Pomalý pc Vyřešeno

[mople71]

Antivir je legální? Pokud ne, pryč s ním.


Odinstaluj tyto programy:

Kód: Vybrat vše

ActiveX контрола на Windows Live Mesh за отдалечени връзки
CCleaner
Skype Click to Call

Tato služba s tímto umístěním Ti něco říká?

Kód: Vybrat vše

tor; C:\Program Files (x86)\Tor\tor.exe

------------------------------------------------------------

Tyto soubory prosím otestuj na VirusTotal a dej mi sem odkazy na jejich test (pokud již byl soubor analyzován, klikni na Reanalyse): https://www.virustotal.com/

Kód: Vybrat vše

C:\Windows\system32\acovcnt.exe
C:\Windows\explorer.exe

------------------------------------------------------------

Aplikuj fixlist pro FRST:

Na Ploše (musí na ní být umístěn FRST) vytvoř textový soubor s názvem fixlist, do něj zkopíruj následujcí skript a ulož.

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

Task: {0AEA5E84-B991-4CC6-A657-65ACA448F165} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {1C1DA28E-DB53-4DC6-A5D1-9219E484C352} - System32\Tasks\{9267B099-6ACE-4931-9A39-8A28EA541925} => pcalua.exe -a "C:\Program Files (x86)\Cenega Czech\Mafia\Setup.exe" -d "C:\Program Files (x86)\Cenega Czech\Mafia"
Task: {1D4730AD-45B2-4AE4-A32F-64400E7CC079} - System32\Tasks\{AE3AE53C-074B-4A10-BCFA-B60F541D33DE} => C:\Users\Samerko\Desktop\FindAWF.exe
Task: {3A4A97CF-FE6D-467E-8537-949FF5EA0344} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
C:\Program Files (x86)\IObit
Task: {5E8AF6C6-EB0C-4B96-8A58-B408D3B4592A} - System32\Tasks\{F0145E68-401A-45BE-97FF-2ABFC9536C84} => C:\Users\Samerko\Desktop\FindAWF.exe
Task: {82145BA9-7C64-4E11-99E3-0E4D198F14DE} - System32\Tasks\{FB30DE2C-C916-4807-966D-D170DCBF1231} => C:\Users\Samerko\Desktop\FindAWF.exe
Task: {9DBD14B0-2CF2-400B-AF7C-9E563EB071E6} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {FDC866FE-6906-4A18-8026-E9EA9AC7A093} - System32\Tasks\{AD3716FC-2F47-492E-AE7D-3F5432A29AF5} => C:\Users\Samerko\Desktop\FindAWF.exe

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\...\Run: [instanteyedropper] => C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe [352256 2007-10-17] ()
HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-01] (Pando Networks)
FF Plugin HKU\S-1-5-21-1676706566-1539175069-4259669011-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-01] (Pando Networks)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-24]

CHR Extension: (Skype Click to Call) - C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-01]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-07-01]
CHR Extension: (Skype Click to Call) - C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-01]

S3 cpuz137; \??\C:\Users\Samerko\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 ATP; system32\DRIVERS\cmdatp.sys [X]

C:\ProgramData\RogueKiller
C:\Windows\Tasks\*.job
CMD: bitsadmin /reset /allusers
CMD: dir %appdata%
CMD: dir %localappdata%
CMD: dir %programdata%

EmptyTemp:
End

Poté otevři FRST jako správce a klikni na tlačítko >Fix<. Po restartu PC se na Ploše objeví fixlog, jeho obsah prosím vlož do dalšího příspěvku.

[Reklama]

[SamerLP]

Antivirus je na 100% legálny.
Programy som odinštaloval.
služba:

Kód: Vybrat vše

tor; C:\Program Files (x86)\Tor\tor.exe

Mi nič nehovorí. Ani som o tom nevedel a vôbec neviem čo to je.

VirusTotal:
Prvý súbor acovcnt.exe nemôžem nájsť píše mi že tam nie je.
explorer.exe - https://www.virustotal.com/sk/file/271e ... 430238371/

