Prosím o kontrolu, prodloužil se start, nelze spustit obnovu

gajo64 · Příspěvekod **gajo64** » 03 úno 2015 06:50

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : PEPA [Práva správce]
Mód : Prohledat -- Datum : 02/03/2015 05:53:19

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 41 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 (\??\C:\Windows\GVTDrv64.sys) -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nalezeno
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Nalezeno
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16} | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16} | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16} | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] aa6ee25c89038e20432e4b0f47e5a4a3
[BSP] 58095e2e40519d2367c3c7a58a95c0e2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 89900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 184322048 | Size: 200000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 593922048 | Size: 186936 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: TOSHIBA MQ01ABD075 USB Device +++++
--- User ---
[MBR] 15a71b21f89d63395322e2c3c3e56927
[BSP] 5a02e7b2fe1132c2fc8cafa4d2b04c4f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 715402 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: WD Elements 1023 USB Device +++++
--- User ---
[MBR] 21fc82f4b7efe97c36727e6a35cf9d26
[BSP] 876ddeddcf12abcaca42540c77623854 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Reklama

Příspěvekod **jaro3** » 03 úno 2015 10:40

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + info o problémech.

gajo64 · Příspěvekod **gajo64** » 04 úno 2015 06:44

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : PEPA [Práva správce]
Mód : Smazat -- Datum : 02/03/2015 17:45:21

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 41 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 -> Smazáno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.seznam.cz/ -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR -> Nahrazeno (http://go.microsoft.com/fwlink/?LinkId=54896)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16} | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16} | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16} | DhcpNameServer : 93.153.117.33 93.153.117.1 8.8.8.8 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nahrazeno ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowVideos : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Nahrazeno (1)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD502HJ ATA Device +++++
--- User ---
[MBR] aa6ee25c89038e20432e4b0f47e5a4a3
[BSP] 58095e2e40519d2367c3c7a58a95c0e2 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 89900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 184322048 | Size: 200000 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 593922048 | Size: 186936 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_02032015_055319.log - RKreport_SCN_02032015_174327.log

gajo64 · Příspěvekod **gajo64** » 04 úno 2015 06:57

Posléze jsem vše provedl i s "Zoek.exe" a tam se asi něco kouslo. Přikládám přílohy stavu po cca 12 hodinách:

Zoek.exe v5.0.0.0 Updated 27-01-2015
Tool run by PEPA on Łt 03.02.2015 at 17:49:32,18.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\PEPA\Desktop\zoek.exe [Scan all users] [Script inserted]

===== Runcheck 17:53:07,36 =====

--- Create Environment Variables 17:53:09,23
--- Create System Restore Point 17:53:16,08
--- Checking Input 17:53:17,53
--- Reset Hosts File 17:53:24,44
--- AU AppData Check 17:53:24,80
--- Remove From Windows Installer 17:53:29,73
--- Empty Folders Check 17:54:59,17
--- Registry HKLM Software Check 17:54:59,18
--- Quick Launch Shortcut Check 17:55:16,73
--- IE Startpage Check 17:55:22,63
--- Program Files DB Check 17:56:00,38
--- C:\Users\Alexandra\AppData\Roaming DB Check 18:01:39,70
--- C:\Users\Default\AppData\Roaming DB Check 18:01:39,70
--- C:\Users\Default User\AppData\Roaming DB Check 18:01:39,70
--- C:\Users\PEPA\AppData\Roaming DB Check 18:01:39,70
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 18:01:39,70
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 18:01:39,70
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 18:01:39,70
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 18:01:39,70
--- C:\Users\PEPA DB Check 18:03:45,98
--- C:\PROGRA~3 DB Check 18:11:31,64
--- C:\Users\Alexandra\AppData\Local DB Check 18:11:37,12
--- C:\Users\Default\AppData\Local DB Check 18:11:37,12
--- C:\Users\Default User\AppData\Local DB Check 18:11:37,12
--- C:\Users\PEPA\AppData\Local DB Check 18:11:37,12
--- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 18:11:37,12
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 18:11:37,12
--- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 18:11:37,12
--- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 18:11:37,12
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 18:13:03,79
--- C:\Users\PEPA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 18:13:11,47
--- Tasks DB Check 18:13:16,60
--- Downloads DB Check 18:13:19,83
--- C:\Users\Alexandra\AppData\LocalLow DB Check 18:15:54,05
--- C:\Users\PEPA\AppData\LocalLow DB Check 18:15:54,05
--- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 18:15:54,05
--- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 18:15:54,05
--- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 18:15:54,05
--- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 18:15:54,05
--- Tasks2 DB Check 18:16:48,68
--- Documents DB Check 18:17:11,97
--- C:\Users\ALEXAN~1\AppData\Roaming\Mozilla\Firefox\Profiles\qoxiqwtj.default DB Check 18:17:17,37
--- C:\Users\PEPA\AppData\Roaming\Mozilla\Firefox\Profiles\kiafm9yz.default-1385755089184 DB Check 18:17:17,37
--- C:\Users\Public\Desktop DB Check 18:17:21,35
--- C:\Users\PEPA\Desktop DB Check 18:17:26,12
--- Services DB Check 18:17:33,58
--- FF prefs.js DB Check 18:17:55,40
--- Emptyclsid 18:19:08,27
--- Del by CLSID 18:19:13,03
--- Delete Services 18:20:01,50
--- Firefox Fix 18:20:04,41
--- Batch Commands 18:20:19,42
--- Delete files\folders 18:20:21,28
--- Create Backups 18:20:21,42

