babylon
Složka Smazáno : C:\Users\HP\AppData\Local\Rich Media Player
Složka Smazáno : C:\Users\HP\AppData\Roaming\Babylon
Soubor Smazáno : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\bingp.xml
***** [ Naplánované úlohy ] *****
Úloha Smazáno : LaunchSignup
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Smazáno : HKLM\SOFTWARE\Classes\Prod.cap
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKCU\Software\APN PIP
Klíč Smazáno : HKCU\Software\Softonic
Klíč Smazáno : HKLM\SOFTWARE\PIP
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
***** [ Prohlížeče ] *****
-\\ Internet Explorer v7.0.6002.18005
-\\ Mozilla Firefox v37.0.1 (x86 cs)
*************************
AdwCleaner[R0].txt - [1689 bytů] - [15/04/2015 10:05:46]
AdwCleaner[R1].txt - [1469 bytů] - [15/04/2015 20:02:54]
AdwCleaner[S0].txt - [1383 bytů] - [15/04/2015 20:04:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1441 bytů] ##########
Junkware Removal Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows Vista (TM) Business x86
Ran by HP on st 15.04.2015 at 20:15:42,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\y7vc3d37.default\prefs.js
user_pref(browser.search.defaulturl, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(keyword.URL, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
Emptied folder: C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\y7vc3d37.default\minidumps [134 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 15.04.2015 at 20:18:27,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller
Po kliknutí na Zpráva jsem si log zkopíroval, dal jsem křížek ale co tady?
RogueKiller V10.5.10.0 [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : HP [Práva správce]
Started from : C:\Users\HP\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 04/15/2015 20:38:18
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-2901653510-423565564-4026880338-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CD374B3-2E58-4E4D-8DCE-FD789709761C} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1CD374B3-2E58-4E4D-8DCE-FD789709761C} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1CD374B3-2E58-4E4D-8DCE-FD789709761C} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2901653510-423565564-4026880338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] y7vc3d37.default : user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668"); -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS542580K9A300 ATA Device +++++
--- User ---
[MBR] a7075f2d5b22a339fb9dd34d7fc126c3
[BSP] b587505fdc21dc49de545df386937b6e : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 76317 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04152015_202742.log
Malwarebytes Anti-Malware
http://www.malwarebytes.org
Datum skenování: 15.4.2015
Čas skenování: 19:41:53
Protokol: mbam.txt
Správce: Ano
Verze: 2.01.4.1018
Databáze malwaru: v2015.04.15.07
Databáze rootkitů: v2015.03.31.01
Licence: Bezplatná verze
Ochrana proti malwaru: Vypnuto
Ochrana proti škodlivým webovým stránkám: Vypnuto
Ochrana programu: Vypnuto
OS: Windows Vista Service Pack 2
CPU: x86
Souborový systém: NTFS
Uživatel: HP
Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 294514
Uplynulý čas: 13 min, 3 sek
Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristika: Zapnuto
PUP: Zapnuto
PUM: Zapnuto
Procesy: 0
(Nenalezeny žádné škodlivé položky)
Moduly: 0
(Nenalezeny žádné škodlivé položky)
Klíče registru: 2
PUP.Optional.Babylon.A, HKU\S-1-5-21-2901653510-423565564-4026880338-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Do karantény, [855e2e3efb8ffa3c1b19fd415ba8c937],
PUP.Optional.SpeedChecker.A, HKLM\SOFTWARE\Speedchecker Limited, Do karantény, [9c4767057d0d8caa5c82ffd440c3a060],
Hodnoty registru: 0
(Nenalezeny žádné škodlivé položky)
Data registru: 0
(Nenalezeny žádné škodlivé položky)
Složky: 0
(Nenalezeny žádné škodlivé položky)
Soubory: 1
PUP.Optional.Babylon.A, C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\babylon.xml, Do karantény, [a241f8744842df577853a75e08fc25db],
Fyzické sektory: 0
(Nenalezeny žádné škodlivé položky)
(end)
AdwCleaner
# AdwCleaner v4.201 - Log vytvořen 15/04/2015 v 20:04:46
# Aktualizováno 08/04/2015 by Xplode
# Databáze : 2015-04-15.1 [Server]
# Operační system : Windows Vista (TM) Business Service Pack 2 (x86)
# Uživatelské jméno : HP - HP-NB
# Spuštěno z : C:\Users\HP\Desktop\adwcleaner_4.201.exe
# Nastavení : Čištění
***** [ Služby ] *****
***** [ Soubory / Složky ] *****
Složka Smazáno : C:\ProgramData\Babylon
Složka Smazáno : C:\Users\HP\AppData\Local\Rich Media Player
Složka Smazáno : C:\Users\HP\AppData\Roaming\Babylon
Soubor Smazáno : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\bingp.xml
***** [ Naplánované úlohy ] *****
Úloha Smazáno : LaunchSignup
***** [ Zástupci ] *****
***** [ Registry ] *****
Klíč Smazáno : HKLM\SOFTWARE\Classes\Prod.cap
Klíč Smazáno : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klíč Smazáno : HKCU\Software\APN PIP
Klíč Smazáno : HKCU\Software\Softonic
Klíč Smazáno : HKLM\SOFTWARE\PIP
Klíč Smazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
***** [ Prohlížeče ] *****
-\\ Internet Explorer v7.0.6002.18005
-\\ Mozilla Firefox v37.0.1 (x86 cs)
*************************
AdwCleaner[R0].txt - [1689 bytů] - [15/04/2015 10:05:46]
AdwCleaner[R1].txt - [1469 bytů] - [15/04/2015 20:02:54]
AdwCleaner[S0].txt - [1383 bytů] - [15/04/2015 20:04:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1441 bytů] ##########
Junkware Removal Tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.4 (04.13.2015:1)
OS: Windows Vista (TM) Business x86
Ran by HP on st 15.04.2015 at 20:15:42,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{15C4DF55-4B67-495A-A3D3-A497C4A49EE0}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\y7vc3d37.default\prefs.js
user_pref(browser.search.defaulturl, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
user_pref(keyword.URL, hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}&);
Emptied folder: C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\y7vc3d37.default\minidumps [134 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on st 15.04.2015 at 20:18:27,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RogueKiller
Po kliknutí na Zpráva jsem si log zkopíroval, dal jsem křížek ale co tady?