FRST po fixe:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by Samerko at 2015-04-28 18:16:04 Run:2
Running from C:\Users\Samerko\Desktop
Loaded Profiles: Samerko (Available profiles: Samerko & Skuska & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Task: {0AEA5E84-B991-4CC6-A657-65ACA448F165} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {1C1DA28E-DB53-4DC6-A5D1-9219E484C352} - System32\Tasks\{9267B099-6ACE-4931-9A39-8A28EA541925} => pcalua.exe -a "C:\Program Files (x86)\Cenega Czech\Mafia\Setup.exe" -d "C:\Program Files (x86)\Cenega Czech\Mafia"
Task: {1D4730AD-45B2-4AE4-A32F-64400E7CC079} - System32\Tasks\{AE3AE53C-074B-4A10-BCFA-B60F541D33DE} => C:\Users\Samerko\Desktop\FindAWF.exe
Task: {3A4A97CF-FE6D-467E-8537-949FF5EA0344} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
C:\Program Files (x86)\IObit
Task: {5E8AF6C6-EB0C-4B96-8A58-B408D3B4592A} - System32\Tasks\{F0145E68-401A-45BE-97FF-2ABFC9536C84} => C:\Users\Samerko\Desktop\FindAWF.exe
Task: {82145BA9-7C64-4E11-99E3-0E4D198F14DE} - System32\Tasks\{FB30DE2C-C916-4807-966D-D170DCBF1231} => C:\Users\Samerko\Desktop\FindAWF.exe
Task: {9DBD14B0-2CF2-400B-AF7C-9E563EB071E6} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {FDC866FE-6906-4A18-8026-E9EA9AC7A093} - System32\Tasks\{AD3716FC-2F47-492E-AE7D-3F5432A29AF5} => C:\Users\Samerko\Desktop\FindAWF.exe

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3978600 2015-03-30] (LogMeIn Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\...\Run: [instanteyedropper] => C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe [352256 2007-10-17] ()
HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-01] (Pando Networks)
FF Plugin HKU\S-1-5-21-1676706566-1539175069-4259669011-1000: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2013-06-01] (Pando Networks)
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-24]

CHR Extension: (Skype Click to Call) - C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-01]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-07-01]
CHR Extension: (Skype Click to Call) - C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2012-12-01]

S3 cpuz137; \??\C:\Users\Samerko\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S3 ATP; system32\DRIVERS\cmdatp.sys [X]

C:\ProgramData\RogueKiller
C:\Windows\Tasks\*.job
CMD: bitsadmin /reset /allusers
CMD: dir %appdata%
CMD: dir %localappdata%
CMD: dir %programdata%

EmptyTemp:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AEA5E84-B991-4CC6-A657-65ACA448F165} => Key not found.
C:\Windows\System32\Tasks\CCleanerSkipUAC not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1C1DA28E-DB53-4DC6-A5D1-9219E484C352}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C1DA28E-DB53-4DC6-A5D1-9219E484C352}" => Key deleted successfully.
C:\Windows\System32\Tasks\{9267B099-6ACE-4931-9A39-8A28EA541925} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9267B099-6ACE-4931-9A39-8A28EA541925}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1D4730AD-45B2-4AE4-A32F-64400E7CC079}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D4730AD-45B2-4AE4-A32F-64400E7CC079}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AE3AE53C-074B-4A10-BCFA-B60F541D33DE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AE3AE53C-074B-4A10-BCFA-B60F541D33DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A4A97CF-FE6D-467E-8537-949FF5EA0344}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A4A97CF-FE6D-467E-8537-949FF5EA0344}" => Key deleted successfully.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => Key deleted successfully.
C:\Program Files (x86)\IObit => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E8AF6C6-EB0C-4B96-8A58-B408D3B4592A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E8AF6C6-EB0C-4B96-8A58-B408D3B4592A}" => Key Deleted successfully.
C:\Windows\System32\Tasks\{F0145E68-401A-45BE-97FF-2ABFC9536C84} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0145E68-401A-45BE-97FF-2ABFC9536C84}" => Key Deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82145BA9-7C64-4E11-99E3-0E4D198F14DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82145BA9-7C64-4E11-99E3-0E4D198F14DE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{FB30DE2C-C916-4807-966D-D170DCBF1231} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FB30DE2C-C916-4807-966D-D170DCBF1231}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9DBD14B0-2CF2-400B-AF7C-9E563EB071E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DBD14B0-2CF2-400B-AF7C-9E563EB071E6}" => Key deleted successfully.
C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDC866FE-6906-4A18-8026-E9EA9AC7A093}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDC866FE-6906-4A18-8026-E9EA9AC7A093}" => Key deleted successfully.
C:\Windows\System32\Tasks\{AD3716FC-2F47-492E-AE7D-3F5432A29AF5} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD3716FC-2F47-492E-AE7D-3F5432A29AF5}" => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\LogMeIn Hamachi Ui => value deleted successfully.
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE => value deleted successfully.
HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\Software\Microsoft\Windows\CurrentVersion\Run\\instanteyedropper => value deleted successfully.
HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKCR\Wow6432Node\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\skype4com" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}" => Key deleted successfully.
HKCR\PROTOCOLS\Handler\skypec2c => Key not found.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\skypec2c => Key not found.
HKCR\Wow6432Node\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => Key deleted successfully.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109" => Key deleted successfully.
C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Moved successfully.
"HKU\S-1-5-21-1676706566-1539175069-4259669011-1000\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi not found.
C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Moved successfully.
C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd => Moved successfully.
C:\Users\Samerko\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Moved successfully.
cpuz137 => Service deleted successfully.
ATP => Service deleted successfully.
C:\ProgramData\RogueKiller => Moved successfully.
C:\Windows\Tasks\*.job => Moved successfully.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