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

Zkoušel jsem jej vypnout a hlásil:

Zoek.exe is running now.
Do not start any browser windows, they may get closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

Sejmul jsem tedy printscreen správce úloh:

... a zoek stále jede...:

CO MOHU DĚLAT DÁL?
Za 10 min jdu do práce a někdy kolem 19:00 bych měl být doma...
Zatím děkuji!

Příspěvekod **jaro3** » 04 úno 2015 10:10

12h je honě.. zastav ho ve správci úloh. A zkus ho znovu spustit v nouz. režimi.

+
Vlož nový log z HJT + info o problémech.

gajo64 · Příspěvekod **gajo64** » 04 úno 2015 22:44

Zoek byl vytrvalejší, než podomní prodejce. Nešel a nešel smazat ani vypnout. Zkoušel všechno možné, až po té, co jsem spustil CCleaner (nevím, jestli to mělo nějaký vliv) se mi ho podařilo zastavit.
Tak tady je log "ZOEK" z nouzového řežimu:

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by PEPA on st 04.02.2015 at 22:25:05,67.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Safe Mode NETWORK No Internet Access Detected
Launched: C:\Users\PEPA\Desktop\zoek.exe [Scan all users] [Deep Scan]

==== Older Logs ======================

C:\zoek-results2015-02-03-172021.log 6004 bytes

==== Running Processes ======================

C:\Users\PEPA\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== System Specs ======================

Operating System: Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 64-bit
Manufacturer: Gigabyte Technology Co., Ltd. - Model: EP45T-UD3LR
Install Date: 27.1.2011 10:30:49
Last Boot: 4.2.2015 22:22:39
Processor: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz
Number of Processors: 2
Work Station
Bootmode: Fail-safe with network boot
Total RAM: 10238 MB (free 9256 MB - 90)
Computername: PEPA3
Domain: WORKGROUP
User: PEPA (Non-Administrator account)
Local Disk: C:\ - NTFS - 87 GB (free 33 GB)
Local Disk: D:\ - NTFS - 195 GB (free 67 GB)
Local Disk: E:\ - NTFS - 156 GB (free 84 GB)
CD \ DVD Drive: H:\
Bootdevice: \Device\HarddiskVolume1
Windows update:
Country: ¬esk ˙republika
Language: CSY

==== System Specs (Software) ======================

Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Google Chrome 40.0.2214.94
Internet Explorer Version: 11.0.9600.17239
Google Chrome version: 40.0.2214.94
Sun Java version: 1.8.0_25 (32-bit)
Sun Java version: 1.8.0_25 (64-bit)
Flash Player version: 16.0.0.257