RogueKiller V10.5.10.0 [Apr 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno : Normální režim
Uživatel : HP [Práva správce]
Started from : C:\Users\HP\Desktop\RogueKiller.exe
Mód : Prohledat -- Datum : 04/15/2015 20:38:18
¤¤¤ Procesy : 0 ¤¤¤
¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.HomePage] HKEY_USERS\S-1-5-21-2901653510-423565564-4026880338-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.seznam.cz/?clid=22668 -> Nalezeno
[PUM.SearchPage] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms} -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1CD374B3-2E58-4E4D-8DCE-FD789709761C} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1CD374B3-2E58-4E4D-8DCE-FD789709761C} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1CD374B3-2E58-4E4D-8DCE-FD789709761C} | DhcpNameServer : 213.46.172.37 213.46.172.36 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.StartMenu] HKEY_USERS\S-1-5-21-2901653510-423565564-4026880338-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
¤¤¤ Úlohy : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Nalezeno
¤¤¤ Soubory : 0 ¤¤¤
¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
[C:\Windows\System32\drivers\etc\hosts] ::1 localhost
¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤
¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] y7vc3d37.default : user_pref("browser.startup.homepage", "https://www.seznam.cz/?clid=22668"); -> Nalezeno
¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS542580K9A300 ATA Device +++++
--- User ---
[MBR] a7075f2d5b22a339fb9dd34d7fc126c3
[BSP] b587505fdc21dc49de545df386937b6e : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 76317 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
============================================
RKreport_SCN_04152015_202742.log
-
Orcus
- člen Security týmu
-
Elite Level 10.5
- Příspěvky: 10645
- Registrován: duben 10
- Bydliště: Okolo rostou 3 růže =o)
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, občas pomalý PC
Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
====================================================
Stáhni
Zoek.exe
a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.
Do okna programu vlož skript níže:
Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
====================================================
Co problémy? + nový log z HJT
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller
====================================================
Stáhni
Zoek.exe
a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.
Do okna programu vlož skript níže:
Kód: Vybrat vše
autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .
Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.
====================================================
Co problémy? + nový log z HJT
Láska hřeje, ale uhlí je uhlí.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
Log z HJT vkládejte do HJT sekce. Je-li moc dlouhý, rozděl jej do více zpráv.
Pár rad k bezpečnosti PC.
Po dobu mé nepřítomnosti mě zastupuje memphisto, jaro3 a Diallix
Pokud budete spokojeni , můžete podpořit naše fórum.
-
FooDMasteR
- Level 2.5
- Příspěvky: 283
- Registrován: duben 11
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, občas pomalý PC
Moc se omlouvám, snad to nebylo tak zásadní. Je to notebook se španělským potiskem kláves (proto mám před sebou klávesnici USB), kterou jsem ale kvůli RogueKiller odpojil. Pak jsem dělal chvílu na té na notebooku ale při kopírování logu jsem dal CTRL+C na odpojené klávesnici a zavřel to. Nevím proč ale soubor RK Report na ploše není.
Zoek
Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by HP on p 17.04.2015 at 16:59:56,40.
Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\HP\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17.4.2015 17:01:59 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Users\HP\AppData\Roaming\PeerNetworking deleted successfully
C:\Users\HP\AppData\Local\Unity deleted successfully
C:\Users\HP\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\prefs.js:
user_pref("browser.search.defaultengine", "Seznam");
user_pref("browser.search.defaultenginename", "Seznam");
user_pref("browser.search.selectedEngine", "Seznam");
user_pref("browser.search.order.1", "Seznam");
Added to C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\Invalidprefs.js deleted
"C:\Users\HP\AppData\Local\{56236FC2-B3F8-410F-A782-299EE94BCD3C}" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14.04.2015 22:42]
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default
421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[14.04.2015 22:38]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Page"="http://www.google.com"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="https://www.seznam.cz/?clid=22668"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam.chromeUpdatePref deleted successfully
==== Empty IE Cache ======================
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\HP\AppData\Local\Mozilla\Firefox\Profiles\y7vc3d37.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3 folders=0 24774 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\HP\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\HP\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on p 17.04.2015 at 17:52:46,39 ======================
HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:39:25, on 20.4.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
FIREFOX: 37.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Users\HP\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 5163 bytes
Problémy žádné.
Zoek
Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by HP on p 17.04.2015 at 16:59:56,40.
Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\HP\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
17.4.2015 17:01:59 Zoek.exe System Restore Point Created Successfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
::1 localhost
==== Empty Folders Check ======================
C:\Users\HP\AppData\Roaming\PeerNetworking deleted successfully
C:\Users\HP\AppData\Local\Unity deleted successfully
C:\Users\HP\AppData\Local\VirtualStore deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\prefs.js:
user_pref("browser.search.defaultengine", "Seznam");
user_pref("browser.search.defaultenginename", "Seznam");
user_pref("browser.search.selectedEngine", "Seznam");
user_pref("browser.search.order.1", "Seznam");
Added to C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Deleting Files \ Folders ======================
C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\Invalidprefs.js deleted
"C:\Users\HP\AppData\Local\{56236FC2-B3F8-410F-A782-299EE94BCD3C}" deleted
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [14.04.2015 22:42]
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default
421CB2C1010522B3BF7C00725520B844 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
005EBE4A4E6E9C9A7967F6C3F413C1DF - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
9AE02005247DA91AB1743F5208DBEF76 - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll - Shockwave Flash
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[14.04.2015 22:38]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Search Page"="http://www.google.com"
"Search Bar"="https://www.seznam.cz/?clid=22668"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="https://www.seznam.cz/?clid=22668"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.autoupdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam.chromeUpdatePref deleted successfully
==== Empty IE Cache ======================
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\HP\AppData\Local\Mozilla\Firefox\Profiles\y7vc3d37.default\cache2 emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=3 folders=0 24774 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\HP\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\HP\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
==== EOF on p 17.04.2015 at 17:52:46,39 ======================
HJT
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:39:25, on 20.4.2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
FIREFOX: 37.0.1 (x86 cs)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\conime.exe
C:\Users\HP\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Unknown owner - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 5163 bytes
Problémy žádné.
Re: Prosím o kontrolu logu, občas pomalý PC
Stáhni si prosím FRST: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Ulož na Plochu, spusť jako Správce, potvrď licenci a klikni na tlačítko Scan. Vše ponech v základním nastavení, nic nezatrhávej.
Po dokončení skenu na tebe vyjedou dva logy, oba sem prosím zkopíruj.
Ulož na Plochu, spusť jako Správce, potvrď licenci a klikni na tlačítko Scan. Vše ponech v základním nastavení, nic nezatrhávej.
Po dokončení skenu na tebe vyjedou dva logy, oba sem prosím zkopíruj.
-
FooDMasteR
- Level 2.5
- Příspěvky: 283
- Registrován: duben 11
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, občas pomalý PC
Avast tvrdí že v tom je nákaza a blokuje to. Je to normální? Mám ho odstavit?
Re: Prosím o kontrolu logu, občas pomalý PC
Ano, odstav ho, rezidentní ochranu antiviru bys ideálně měl mít po celou dobu čištění vypnutou, antiviry rády hlásí tyto nástroje jako malware...
-
FooDMasteR
- Level 2.5
- Příspěvky: 283
- Registrován: duben 11
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, občas pomalý PC
FRST 1. log (FRST.txt)
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by HP (administrator) on HP-NB on 21-04-2015 22:16:09
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available profiles: HP)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-14] (Avast Software s.r.o.)