========= dir %appdata% =========

Volume in drive C is OS
Volume Serial Number is 126D-E328

Directory of C:\Users\Samerko\AppData\Roaming

28. 04. 2015 11:36 <DIR> .
28. 04. 2015 11:36 <DIR> ..
17. 01. 2014 16:18 <DIR> .creativeportal
08. 01. 2015 17:43 <DIR> .minecraft
08. 01. 2014 20:49 <DIR> .techniclauncher
12. 11. 2014 18:04 <DIR> Adobe
14. 07. 2014 20:49 132 Adobe Form t GIF CS5 - pýedvolby
01. 04. 2015 19:34 132 Adobe Form t PNG CS5 - pýedvolby
12. 03. 2014 20:40 132 Adobe GIF Format CC Prefs
11. 09. 2013 19:55 <DIR> Adobe Mini Bridge CS5
11. 05. 2014 17:39 132 Adobe PNG Format CC Prefs
28. 04. 2015 17:00 <DIR> Aegisub
23. 03. 2015 17:27 <DIR> Apple Computer
23. 03. 2015 17:27 <DIR> Artisteer
05. 01. 2015 16:34 <DIR> Ashampoo
07. 01. 2015 12:54 2˙298 ASSDraw3.cfg
01. 04. 2012 17:18 <DIR> ASUS WebStorage
02. 10. 2013 14:13 <DIR> ATI
04. 12. 2014 20:12 <DIR> Audacity
30. 01. 2014 21:12 <DIR> Avant Downloader
30. 01. 2014 21:12 <DIR> Avant Profiles
17. 08. 2014 17:11 <DIR> AVG
30. 12. 2014 18:52 <DIR> avidemux
27. 03. 2013 18:03 <DIR> BANDISOFT
20. 12. 2013 16:06 <DIR> Bertware
17. 11. 2013 00:20 <DIR> BitTorrent Sync
10. 01. 2013 16:45 <DIR> Blender Foundation
24. 04. 2015 19:48 <DIR> BSplayer
24. 04. 2015 19:21 <DIR> BSplayer Pro
13. 10. 2012 17:57 <DIR> com.adobe.downloadassistant.AdobeDownloadAssistant
27. 07. 2013 20:19 <DIR> COMODO
02. 10. 2013 15:02 <DIR> CoreFTP
04. 08. 2013 10:52 <DIR> CyberLink
17. 01. 2015 14:29 <DIR> DAEMON Tools Lite
18. 12. 2013 19:08 <DIR> Dev-Cpp
30. 11. 2014 18:52 <DIR> EdgeRunner
25. 06. 2013 16:28 <DIR> ESTsoft
28. 04. 2015 18:07 <DIR> FileZilla
12. 11. 2014 18:04 132 Filtr IIIExport Adobe CS5 - pýedvolby
24. 09. 2013 13:32 <DIR> Firestorm
25. 03. 2014 17:17 <DIR> Firestorm_x64
04. 09. 2012 16:32 <DIR> FLEXnet
24. 04. 2015 08:43 <DIR> fontconfig
13. 04. 2013 18:08 <DIR> FreemakeVideoDownloader
10. 08. 2014 20:52 <DIR> ftblauncher
18. 10. 2014 15:28 <DIR> FutureTechCraft_Launcher
30. 04. 2013 16:54 <DIR> GHISLER
19. 09. 2013 17:20 <DIR> gtk-2.0
25. 02. 2015 16:53 <DIR> HandBrake
07. 04. 2013 13:35 <DIR> Hippo_OpenSim_Viewer
22. 09. 2013 15:14 <DIR> IcoFX2X
09. 10. 2012 14:17 <DIR> Identities
01. 09. 2014 11:44 <DIR> inkscape