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\PEPA\AppData\Local\Temp ====
2015-02-04 21:12:51 E0DC8C6BBC787B972A9A468648DBFD85 1008128 ----a-w- C:\Users\PEPA\AppData\Local\Temp\jrt\libiconv2.dll
2015-02-04 21:12:51 D202BAA425176287017FFE1FB5D1B77C 103424 ----a-w- C:\Users\PEPA\AppData\Local\Temp\jrt\libintl3.dll
2015-02-04 21:12:51 57CAC848FA14AE38F14F9441F8933282 140288 ----a-w- C:\Users\PEPA\AppData\Local\Temp\jrt\pcre3.dll
2015-02-04 21:12:51 547C43567AB8C08EB30F6C6BACB479A3 79360 ----a-w- C:\Users\PEPA\AppData\Local\Temp\jrt\regex2.dll
2015-02-04 21:07:45 CAAAC014C5C56A69F710B5F1B836DE22 1732032 ----a-w- C:\Users\PEPA\AppData\Local\Temp\dllnt_dump.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-01-28 18:16:45 348E3DFC717E77368FF41E665303F0DC 110348472 ----a-w- C:\Windows\SysWOW64\MRT.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-01-25 13:42:51 720FDCD053F10C27C5C783EBA28D2961 459776 ----a-w- C:\Windows\Sysnative\esxwiaud.dll
2015-01-25 13:42:51 51F7E818BF3482F8E7E53F1CE531F164 128392 ----a-w- C:\Windows\Sysnative\esdevapp.exe
2015-01-25 13:42:51 053B93AEC39E5F83B13066A4924AB307 17408 ----a-w- C:\Windows\Sysnative\esxcdev.dll
====== C:\Windows\Sysnative\drivers =====
2015-02-03 04:48:26 531121E7ED50084B493A69F8F8A7A927 37624 ----a-w- C:\Windows\Sysnative\drivers\TrueSight.sys
2015-01-28 19:23:39 F51065667FB127CF6DE984DAEA2F6B24 285208 ----a-w- C:\Windows\Sysnative\drivers\tmcomm.sys
2015-01-20 22:15:22 0636745A40DEA06283D45885C228AF01 20160 ----a-w- C:\Windows\Sysnative\drivers\GUBootStartup.sys
====== C:\Windows\Tasks ======
2015-01-28 20:57:30 CD2B3D75366E7708122F1299A06E1DBA 3006 ----a-w- C:\Windows\Sysnative\Tasks\{196A2E13-4290-438C-9686-A766E91EF9EB}
2015-01-28 20:55:09 BD06C76E2DFB73E175BAD61DB67191E7 2978 ----a-w- C:\Windows\Sysnative\Tasks\{36AA9F29-E33A-49F2-967A-C779EB429DCC}
2015-01-28 20:52:57 CD2B3D75366E7708122F1299A06E1DBA 3006 ----a-w- C:\Windows\Sysnative\Tasks\{E45B8A58-569D-4984-853B-3C1E384A59DB}
2015-01-25 14:24:31 C890B29F11780D651EBFCAFA7C221A0E 3136 ----a-w- C:\Windows\Sysnative\Tasks\{098E90FD-0D71-4F71-9A0A-F30DF4EFFE3D}
2015-01-25 14:17:19 D30319FF4017ADB4FF0950D5BFB8BDCF 3136 ----a-w- C:\Windows\Sysnative\Tasks\{CE2C425D-E7A0-4825-AEF0-02DCCC9A0944}
2015-01-25 13:05:35 B84CC54E8024F286B2E463E760B8EBC4 3124 ----a-w- C:\Windows\Sysnative\Tasks\{815E2FE5-1C5A-4C6B-845A-3E42F65EBA89}
2015-01-25 12:49:57 B3696CC031B46D8C0DF9F08E43E7CDE8 3124 ----a-w- C:\Windows\Sysnative\Tasks\{4428619B-D877-4ECE-9663-012F947663D1}
2015-01-20 22:43:33 -------- d-----w- C:\Windows\Sysnative\Tasks\Safer-Networking
2015-01-20 22:15:24 F8BBC9FC1725922BD43AE67A69CAD969 2966 ----a-w- C:\Windows\Sysnative\Tasks\GU5SkipUAC
2015-01-20 22:15:23 3425598D772F5B38465537F0558DF825 2616 ----a-w- C:\Windows\Sysnative\Tasks\GlaryInitialize 5
2015-01-20 22:15:23 1866A38060596DA11E97C4B860A9177A 326 ----a-w- C:\Windows\Tasks\GlaryInitialize 5.job
2015-01-20 22:09:56 4F020064822E9BB2C33CFF45C9AA4381 3224 ----a-w- C:\Windows\Sysnative\Tasks\{1CB3FE36-A7A4-4485-B00F-57C3CF32021D}
2015-01-20 09:20:45 966EAEB21E6CE6B094033CC43341CF72 3260 ----a-w- C:\Windows\Sysnative\Tasks\{89CF83F6-85B1-4125-AB38-277A763DD6EF}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-15 17:30:02 -------- d-----w- C:\Program Files\Tracker Software
2015-01-13 20:55:37 -------- d-----w- C:\Program Files\PDFCreator
======= C:\PROGRA~2 =====