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\041507ba-6806-44c4-8cb4-e2376fcf1af7.exe [183232 2015-04-21] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll [2007-09-13] (Intel Corporation)
HKU\S-1-5-21-2901653510-423565564-4026880338-1000\...\MountPoints2: {e635e490-7784-11e2-b555-001f29ab65cd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-01-16]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-14] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2901653510-423565564-4026880338-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-14] (Avast Software s.r.o.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default
FF DefaultSearchEngine: Seznam
FF SearchEngineOrder.3: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\seznam-avast.xml [2014-10-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml [2013-07-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-16]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-14] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-14] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-04-14] (Avast Software)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-14] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-04-14] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-14] (Avast Software s.r.o.)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2015-04-14] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [253728 2015-04-14] (Avast Software s.r.o.)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-14] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-14] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-14] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-14] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-14] ()
R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1083880 2009-04-11] (Společnost Microsoft)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-04-14] (Avast Software)
S3 cpuz135; \??\C:\Users\HP\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-21 22:16 - 2015-04-21 22:16 - 00009199 _____ () C:\Users\HP\Desktop\FRST.txt
2015-04-21 22:15 - 2015-04-21 22:16 - 00000000 ____D () C:\FRST
2015-04-21 22:14 - 2015-04-21 22:14 - 01139200 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe
2015-04-20 21:39 - 2015-04-20 21:39 - 00005164 _____ () C:\Users\HP\Desktop\hijackthis.log
2015-04-19 12:25 - 2015-04-19 12:25 - 00847441 _____ () C:\Users\HP\Downloads\k. zákon.htm
2015-04-19 12:25 - 2015-04-19 12:25 - 00000000 ____D () C:\Users\HP\Downloads\k. zákon_soubory
2015-04-17 17:46 - 2015-04-17 16:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-04-17 17:01 - 2015-04-17 17:52 - 00007738 _____ () C:\zoek-results.log
2015-04-17 16:58 - 2015-04-17 17:42 - 00000000 ____D () C:\zoek_backup
2015-04-17 16:53 - 2015-04-17 16:53 - 01305600 _____ () C:\Users\HP\Desktop\zoek.exe
2015-04-15 20:23 - 2015-04-17 16:41 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-15 20:22 - 2015-04-15 20:28 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-15 20:21 - 2015-04-15 20:22 - 16866392 _____ () C:\Users\HP\Desktop\RogueKiller.exe
2015-04-15 20:15 - 2015-04-15 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HP-NB-Windows-Vista-(TM)-Business-(32-bit).dat
2015-04-15 20:15 - 2015-04-15 20:15 - 00000000 ____D () C:\RegBackup
2015-04-15 20:14 - 2015-04-15 20:14 - 02687136 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe
2015-04-15 19:40 - 2015-04-17 16:21 - 00001665 _____ () C:\Users\HP\Desktop\postup.txt
2015-04-15 10:13 - 2015-04-15 19:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 10:12 - 2015-04-15 10:12 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-15 10:12 - 2015-04-15 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-15 10:12 - 2015-04-15 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-15 10:12 - 2015-04-15 10:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-15 10:12 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-15 10:12 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-15 10:12 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-15 10:11 - 2015-04-15 10:11 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\HP\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-15 10:05 - 2015-04-15 20:05 - 00000000 ____D () C:\AdwCleaner
2015-04-15 10:04 - 2015-04-15 10:04 - 02217984 _____ () C:\Users\HP\Desktop\adwcleaner_4.201.exe
2015-04-15 10:00 - 2015-04-15 10:00 - 00000000 _____ () C:\Users\HP\AppData\Local\AtStart.txt
2015-04-15 09:55 - 2015-04-15 09:56 - 00448512 _____ (OldTimer Tools) C:\Users\HP\Desktop\TFC.exe
2015-04-15 09:50 - 2015-04-15 09:50 - 00050688 _____ (Atribune.org) C:\Users\HP\Desktop\ATF-Cleaner.exe
2015-04-15 07:26 - 2015-04-15 07:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\HP\Desktop\HijackThis.exe
2015-04-15 06:41 - 2015-04-15 06:42 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-14 22:46 - 2015-04-14 22:46 - 00001849 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-04-14 22:46 - 2015-04-14 22:46 - 00001789 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-04-14 22:43 - 2015-04-14 22:37 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-04-14 22:43 - 2015-04-14 22:30 - 00253728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdis2.sys
2015-04-14 22:42 - 2015-04-14 22:39 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-14 22:39 - 2015-04-14 22:40 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-14 22:30 - 2015-04-14 22:30 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2015-04-04 20:05 - 2015-04-15 09:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-22 19:20 - 2015-03-22 19:20 - 00000052 _____ () C:\Users\HP\Desktop\deletelink.txt
2015-03-22 18:40 - 2015-03-22 18:51 - 639614785 _____ () C:\Users\HP\Desktop\a.rar
2015-03-22 18:37 - 2015-03-22 18:39 - 00000000 ____D () C:\Users\HP\Desktop\fotkyfotak
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-21 21:46 - 2009-04-11 14:36 - 01343066 _____ () C:\Windows\WindowsUpdate.log
2015-04-21 21:40 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 21:40 - 2006-11-02 14:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-21 21:40 - 2006-11-02 14:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 22:35 - 2013-01-16 18:31 - 00001076 _____ () C:\Windows\bthservsdp.dat