30. 10. 2014 21:56 <DIR> IObit
06. 07. 2014 22:09 <DIR> library_dir
13. 06. 2013 17:54 <DIR> LogSys
16. 06. 2014 15:47 <DIR> LolClient
01. 04. 2012 18:15 <DIR> Macromedia
06. 10. 2013 08:33 <DIR> Malwarebytes
16. 01. 2015 18:59 <DIR> Maxthon3
14. 07. 2009 09:44 <DIR> Media Center Programs
28. 12. 2014 15:57 <DIR> MediaInfo
09. 12. 2013 17:17 <DIR> METAbolt
11. 04. 2013 17:22 <DIR> Minecraft Skin Viewer
09. 06. 2013 12:16 <DIR> Minecraft Version Changer
11. 04. 2015 16:35 <DIR> mIRC
19. 01. 2015 16:36 <DIR> mkvtoolnix
03. 03. 2014 15:21 <DIR> Mozilla
23. 01. 2015 18:07 <DIR> MPC-HC
17. 08. 2014 17:44 <DIR> Need for Speed World
17. 08. 2014 17:21 <DIR> Nero
25. 02. 2015 17:06 <DIR> NexusFont
19. 10. 2013 12:42 <DIR> Nico Mak Computing
11. 01. 2015 17:30 <DIR> Nitro PDF
14. 03. 2015 13:35 <DIR> Notepad++
04. 09. 2012 16:32 <DIR> Nuance
26. 04. 2013 21:00 <DIR> Nvu
29. 04. 2014 19:07 <DIR> OBS
22. 10. 2012 14:21 <DIR> OpenOffice.org
30. 05. 2014 13:55 <DIR> Origin
01. 03. 2014 18:54 <DIR> PDAppFlex
22. 02. 2015 19:25 <DIR> PhotoFiltre 7
09. 07. 2014 20:31 <DIR> PhotoScape
28. 06. 2014 17:55 <DIR> PSpad
23. 03. 2015 20:57 <DIR> puush
07. 07. 2014 08:25 <DIR> Raptr
08. 01. 2015 15:04 <DIR> Riot Games
18. 08. 2014 21:19 <DIR> Screaming Bee
03. 12. 2013 16:46 <DIR> SecondLife
28. 04. 2015 09:39 <DIR> Skype
29. 04. 2013 17:53 <DIR> skypesender
01. 06. 2013 14:32 <DIR> SplitMediaLabs
11. 09. 2013 19:55 <DIR> StageManager.BD092818F67280F4B42B04877600987F0111B594.1
01. 09. 2014 13:39 <DIR> SYSTEMAX Software Development
25. 12. 2013 11:59 <DIR> TeamViewer
31. 03. 2013 10:34 <DIR> TechSmith
24. 03. 2015 17:20 <DIR> TS3Client
16. 12. 2014 18:39 <DIR> TuneUp Software
28. 04. 2015 09:22 <DIR> uTorrent
16. 11. 2013 22:12 <DIR> Vidalia
13. 04. 2015 14:04 <DIR> VidCoder
24. 07. 2013 11:53 <DIR> Virtual Mechanics
28. 04. 2015 12:45 <DIR> vlc
04. 08. 2014 10:44 <DIR> VMware
28. 11. 2014 16:22 <DIR> Wargaming.net
05. 10. 2012 19:54 <DIR> WCMShare
16. 05. 2014 15:29 <DIR> Web Page Maker
04. 10. 2012 18:24 <DIR> WebcamMax
05. 12. 2012 20:36 <DIR> WinRAR
30. 12. 2014 19:36 <DIR> XMedia Recode
04. 09. 2012 16:32 <DIR> Zeon
04. 04. 2014 21:01 <DIR> Zoner
6 File(s) 2˙958 bytes
106 Dir(s) 69˙278˙957˙568 bytes free