2015-01-28 18:20:23 -------- d-----w- C:\PROGRA~2\Microsoft Windows 7 Upgrade Advisor
2015-01-27 17:55:35 -------- d-----w- C:\PROGRA~2\IObit
2015-01-20 22:15:15 -------- d-----w- C:\PROGRA~2\Glary Utilities 5
2015-01-15 05:38:56 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2015-01-15 05:38:37 -------- d-----w- C:\PROGRA~2\Java
2015-01-13 20:57:01 -------- d-----w- C:\PROGRA~2\PDF Architect 2
======= C: =====
====== C:\Users\PEPA\AppData\Roaming ======
2015-02-04 21:24:57 -------- d-----w- C:\Users\PEPA\AppData\Local\ElevatedDiagnostics
2015-01-28 20:55:11 -------- d-----w- C:\Users\PEPA\AppData\Local\Tracker Software
2015-01-28 20:33:55 0DD1023F531D333F017D719090223978 194120 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2015-01-28 19:29:55 B6173C6484A37EC7931CBA7C939FF0CA 211863 ----a-w- C:\Users\PEPA\AppData\Local\census.cache
2015-01-28 19:29:55 423E36E17D73DD63D9C0EBDDCA721D9F 170880 ----a-w- C:\Users\PEPA\AppData\Local\ars.cache
2015-01-28 19:22:04 664BAA735038781FFDE5C8A463F539A2 36 ----a-w- C:\Users\PEPA\AppData\Local\housecall.guid.cache
2015-01-28 18:21:36 -------- d-----w- C:\Users\PEPA\AppData\Local\Microsoft Corporation
2015-01-27 17:55:52 -------- d-----w- C:\Users\PEPA\AppData\Roaming\ProductData
2015-01-15 20:58:17 -------- d-----w- C:\Users\PEPA\AppData\Local\Microsoft Games
2015-01-15 18:56:22 -------- d-----w- C:\Users\PEPA\AppData\Local\PDFCreator
2015-01-13 21:09:42 -------- d-----w- C:\Users\PEPA\AppData\Roaming\PDF Architect 2
====== C:\Users\PEPA ======
2015-02-03 04:48:25 -------- d-----w- C:\ProgramData\RogueKiller
2015-02-03 04:48:14 175814FFCDAA1F26E7904148B4F186D6 18570328 ----a-w- C:\Users\PEPA\Desktop\RogueKillerX64.exe
2015-02-02 20:03:56 AF6E966D1F38287EF4D33B246CCC3A33 1388274 ----a-w- C:\Users\PEPA\Desktop\JRT.exe
2015-02-01 12:15:56 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\PEPA\Downloads\adwcleaner_4.109.exe
2015-02-01 12:04:37 788FCDDD88240A85039F7F561093B118 448512 ----a-w- C:\Users\PEPA\Downloads\TFC.exe
2015-02-01 11:26:16 45D44A7710432FB898BED8EE8CBA10B8 5325208 ----a-w- C:\Users\PEPA\Downloads\ccsetup502.exe
2015-01-28 19:21:05 57E86EA1E1AEBF898496F38D10A57664 2494560 ----a-w- C:\Users\PEPA\Downloads\HousecallLauncher64.exe
2015-01-28 18:12:03 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\PEPA\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.25334592105413274.6.1.Run.exe
2015-01-28 17:11:36 A0844C730F1091B491A8737404F4C914 347816 ----a-w- C:\Users\PEPA\Downloads\MicrosoftFixit.wu.RNP.25334592105413274.1.1.Run.exe
2015-01-27 17:55:39 -------- d-----w- C:\ProgramData\IObit
2015-01-25 13:42:51 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-01-25 13:34:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-01-25 12:41:23 A47A07B4E6CBCB214ECC87D5683DC29C 5641056 ----a-w- C:\Users\PEPA\Downloads\CDBurnerXP_v4.5.4.5306.exe
2015-01-21 08:31:24 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\PEPA\vssadmin
2015-01-20 22:15:25 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2015-01-15 17:30:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2015-01-15 05:42:21 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-01-15 05:38:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-13 20:57:07 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2015-01-13 20:55:51 -------- d-----w- C:\ProgramData\PDF Architect 2
2015-01-11 21:46:47 -------- d-----w- C:\ProgramData\Oracle