2015-04-20 22:35 - 2006-11-02 15:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-20 22:30 - 2013-04-12 20:52 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-17 17:52 - 2006-11-02 15:00 - 00337478 _____ () C:\Windows\PFRO.log
2015-04-16 06:29 - 2009-04-13 11:21 - 01393902 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 10:00 - 2013-01-16 18:13 - 00000000 _____ () C:\Users\HP\AppData\Local\QSwitch.txt
2015-04-15 10:00 - 2013-01-16 18:13 - 00000000 _____ () C:\Users\HP\AppData\Local\DSwitch.txt
2015-04-15 09:48 - 2013-01-16 18:52 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-04-15 09:44 - 2013-01-16 17:58 - 00054608 _____ () C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 09:42 - 2006-11-02 14:47 - 00247760 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-15 07:31 - 2013-02-28 21:22 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Seznam.cz
2015-04-15 06:39 - 2013-01-16 18:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 06:39 - 2013-01-16 18:31 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 22:42 - 2014-10-15 19:48 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-14 22:37 - 2013-09-16 16:28 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-22 19:13 - 2013-02-28 21:22 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2015-03-22 19:12 - 2015-01-28 20:45 - 00000000 ___RD () C:\Program Files\Skype
2015-03-22 19:12 - 2013-02-28 21:21 - 00000000 ____D () C:\ProgramData\Skype
2015-03-22 18:42 - 2013-01-17 20:59 - 00050688 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Files in the root of some directories =======
2013-01-16 19:39 - 2013-01-16 19:39 - 0023888 _____ () C:\Users\HP\AppData\Roaming\UserTile.png
2015-04-15 10:00 - 2015-04-15 10:00 - 0000000 _____ () C:\Users\HP\AppData\Local\AtStart.txt
2013-01-17 20:59 - 2015-03-22 18:42 - 0050688 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-16 18:13 - 2015-04-15 10:00 - 0000000 _____ () C:\Users\HP\AppData\Local\DSwitch.txt
2013-05-11 17:40 - 2013-05-11 17:40 - 0000000 _____ () C:\Users\HP\AppData\Local\FnF4.txt
2013-01-16 18:13 - 2015-04-15 10:00 - 0000000 _____ () C:\Users\HP\AppData\Local\QSwitch.txt
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-21 21:46
==================== End Of Log ============================
FRST 2. log (Addition.txt)
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-04-2015
Ran by HP at 2015-04-21 22:17:12
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)
Avast Internet Security (HKLM\...\avast) (Version: 10.2.2215 - AVAST Software)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation)
Brother HL-2030 (HKLM\...\{EFE91F72-4E57-424D-8674-FAAA05FFC9CC}) (Version: 1.00 - Brother)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3700 - HP)
HP PCMCIA Smart Card Reader (HKLM\...\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}) (Version: 1.01.0001 - HP)
HP PCMCIA Smart Card Reader (HKLM\...\{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}) (Version: 1.03 - HP)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Malwarebytes Anti-Malware verze 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 cs) (HKLM\...\Mozilla Firefox 37.0.1 (x86 cs)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
OpenOffice.org 3.4 (HKLM\...\{F0C0221D-1DCD-487A-A3D1-E0C5B954F1DC}) (Version: 3.4.9590 - OpenOffice.org)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
30-03-2015 14:34:17 Windows Update
04-04-2015 19:11:48 Windows Update
12-04-2015 07:25:41 Windows Update
14-04-2015 22:16:45 avast! antivirus system restore point
16-04-2015 06:22:07 Windows Update
17-04-2015 17:01:26 zoek.exe restore point
19-04-2015 10:34:07 Naplánovaný kontrolní bod
20-04-2015 17:07:14 Naplánovaný kontrolní bod
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2015-04-17 17:06 - 00000781 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {85AC7BBC-AED9-417D-82E9-E830B40C40C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {8A4AEB9C-4A3D-414C-B18A-47DC38104B57} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Společnost Microsoft)
Task: {9D76891A-51A7-4AD2-8279-2F835A934504} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {FA921AA5-1CF8-44C3-BF4C-CBE43386129D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-14] (Avast Software s.r.o.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2006-12-20 13:18 - 2006-12-20 13:18 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-04-14 22:39 - 2015-04-14 22:39 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-14 22:39 - 2015-04-14 22:39 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-20 15:21 - 2015-04-20 15:21 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041901\algo.dll
2015-04-21 21:42 - 2015-04-21 21:42 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042101\algo.dll
2015-03-17 18:14 - 2015-04-14 22:41 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-12-20 13:00 - 2006-12-20 13:00 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2007-09-13 23:11 - 2007-09-13 23:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2901653510-423565564-4026880338-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-2901653510-423565564-4026880338-500 - Administrator - Disabled)
Guest (S-1-5-21-2901653510-423565564-4026880338-501 - Limited - Disabled)
HP (S-1-5-21-2901653510-423565564-4026880338-1000 - Administrator - Enabled) => C:\Users\HP
==================== Faulty Device Manager Devices =============
Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (04/21/2015 09:40:16 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (04/20/2015 10:22:26 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.
Error: (04/20/2015 05:22:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}
Error: (04/20/2015 05:22:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Error: (04/20/2015 03:20:44 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (04/19/2015 07:24:17 AM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (04/18/2015 10:56:25 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.