========= End of CMD: =========


========= dir %localappdata% =========

Volume in drive C is OS
Volume Serial Number is 126D-E328

Directory of C:\Users\Samerko\AppData\Local

28. 04. 2015 09:07 <DIR> .
28. 04. 2015 09:07 <DIR> ..
28. 04. 2015 08:11 <DIR> Adobe
09. 01. 2015 22:30 <DIR> Aegisub
23. 03. 2015 17:27 <DIR> Apple Computer
09. 01. 2015 15:02 <DIR> ASUS
29. 07. 2014 20:38 4˙608 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
01. 04. 2012 17:26 <DIR> Deployment
17. 04. 2015 19:08 <DIR> Diagnostics
30. 04. 2014 16:40 <DIR> Dxtory Software
22. 09. 2014 16:15 <DIR> Echobit
30. 11. 2014 18:52 <DIR> EdgeRunner
17. 08. 2014 13:46 <DIR> Electronic_Arts_Inc
28. 11. 2013 16:39 <DIR> ElevatedDiagnostics
08. 10. 2012 19:21 <DIR> ESET
13. 10. 2012 18:43 <DIR> Facebook
28. 03. 2014 21:10 <DIR> Firestorm
21. 08. 2014 18:57 <DIR> FirestormOS_x64
30. 03. 2014 12:42 <DIR> FLT
12. 09. 2012 21:13 <DIR> fontconfig
22. 11. 2014 21:16 <DIR> ftblauncher
24. 04. 2015 06:46 203˙464 GDIPFONTCACHEV1.DAT
12. 09. 2012 21:13 <DIR> gegl-0.2
30. 04. 2013 16:53 <DIR> GHISLER
01. 02. 2014 14:50 <DIR> Google
07. 04. 2013 14:03 <DIR> Hippo_OpenSim_Viewer
05. 09. 2014 20:39 <DIR> HiSuite
02. 07. 2013 13:47 <DIR> IsolatedStorage
14. 02. 2015 22:03 <DIR> JDownloader v2.0
06. 10. 2013 08:21 <DIR> LogMeIn
28. 04. 2015 13:06 <DIR> LogMeIn Hamachi
09. 09. 2012 15:13 <DIR> Macromedia
17. 09. 2014 20:32 <DIR> Microsoft
28. 06. 2013 11:18 <DIR> Microsoft Games
13. 12. 2014 21:28 <DIR> Microsoft Help
13. 10. 2013 12:23 <DIR> Mozilla
11. 11. 2014 18:33 <DIR> oots
20. 06. 2014 20:53 <DIR> Origin
27. 04. 2015 19:31 <DIR> osu!
27. 11. 2014 18:42 <DIR> Paint.NET
15. 04. 2015 19:26 <DIR> PMB Files
01. 04. 2012 16:56 <DIR> Power2Go
02. 06. 2013 12:22 <DIR> Programs
16. 08. 2014 17:06 600 PUTTY.RND
23. 06. 2014 13:32 <DIR> Razer_Inc
22. 11. 2014 23:39 1˙896 recently-used.xbel
08. 12. 2013 18:03 <DIR> SecondLife
07. 04. 2013 13:25 <DIR> SingularityViewer
23. 03. 2014 15:22 <DIR> Skype
09. 12. 2013 19:29 <DIR> SkypeFx
09. 12. 2013 17:27 <DIR> SpacialAudio
01. 06. 2013 14:36 <DIR> SplitMediaLabs
08. 03. 2015 13:10 <DIR> Steam
10. 03. 2014 16:04 <DIR> SuperEasy_Software
31. 03. 2013 10:34 <DIR> TechSmith
28. 04. 2015 18:16 <DIR> Temp
16. 12. 2014 18:39 <DIR> TuneUp Software
18. 12. 2014 18:17 425 UserProducts.xml
08. 01. 2015 21:26 <DIR> UWebKit151
26. 01. 2015 15:10 <DIR> VidCoder
07. 12. 2012 18:23 <DIR> VirtualStore
03. 08. 2014 16:00 <DIR> VMware
27. 12. 2014 19:24 <DIR> VS Revo Group
17. 09. 2014 20:32 <DIR> Windows Live
22. 05. 2013 18:21 <DIR> Zoner
5 File(s) 210˙993 bytes
60 Dir(s) 69˙278˙953˙472 bytes free