====== C: exe-files ==
2015-02-04 12:36:09 FD98434B6A06FE31A35E4BFBC827B290 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateOnDemand.exe
2015-02-04 12:36:09 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateSetup.exe
2015-02-04 12:36:09 5F0A3AA68785C49454F56C9F2DDA0237 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateWebPlugin.exe
2015-02-04 12:36:09 4C02536F4CA35911FB3EA5715F300C57 52040 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateBroker.exe
2015-02-04 12:36:05 F3B6470DA7CE34E559D3BA7365CC909C 115528 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdateComRegisterShell64.exe
2015-02-04 12:36:05 E1B44A75947137F4143308D566889837 107848 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleUpdate.exe
2015-02-04 12:36:05 83BB030C71C9727DCFB2737005772C4E 232264 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
2015-02-04 12:36:05 323CFFFDAF253AC65CD194A101BE6231 287048 ----atw- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
2015-02-04 12:36:02 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Install\{11286E2F-18BA-43DC-A157-783F1C5821BA}\GoogleUpdateSetup.exe
2015-02-04 12:36:02 7CA00A58AA808F4B9844C91845910377 880208 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.26.9\GoogleUpdateSetup.exe
2015-02-02 22:08:16 CF9BA33C05F698644E790FF80AB96295 41175632 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.94\40.0.2214.94_chrome_installer.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3752027927-3630821355-4230685425-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"GUDelayStartup"="C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe -delayrun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"ATICustomerCare"="C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe -start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"GUDelayStartup"="C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe -delayrun"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenu]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CanonSolutionMenu"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Canon\\SolutionMenu\\CNSLMAIN.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CCleaner Monitoring"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\CCleaner\\CCleaner64.exe\" /MONITOR"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DT PHL]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DT PHL"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Common Files\\Portrait Displays\\Shared\\DT_startup.exe -PHL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EEventManager]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EEventManager"
"hkey"="HKLM"
"command"="C:\\PROGRA~2\\EPSONS~1\\Event Manager\\EEventManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EPSON SX210 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EPSON SX210 Series"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\spool\\DRIVERS\\x64\\3\\E_IATIFDE.EXE /FU \"C:\\Windows\\TEMP\\E_S146A.tmp\" /EF \"HKCU\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_E7A50078D9C7333C20A7F3E24756BE5A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleChromeAutoLaunch_E7A50078D9C7333C20A7F3E24756BE5A"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Google\\Chrome\\Application\\chrome.exe\" --no-startup-window"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GUDelayStartup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GUDelayStartup"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Glary Utilities 5\\StartupManager.exe\" -delayrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IObit Malware Fighter]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IObit Malware Fighter"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\IObit\\IObit Malware Fighter\\IMF.exe\" /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nikon Message Center 2]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Nikon Message Center 2"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Nikon\\Nikon Message Center 2\\NkMC2.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PivotSoftware]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PivotSoftware"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Portrait Displays\\Pivot Software\\wpctrl.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RtHDVCpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RtHDVCpl"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe -s"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skytel]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skytel"
"hkey"="HKLM"
"command"="C:\\Program Files\\Realtek\\Audio\\HDA\\Skytel.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SpybotSD TeaTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpybotSD TeaTimer"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\Spybot - Search & Destroy\\TeaTimer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^PEPA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FreeRapid 0.9u4.lnk]
"path"="C:\\Users\\PEPA\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\FreeRapid 0.9u4.lnk"
"backup"="C:\\Windows\\pss\\FreeRapid 0.9u4.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\PEPA\\Desktop\\ZSTUPC~1\\3-STAH~1\\FreeRapid-0.9u4\\frd.exe -m"
"item"="FreeRapid 0.9u4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^PEPA^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Zastavte stopky.txt]
"path"="C:\\Users\\PEPA\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Zastavte stopky.txt"
"backup"="C:\\Windows\\pss\\Zastavte stopky.txt.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\PEPA\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Zastavte stopky.txt"
"item"="Zastavte stopky"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AeLookupSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ALG]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AppIDSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AppMgmt]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Asset Management Daemon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AxInstSV]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BDESVC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\BITS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Browser]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\bthserv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\clr_optimization_v4.0.30319_32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\clr_optimization_v4.0.30319_64]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\COMSysApp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\defragsvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\dot3svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\DTSRVC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EapHost]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EFS]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ehRecvr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\ehSched]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\EventSystem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FDResPub]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FLEXnet Licensing Service]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\FontCache3.0.0.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\gupdatem]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IDriverT]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IEEtwCollectorService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IJPLMSVC]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\msiserver]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PDF Architect 2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PDF Architect 2 Creator]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\pdfforge CrashHandler]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PdiService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\pla]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\PNRPAutoReg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\QWAVE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RasAuto]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RasMan]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\RpcLocator]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SCardSvr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SCPolicySvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDScannerService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDUpdateService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SDWSCService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\seclogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SessionEnv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\SkypeUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TapiSrv]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\TermService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\UmRdpService]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\WPCSvc]