Error: (04/17/2015 05:52:40 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (04/17/2015 05:42:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (04/17/2015 05:42:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-04-21 22:17:06.458
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:06.395
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:06.348
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:06.286
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:06.068
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:06.021
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:05.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:05.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:16:39.922
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:16:39.844
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 560 @ 2.13GHz
Percentage of memory in use: 65%
Total physical RAM: 1014.52 MB
Available physical RAM: 350.69 MB
Total Pagefile: 2295.37 MB
Available Pagefile: 1450.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.53 GB) (Free:23.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 5CA61DE0)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-04-2015
Ran by HP (administrator) on HP-NB on 21-04-2015 22:16:09
Running from C:\Users\HP\Desktop
Loaded Profiles: HP (Available profiles: HP)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 7 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-14] (Avast Software s.r.o.)
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\041507ba-6806-44c4-8cb4-e2376fcf1af7.exe [183232 2015-04-21] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll [2007-09-13] (Intel Corporation)
HKU\S-1-5-21-2901653510-423565564-4026880338-1000\...\MountPoints2: {e635e490-7784-11e2-b555-001f29ab65cd} - F:\LaunchU3.exe -a
HKU\S-1-5-18\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-01-16]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-14] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2901653510-423565564-4026880338-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-14] (Avast Software s.r.o.)
Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default
FF DefaultSearchEngine: Seznam
FF SearchEngineOrder.3: Bing
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\y7vc3d37.default\searchplugins\seznam-avast.xml [2014-10-21]
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml [2013-07-06]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-16]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-14] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-04-14] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3205216 2015-04-14] (Avast Software)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-04-14] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26096 2015-04-14] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-04-14] (Avast Software s.r.o.)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2015-04-14] (ALWIL Software)
R0 aswNdis2; C:\Windows\system32\Drivers\aswNdis2.sys [253728 2015-04-14] (Avast Software s.r.o.)
R1 AswRdr; C:\Windows\system32\drivers\aswRdr.sys [55200 2015-04-14] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-04-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-04-14] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427736 2015-04-14] (Avast Software s.r.o.)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57888 2015-04-14] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [208024 2015-04-14] ()
R2 BrPar; C:\Windows\System32\drivers\BrPar.sys [19537 2000-07-24] (Brother Industries Ltd.) [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-03-17] (Malwarebytes Corporation)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1083880 2009-04-11] (Společnost Microsoft)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220240 2015-04-14] (Avast Software)
S3 cpuz135; \??\C:\Users\HP\AppData\Local\Temp\cpuz135\cpuz135_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-21 22:16 - 2015-04-21 22:16 - 00009199 _____ () C:\Users\HP\Desktop\FRST.txt
2015-04-21 22:15 - 2015-04-21 22:16 - 00000000 ____D () C:\FRST
2015-04-21 22:14 - 2015-04-21 22:14 - 01139200 _____ (Farbar) C:\Users\HP\Desktop\FRST.exe
2015-04-20 21:39 - 2015-04-20 21:39 - 00005164 _____ () C:\Users\HP\Desktop\hijackthis.log
2015-04-19 12:25 - 2015-04-19 12:25 - 00847441 _____ () C:\Users\HP\Downloads\k. zákon.htm
2015-04-19 12:25 - 2015-04-19 12:25 - 00000000 ____D () C:\Users\HP\Downloads\k. zákon_soubory
2015-04-17 17:46 - 2015-04-17 16:59 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-04-17 17:01 - 2015-04-17 17:52 - 00007738 _____ () C:\zoek-results.log
2015-04-17 16:58 - 2015-04-17 17:42 - 00000000 ____D () C:\zoek_backup
2015-04-17 16:53 - 2015-04-17 16:53 - 01305600 _____ () C:\Users\HP\Desktop\zoek.exe
2015-04-15 20:23 - 2015-04-17 16:41 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-15 20:22 - 2015-04-15 20:28 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-15 20:21 - 2015-04-15 20:22 - 16866392 _____ () C:\Users\HP\Desktop\RogueKiller.exe
2015-04-15 20:15 - 2015-04-15 20:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HP-NB-Windows-Vista-(TM)-Business-(32-bit).dat
2015-04-15 20:15 - 2015-04-15 20:15 - 00000000 ____D () C:\RegBackup
2015-04-15 20:14 - 2015-04-15 20:14 - 02687136 _____ (Thisisu) C:\Users\HP\Desktop\JRT.exe
2015-04-15 19:40 - 2015-04-17 16:21 - 00001665 _____ () C:\Users\HP\Desktop\postup.txt