========= End of CMD: =========


========= dir %programdata% =========

Volume in drive C is OS
Volume Serial Number is 126D-E328

Directory of C:\ProgramData

28. 04. 2015 18:16 <DIR> .
28. 04. 2015 18:16 <DIR> ..
01. 03. 2014 17:59 <DIR> Adobe
06. 07. 2014 22:08 <DIR> AMD
15. 03. 2012 14:05 <DIR> AmUStor
05. 01. 2015 16:34 <DIR> Ashampoo
15. 03. 2012 15:21 <DIR> ASUS
15. 03. 2012 14:07 <DIR> Atheros
17. 08. 2014 17:12 <DIR> AVG
17. 04. 2013 16:50 <DIR> Blizzard
11. 01. 2013 23:06 <DIR> BlueStacks
11. 01. 2013 23:08 <DIR> BlueStacksSetup
15. 03. 2012 14:38 <DIR> ChangeFolderView
16. 04. 2013 14:38 <DIR> COMODO
04. 08. 2013 10:52 <DIR> CyberLink
04. 08. 2013 11:11 <DIR> DAEMON Tools Lite
18. 12. 2013 19:03 <DIR> Dev-Cpp
01. 04. 2011 10:58 <DIR> Downloaded Installations
06. 06. 2014 13:06 <DIR> EA Core
20. 06. 2014 21:11 <DIR> EA Logs
22. 09. 2014 16:15 <DIR> Echobit
30. 11. 2014 18:52 <DIR> EdgeRunner
17. 08. 2014 13:45 <DIR> Electronic Arts
25. 01. 2015 19:44 <DIR> EPSON
22. 06. 2014 14:16 <DIR> ErrorEND64
29. 01. 2014 16:52 <DIR> ESET
08. 12. 2013 23:00 <DIR> firebird
27. 04. 2013 13:42 <DIR> FLEXnet
15. 03. 2012 14:35 <DIR> FolderView
30. 12. 2014 19:43 <DIR> Freemake
15. 03. 2012 15:03 <DIR> Google
22. 09. 2013 15:13 <DIR> IcoFX2X
30. 10. 2014 21:54 <DIR> IObit
23. 03. 2014 20:21 <DIR> LogMeIn
13. 06. 2013 17:11 <DIR> LogSys
09. 01. 2015 15:21 <DIR> Malwarebytes
28. 04. 2015 15:55 <DIR> Malwarebytes' Anti-Malware (portable)
01. 04. 2012 17:48 <DIR> McAfee
31. 12. 2014 20:46 <DIR> Microsoft Help
01. 04. 2012 17:27 <DIR> Mozilla
27. 12. 2014 18:13 <DIR> Nero
14. 10. 2012 11:04 <DIR> Nitro PDF
14. 02. 2015 21:56 <DIR> Norton
31. 12. 2014 12:48 <DIR> NortonInstaller
04. 09. 2012 16:32 <DIR> Nuance
20. 11. 2014 15:22 <DIR> Oracle
13. 12. 2014 21:20 <DIR> Origin
15. 03. 2012 14:09 <DIR> P4G
15. 04. 2015 19:26 <DIR> PMB Files
20. 06. 2014 20:53 <DIR> PopCap Games
23. 06. 2014 13:22 <DIR> Razer
25. 08. 2013 10:45 <DIR> regid.1986-12.com.adobe
20. 05. 2014 17:45 <DIR> REGSERVO64
24. 07. 2014 14:49 <DIR> Riot Games
01. 04. 2011 10:58 <DIR> ScanSoft
18. 08. 2014 21:19 <DIR> Screaming Bee
09. 04. 2015 14:17 <DIR> Skype
15. 03. 2012 14:07 <DIR> SonicFocus
01. 06. 2013 14:35 <DIR> SplitMediaLabs
10. 03. 2014 15:58 <DIR> Supereasy
01. 09. 2014 13:39 <DIR> SYSTEMAX Software Development
27. 12. 2014 17:35 <DIR> TechSmith
14. 03. 2013 15:30 <DIR> Temp
31. 01. 2014 20:57 <DIR> Trend Micro
16. 12. 2014 18:37 <DIR> TuneUp Software
04. 08. 2014 10:35 <DIR> VMware
27. 12. 2014 19:24 <DIR> VS Revo Group
05. 10. 2012 19:55 <DIR> WCMShare
15. 03. 2012 14:14 105 {40BF1E83-20EB-11D8-97C5-0009C5020658}.log
15. 03. 2012 14:13 107 {C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2 File(s) 212 bytes
68 Dir(s) 69˙278˙949˙376 bytes free

========= End of CMD: =========

EmptyTemp: => Removed 207.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 18:17:05 ====

[mople71]

Já jen, že nyní je ESET verze 8, ty máš 5.2, proč?


1) Na VirusTotal - jakmile klikneš na Choose File, objeví se okno výběru souboru, do adresního řádku dole zadáš přímé umístění:

Kód: Vybrat vše

C:\Windows\system32\acovcnt.exe

a stiskneš Enter. Následně klikneš na Scan it! a soubor by se měl nahrát.

---------------------------------------------------------

2) Stejným způsobem jako předtím vytvoř fixlist pro FRST s obsahem:

Kód: Vybrat vše

Start
C:\Users\Samerko\AppData\Roaming\Apple Computer
C:\Users\Samerko\AppData\Roaming\Ashampoo
C:\Users\Samerko\AppData\Roaming\AVG
C:\Users\Samerko\AppData\Roaming\BitTorrent Sync
C:\Users\Samerko\AppData\Roaming\Blender Foundation
C:\Users\Samerko\AppData\Roaming\COMODO
C:\Users\Samerko\AppData\Roaming\Firestorm
C:\Users\Samerko\AppData\Roaming\Firestorm_x64
C:\Users\Samerko\AppData\Roaming\IObit
C:\Users\Samerko\AppData\Roaming\TuneUp Software
C:\Users\Samerko\AppData\Local\Apple Computer
C:\Users\Samerko\AppData\Local\Firestorm
C:\Users\Samerko\AppData\Local\FirestormOS_x64
C:\Users\Samerko\AppData\Local\Power2Go
C:\Users\Samerko\AppData\Local\TuneUp Software
C:\ProgramData\AVG
C:\ProgramData\COMODO
C:\ProgramData\IObit
C:\ProgramData\McAfee
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller
C:\ProgramData\TuneUp Software
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
S2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-07] () [File not signed] <==== ATTENTION
C:\Program Files (x86)\Tor
End

---------------------------------------------------------

3) Nelíbí se mi úplně tvůj explorer.exe, podíváme se, jestli v PC nevedeš lepší:

Otevři FRST. Do volného textového pole v něm napiš:

Kód: Vybrat vše

explorer.exe

a stiskni Search Files.

Po dokončení se vytvoří na Ploše textový soubor jménem Search, jeho obsah sem prosím vlož.

[SamerLP]

No dôvod prečo mám takú verziu je že ja odkedy som to inštaloval vtedy som takú našiel a to bolo pred aj 2 rokmi a aktualizáciu mi neponúkalo takže som nevedel že sú aj iné verzie takže odporúčate upadatovať alebo netreba?