==== Startup Folders ======================

2011-01-27 18:19:43 1239 ----a-w- C:\Users\Alexandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [21.01.2015 08:31]
C:\Windows\tasks\GlaryInitialize 5.job --a------ C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [19.01.2015 08:25]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05.06.2013 00:19]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05.06.2013 00:19]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\Driver Booster SkipUAC (PEPA)" [C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe]
"C:\Windows\SysNative\tasks\GlaryInitialize 5" [C:\Program Files (x86)\Glary Utilities 5\Initialize.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GU5SkipUAC" [C:\Program Files (x86)\Glary Utilities 5\Integrator.exe]
"C:\Windows\SysNative\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\SysNative\tasks\{196A2E13-4290-438C-9686-A766E91EF9EB}" [C:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe]
"C:\Windows\SysNative\tasks\{36AA9F29-E33A-49F2-967A-C779EB429DCC}" [C:\Program Files\Tracker Software\Live Update\LiveUpdate.exe]
"C:\Windows\SysNative\tasks\{8F2C006A-A3DF-40D9-BA8F-1F98BF4D6798}" ["c:\program files (x86)\mozilla firefox\firefox.exe"]
"C:\Windows\SysNative\tasks\{90CE2496-1D8F-4C28-A231-8E611447FB89}" [C:\Program Files (x86)\PC Fresh\PC Fresh.exe]
"C:\Windows\SysNative\tasks\{A6DDF1B3-5FA2-4804-AEBA-5CAA39D27286}" [C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe]
"C:\Windows\SysNative\tasks\{E45B8A58-569D-4984-853B-3C1E384A59DB}" [C:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe"]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [27.01.2015 18:39]

==== Firefox Extensions ======================

ProfilePath: C:\Users\PEPA\AppData\Roaming\Mozilla\Firefox\Profiles\kiafm9yz.default-1385755089184
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[27.11.2014 04:40]