2015-04-15 10:13 - 2015-04-15 19:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-15 10:12 - 2015-04-15 10:12 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-15 10:12 - 2015-04-15 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-15 10:12 - 2015-04-15 10:12 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-15 10:12 - 2015-04-15 10:12 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-04-15 10:12 - 2015-03-17 06:15 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-15 10:12 - 2015-03-17 06:15 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-15 10:12 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-15 10:11 - 2015-04-15 10:11 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\HP\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-15 10:05 - 2015-04-15 20:05 - 00000000 ____D () C:\AdwCleaner
2015-04-15 10:04 - 2015-04-15 10:04 - 02217984 _____ () C:\Users\HP\Desktop\adwcleaner_4.201.exe
2015-04-15 10:00 - 2015-04-15 10:00 - 00000000 _____ () C:\Users\HP\AppData\Local\AtStart.txt
2015-04-15 09:55 - 2015-04-15 09:56 - 00448512 _____ (OldTimer Tools) C:\Users\HP\Desktop\TFC.exe
2015-04-15 09:50 - 2015-04-15 09:50 - 00050688 _____ (Atribune.org) C:\Users\HP\Desktop\ATF-Cleaner.exe
2015-04-15 07:26 - 2015-04-15 07:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\HP\Desktop\HijackThis.exe
2015-04-15 06:41 - 2015-04-15 06:42 - 00000000 ____D () C:\Windows\system32\vbox
2015-04-14 22:46 - 2015-04-14 22:46 - 00001849 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-04-14 22:46 - 2015-04-14 22:46 - 00001789 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-04-14 22:43 - 2015-04-14 22:37 - 00026096 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswKbd.sys
2015-04-14 22:43 - 2015-04-14 22:30 - 00253728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswNdis2.sys
2015-04-14 22:42 - 2015-04-14 22:39 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-14 22:39 - 2015-04-14 22:40 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-14 22:30 - 2015-04-14 22:30 - 00012112 _____ (ALWIL Software) C:\Windows\system32\Drivers\aswNdis.sys
2015-04-04 20:05 - 2015-04-15 09:55 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-22 19:20 - 2015-03-22 19:20 - 00000052 _____ () C:\Users\HP\Desktop\deletelink.txt
2015-03-22 18:40 - 2015-03-22 18:51 - 639614785 _____ () C:\Users\HP\Desktop\a.rar
2015-03-22 18:37 - 2015-03-22 18:39 - 00000000 ____D () C:\Users\HP\Desktop\fotkyfotak
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-21 21:46 - 2009-04-11 14:36 - 01343066 _____ () C:\Windows\WindowsUpdate.log
2015-04-21 21:40 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-21 21:40 - 2006-11-02 14:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-21 21:40 - 2006-11-02 14:47 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 22:35 - 2013-01-16 18:31 - 00001076 _____ () C:\Windows\bthservsdp.dat
2015-04-20 22:35 - 2006-11-02 15:01 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-20 22:30 - 2013-04-12 20:52 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-17 17:52 - 2006-11-02 15:00 - 00337478 _____ () C:\Windows\PFRO.log
2015-04-16 06:29 - 2009-04-13 11:21 - 01393902 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 10:00 - 2013-01-16 18:13 - 00000000 _____ () C:\Users\HP\AppData\Local\QSwitch.txt
2015-04-15 10:00 - 2013-01-16 18:13 - 00000000 _____ () C:\Users\HP\AppData\Local\DSwitch.txt
2015-04-15 09:48 - 2013-01-16 18:52 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-04-15 09:44 - 2013-01-16 17:58 - 00054608 _____ () C:\Users\HP\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-15 09:42 - 2006-11-02 14:47 - 00247760 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-15 07:31 - 2013-02-28 21:22 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Seznam.cz
2015-04-15 06:39 - 2013-01-16 18:31 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 06:39 - 2013-01-16 18:31 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-04-14 22:42 - 2014-10-15 19:48 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00427736 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00208024 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00057888 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswTdi.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00055200 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr.sys
2015-04-14 22:42 - 2013-09-16 16:28 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-14 22:37 - 2013-09-16 16:28 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-22 19:13 - 2013-02-28 21:22 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Skype
2015-03-22 19:12 - 2015-01-28 20:45 - 00000000 ___RD () C:\Program Files\Skype
2015-03-22 19:12 - 2013-02-28 21:21 - 00000000 ____D () C:\ProgramData\Skype
2015-03-22 18:42 - 2013-01-17 20:59 - 00050688 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== Files in the root of some directories =======
2013-01-16 19:39 - 2013-01-16 19:39 - 0023888 _____ () C:\Users\HP\AppData\Roaming\UserTile.png
2015-04-15 10:00 - 2015-04-15 10:00 - 0000000 _____ () C:\Users\HP\AppData\Local\AtStart.txt
2013-01-17 20:59 - 2015-03-22 18:42 - 0050688 _____ () C:\Users\HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-16 18:13 - 2015-04-15 10:00 - 0000000 _____ () C:\Users\HP\AppData\Local\DSwitch.txt
2013-05-11 17:40 - 2013-05-11 17:40 - 0000000 _____ () C:\Users\HP\AppData\Local\FnF4.txt
2013-01-16 18:13 - 2015-04-15 10:00 - 0000000 _____ () C:\Users\HP\AppData\Local\QSwitch.txt
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-21 21:46
==================== End Of Log ============================
FRST 2. log (Addition.txt)
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-04-2015
Ran by HP at 2015-04-21 22:17:12
Running from C:\Users\HP\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version: - LSI Corporation)
Avast Internet Security (HKLM\...\avast) (Version: 10.2.2215 - AVAST Software)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 5.10.38.26 - Broadcom Corporation)
Brother HL-2030 (HKLM\...\{EFE91F72-4E57-424D-8674-FAAA05FFC9CC}) (Version: 1.00 - Brother)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}) (Version: 6.0.1.3700 - HP)