Ten virustotal vôbec stále aj keď takto to dám ten súbor nenájde proste ho nemám.

FRST po fixe:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by Samerko at 2015-04-28 19:35:33 Run:4
Running from C:\Users\Samerko\Desktop
Loaded Profiles: Samerko (Available profiles: Samerko & Skuska & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
C:\Users\Samerko\AppData\Roaming\Apple Computer
C:\Users\Samerko\AppData\Roaming\Ashampoo
C:\Users\Samerko\AppData\Roaming\AVG
C:\Users\Samerko\AppData\Roaming\BitTorrent Sync
C:\Users\Samerko\AppData\Roaming\Blender Foundation
C:\Users\Samerko\AppData\Roaming\COMODO
C:\Users\Samerko\AppData\Roaming\Firestorm
C:\Users\Samerko\AppData\Roaming\Firestorm_x64
C:\Users\Samerko\AppData\Roaming\IObit
C:\Users\Samerko\AppData\Roaming\TuneUp Software
C:\Users\Samerko\AppData\Local\Apple Computer
C:\Users\Samerko\AppData\Local\Firestorm
C:\Users\Samerko\AppData\Local\FirestormOS_x64
C:\Users\Samerko\AppData\Local\Power2Go
C:\Users\Samerko\AppData\Local\TuneUp Software
C:\ProgramData\AVG
C:\ProgramData\COMODO
C:\ProgramData\IObit
C:\ProgramData\McAfee
C:\ProgramData\Norton
C:\ProgramData\NortonInstaller
C:\ProgramData\TuneUp Software
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
S2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-07] () [File not signed] <==== ATTENTION
C:\Program Files (x86)\Tor
End
*****************

"C:\Users\Samerko\AppData\Roaming\Apple Computer" => File/Directory not found.
"C:\Users\Samerko\AppData\Roaming\Ashampoo" => File/Directory not found.
"C:\Users\Samerko\AppData\Roaming\AVG" => File/Directory not found.
"C:\Users\Samerko\AppData\Roaming\BitTorrent Sync" => File/Directory not found.
"C:\Users\Samerko\AppData\Roaming\Blender Foundation" => File/Directory not found.
"C:\Users\Samerko\AppData\Roaming\COMODO" => File/Directory not found.
"C:\Users\Samerko\AppData\Roaming\Firestorm" => File/Directory not found.
"C:\Users\Samerko\AppData\Roaming\Firestorm_x64" => File/Directory not found.
"C:\Users\Samerko\AppData\Roaming\IObit" => File/Directory not found.
"C:\Users\Samerko\AppData\Roaming\TuneUp Software" => File/Directory not found.
"C:\Users\Samerko\AppData\Local\Apple Computer" => File/Directory not found.
"C:\Users\Samerko\AppData\Local\Firestorm" => File/Directory not found.
C:\Users\Samerko\AppData\Local\FirestormOS_x64 => Moved successfully.
C:\Users\Samerko\AppData\Local\Power2Go => Moved successfully.
C:\Users\Samerko\AppData\Local\TuneUp Software => Moved successfully.
C:\ProgramData\AVG => Moved successfully.
C:\ProgramData\COMODO => Moved successfully.
C:\ProgramData\IObit => Moved successfully.
C:\ProgramData\McAfee => Moved successfully.
C:\ProgramData\Norton => Moved successfully.
C:\ProgramData\NortonInstaller => Moved successfully.
C:\ProgramData\TuneUp Software => Moved successfully.
C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log => Moved successfully.
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => Moved successfully.
tor => Service stopped successfully.
tor => Service deleted successfully.
C:\Program Files (x86)\Tor => Moved successfully.

==== End of Fixlog 19:38:18 ====

FRST explorer.exe :

Farbar Recovery Scan Tool (x64) Version: 27-04-2015 01
Ran by Samerko at 2015-04-28 19:40:16
Running from C:\Users\Samerko\Desktop
Boot Mode: Normal

================== Search Files: "explorer.exe" =============

C:\Windows\explorer.exe
[2015-01-01 14:20][2011-02-25 08:19] 2871808 ____A (Microsoft Corporation) 9A7D6A395E5EBA6F4B1C7D91A0B075FA

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012-09-02 18:57][2011-02-26 07:19] 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746 [File is signed]

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2012-09-02 18:57][2011-02-25 07:30] 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E [File is signed]

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011-02-18 21:49][2010-11-20 14:17] 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493 [File is signed]

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2012-09-02 18:57][2011-02-26 07:51] 2614784 ____A (Microsoft Corporation) 255CF508D7CFB10E0794D6AC93280BD8 [File is signed]