Google Docs - Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Avast Online Security - Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
Google Wallet - Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Alexandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Drive - PEPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
500px - PEPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\egpociadnldbkfkjpmjoaibnbcoeplja
Universe - PEPA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlkepiaokmmeefmfichjiennfpdclcee

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: PDF Architect Helper - {691B33B0-B86E-47F3-81C7-56E4FE3B929C} - C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\bonjour\mdnsnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=30 folders=22 2233268 bytes)

==== After Reboot ======================

==== EOF on st 04.02.2015 at 22:36:30,65 ======================

gajo64 · Příspěvekod **gajo64** » 04 úno 2015 22:48

A tady HJT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:46:28, on 4.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)

FIREFOX: 26.0 (cs)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\notepad.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Users\PEPA\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: PDF Architect Helper - {691B33B0-B86E-47F3-81C7-56E4FE3B929C} - C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\bonjour\mdnsnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6642 bytes

gajo64 · Příspěvekod **gajo64** » 05 úno 2015 08:11

PŘED CHVÍLÍ JSEM SI UVĚDOMIL, ŽE JSEM VČERA VEČER SPUSTIL "ZOEK" BES TVÉHO DOPRUČENÍ, ABYCH VLOŽIL TEBOU PŘEDEPSANÝ SKRIPT. ASI BYCH TO MĚL VEČER OPĚT PROVÉST, ŽE ANO...

Příspěvekod **jaro3** » 05 úno 2015 09:36

To bys měl , ale předtím odinstaluj Spybot (jestli půjde , možná jsou tam jen zbytky).

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

gajo64 · Příspěvekod **gajo64** » 06 úno 2015 04:30

NĚJAK SE MI NEDAŘÍ. ZOEK SE OPĚT HRYZNUL NA POZICI, CO POSLEDNĚ A TADY JE STAV PO OSMI HODINÁCH:

OPĚT MI DALO SPOUSTU PROBLÉMŮ JEJ VYPNOUT, NO PO CCLEANERU TO OPĚT ŠLO JEJ VYPNOUT.
POSLÉZE JSEM TEDY SPUSTIL HJT A POLOŽKA 020-... TAM VŮBEC NEBYLA. VIZ :
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:21:09, on 6.2.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)

FIREFOX: 26.0 (cs)
Boot mode: Normal

Running processes:
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\icacls.exe
C:\Users\PEPA\Desktop\Zástupci\2 - ÚDRŽBA\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: PDF Architect Helper - {691B33B0-B86E-47F3-81C7-56E4FE3B929C} - C:\Program Files (x86)\PDF Architect 2\creator-ie-helper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files (x86)\PDF Architect 2\creator-ie-plugin.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\bonjour\mdnsnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{70ECFAA1-2CC5-4AD7-B4FD-F7F85AA49E16}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Asset Management Daemon - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6449 bytes

..........................................................................................................................
KONČÍM DNES V ZAMĚSTNÁNÍ VE 12:00 A ODJÍŽDÍM NA VÍKEND MIMO DOMOV. V PONDĚLÍ RÁNO BYCH RÁD POKRAČOVAL, ALE JAK ☺☺☺?
DĚKUJI!

Příspěvekod **jaro3** » 06 úno 2015 09:13

Co problémy?

gajo64 · Příspěvekod **gajo64** » 06 úno 2015 10:28

Nevím, jak moc jsem svému PC pomohl díky tvým radám, protože jsem stihnul akorát ráno před odchodem do práce prohlédnout, co se dělo přes noc a pak ten printscreen a log sem hodit.
Jak píšu výše, po HJT jsem neobjevil položku O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing). Jak vidíš v logu po 18-ce tam byla až položka 23. Tak nevím, jak moc ta absence 20 vadila... Poté už jsem už stihnul jen vypnout počítač. Na opětný restart a ověření funkčností bodů obnovy už mi čas nezbyl. V pondělí mám odpolední, tak bych rád ráno pokračoval...
Přeji hezký víkend!

Prosím o kontrolu, prodloužil se start, nelze spustit obnovu Vyřešeno

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Re: Prosím o kontrolu, prodloužil se start, nelze spustit ob

Kdo je online