HP PCMCIA Smart Card Reader (HKLM\...\{24B3DF86-75B9-4DBD-AC39-C0C041583E6F}) (Version: 1.01.0001 - HP)
HP PCMCIA Smart Card Reader (HKLM\...\{CDA1ADA3-BBB4-4250-B272-AC21C78C3968}) (Version: 1.03 - HP)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
Malwarebytes Anti-Malware verze 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 cs) (HKLM\...\Mozilla Firefox 37.0.1 (x86 cs)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
OpenOffice.org 3.4 (HKLM\...\{F0C0221D-1DCD-487A-A3D1-E0C5B954F1DC}) (Version: 3.4.9590 - OpenOffice.org)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.7.0.109 - KMP Media co., Ltd)
WinRAR 5.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
30-03-2015 14:34:17 Windows Update
04-04-2015 19:11:48 Windows Update
12-04-2015 07:25:41 Windows Update
14-04-2015 22:16:45 avast! antivirus system restore point
16-04-2015 06:22:07 Windows Update
17-04-2015 17:01:26 zoek.exe restore point
19-04-2015 10:34:07 Naplánovaný kontrolní bod
20-04-2015 17:07:14 Naplánovaný kontrolní bod
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2015-04-17 17:06 - 00000781 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {85AC7BBC-AED9-417D-82E9-E830B40C40C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {8A4AEB9C-4A3D-414C-B18A-47DC38104B57} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [2008-01-21] (Společnost Microsoft)
Task: {9D76891A-51A7-4AD2-8279-2F835A934504} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: {FA921AA5-1CF8-44C3-BF4C-CBE43386129D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-14] (Avast Software s.r.o.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2006-12-20 13:18 - 2006-12-20 13:18 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2015-04-14 22:39 - 2015-04-14 22:39 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-14 22:39 - 2015-04-14 22:39 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-20 15:21 - 2015-04-20 15:21 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15041901\algo.dll
2015-04-21 21:42 - 2015-04-21 21:42 - 02926080 _____ () C:\Program Files\AVAST Software\Avast\defs\15042101\algo.dll
2015-03-17 18:14 - 2015-04-14 22:41 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2006-12-20 13:00 - 2006-12-20 13:00 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2007-09-13 23:11 - 2007-09-13 23:11 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2009-07-01 16:44 - 2009-07-01 16:44 - 00632888 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2901653510-423565564-4026880338-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\HP\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
DNS Servers: 213.46.172.37 - 213.46.172.36
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-2901653510-423565564-4026880338-500 - Administrator - Disabled)
Guest (S-1-5-21-2901653510-423565564-4026880338-501 - Limited - Disabled)
HP (S-1-5-21-2901653510-423565564-4026880338-1000 - Administrator - Enabled) => C:\Users\HP
==================== Faulty Device Manager Devices =============
Name: Fingerprint Sensor
Description: Fingerprint Sensor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (04/21/2015 09:40:16 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (04/20/2015 10:22:26 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.
Error: (04/20/2015 05:22:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}
Error: (04/20/2015 05:22:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Error: (04/20/2015 03:20:44 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (04/19/2015 07:24:17 AM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (04/18/2015 10:56:25 AM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.
Error: (04/17/2015 05:52:40 PM) (Source: Microsoft-Windows-ResourcePublication) (EventID: 1002) (User: NT AUTHORITY)
Description: Provider\Microsoft.Base.Publication/Publication/Computer
Error: (04/17/2015 05:42:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (04/17/2015 05:42:07 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-04-21 22:17:06.458
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:06.395
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:06.348
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:06.286
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:06.068
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:06.021
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:05.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:17:05.912
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:16:39.922
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
Date: 2015-04-21 22:16:39.844
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 560 @ 2.13GHz
Percentage of memory in use: 65%
Total physical RAM: 1014.52 MB
Available physical RAM: 350.69 MB
Total Pagefile: 2295.37 MB
Available Pagefile: 1450.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:74.53 GB) (Free:23.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 5CA61DE0)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu, občas pomalý PC
Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.
Kód: Vybrat vše
HKU\S-1-5-21-2901653510-423565564-4026880338-1000\...\MountPoints2: {e635e490-7784-11e2-b555-001f29ab65cd} - F:\LaunchU3.exe -a
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2901653510-423565564-4026880338-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
Task: {85AC7BBC-AED9-417D-82E9-E830B40C40C3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-15] (Adobe Systems Incorporated)
Task: {9D76891A-51A7-4AD2-8279-2F835A934504} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\TEMP:373E1720(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).
Ulož jej na na plochu jako fixlist.txt
Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 57 hostů