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2012-09-02 18:57][2011-02-26 07:33] 2614784 ____A (Microsoft Corporation) 2AF58D15EDC06EC6FDACCE1F19482BBF [File is signed]

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009-07-14 01:41][2009-07-14 03:14] 2613248 ____A (Microsoft Corporation) 15BC38A7492BEFE831966ADB477CF76F [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2012-09-02 18:57][2011-02-26 08:14] 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012-09-02 18:57][2011-02-25 08:19] 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011-02-18 21:49][2010-11-20 15:24] 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2012-09-02 18:57][2011-02-26 08:26] 2870784 ____A (Microsoft Corporation) E38899074D4951D31B4040E994DD7C8D [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2012-09-02 18:57][2011-02-26 08:23] 2870272 ____A (Microsoft Corporation) 0862495E0C825893DB75EF44FAEA8E93 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009-07-14 01:56][2009-07-14 03:39] 2868224 ____A (Microsoft Corporation) C235A51CB740E45FFA0EBFB9BAFCDA64 [File is signed]

C:\Windows\SysWOW64\explorer.exe
[2012-09-02 18:57][2011-02-25 07:30] 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E [File is signed]

C:\Windows\erdnt\cache86\explorer.exe
[2014-01-30 17:02][2011-02-25 08:19] 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 [File is signed]

C:\Program Files (x86)\Win8.1 SkinPack\Backup\explorer.exe
[2015-01-01 14:20][2011-02-25 08:19] 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3 [File is signed]

====== End Of Search ======

[Orcus]

Ten soubor co nejde najít zkopíruj nejprve na plochu. Eset určitě aktualizuj.

[mople71]

Udělej prosím další fixlist pro FRST:

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:
Replace: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe C:\Windows\explorer.exe
Unlock: C:\Windows\acovcnt.exe
CMD: copy C:\Windows\acovcnt.exe C:\Users\Samerko\Desktop
End

Zkopíruje ten soubor na plochu automaticky.

[SamerLP]

Spravil som fix resetol sa pc a nenabehne plocha cierna obrazovka a hlaska Explorer.EXE s textom Neregistrovaná trieda. Co mam robit pisem cez mobil lebo vobec sa nemam ako dostat na internet.

[mople71]

Hm, toho jsem se bál, proto ten bod obnovy... No nic, obnovíme z něj.

Dostaneš se do nouzového režimu? Restart PC a mačkat F8, dokud něnaběhne nabídka, z ní vybrat Nouzový režim.

[SamerLP]

Som v nudzovom ale vyhodi hlasku a len kurzor a cierna plocha vo teraz :(((((

[mople71]

Nabootuj tedy do Nouzového režimu s příkazovou řádkou - postup stejný, F8, zvolit.

Jakmile se přihlásíš, otevře se příkazová řádka, do ní zadáš:

Kód: Vybrat vše

rstrui.exe

a zmáčkneš Enter.

Nakonec vybereš poslední bod obnovy - měl by se zvolit automaticky a potvrdíš opravu.

[SamerLP]

Uff, ďakujem ešte že sa ten bod spravil ďakujem už som obnovil a ide windows.
Ten antivirus som aktualizoval na najnovšiu verziu.
Inak ten súbor pre virustotal som nejak dal na plochu a tu je výsledok:
https://www.virustotal.com/sk/file/aaf6 ... 430244223/
ten súbor mám kde dať teraz?

A tu je ten fixlog ktorý sa spravil predtým ako mi nenabehla plocha:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2015 01
Ran by Samerko at 2015-04-28 20:08:49 Run:5
Running from C:\Users\Samerko\Desktop
Loaded Profiles: Samerko (Available profiles: Samerko & Skuska & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
Replace: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe C:\Windows\explorer.exe
Unlock: C:\Windows\acovcnt.exe
CMD: copy C:\Windows\acovcnt.exe C:\Users\Samerko\Desktop
End
*****************

Processes closed successfully.
Restore point was successfully created.
C:\Windows\explorer.exe => Moved successfully.
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe copied successfully to C:\Windows\explorer.exe
"C:\Windows\acovcnt.exe" => Not found.

========= copy C:\Windows\acovcnt.exe C:\Users\Samerko\Desktop =========

Syst‚m nem“§e n jsś zadaně sŁbor.

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 20:11:12 ====

[mople71]

Moje chyba, vrhnul jsem se na něj moc brzo... Nejdřív odstraníme všechen malware, vyčistíme body obnovy a pak něco uděláme s explorerem.


Stáhni si ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypni trvale antivir! V průběhu skenu neotevírej žádná okna!

Ulož na Plochu. Zavři všechny okna, spusť jako správce, vše odsouhlas a nech CF pracovat.

Po dokončení skenu proběhne restart (nemusí) a log bude zde: C:\ComboFix.txt

Jeho obsah sem prosím vlož.