Zpomalování notebooku

Jirka006 · Příspěvekod **Jirka006** » 03 úno 2015 17:11

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : Jirka [Práva správce]
Mód : Prohledat -- Datum : 02/03/2015 17:05:29

¤¤¤ Procesy : 2 ¤¤¤
[Suspicious.Path] HostAppService.exe(2788) -- C:\Users\Jirka\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Zastaveno [TermProc]
[Suspicious.Path] HostAppService.exe(368) -- C:\Users\Jirka\AppData\Local\Pokki\Engine\HostAppService.exe[7] -> Zastaveno [TermThr]

¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-166109200-1551394066-2034920830-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer13.msn.com -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-166109200-1551394066-2034920830-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer13.msn.com -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{399B6F5D-AA20-4E8E-9B2D-61AEE0B493F9} | NameServer : 78.136.128.4 78.136.128.12 -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CE497198-13F6-4C25-B81D-414E6C42584F} | NameServer : 78.136.128.4 78.136.128.12 -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD742FA4-CEDD-4910-9DBF-A74351AC2A41} | DhcpNameServer : 77.242.95.7 81.200.55.34 -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{399B6F5D-AA20-4E8E-9B2D-61AEE0B493F9} | NameServer : 78.136.128.4 78.136.128.12 -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CE497198-13F6-4C25-B81D-414E6C42584F} | NameServer : 78.136.128.4 78.136.128.12 -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DD742FA4-CEDD-4910-9DBF-A74351AC2A41} | DhcpNameServer : 77.242.95.7 81.200.55.34 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0xc000036b]) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] qr33oryj.default : user_pref("browser.startup.homepage", "http://www.centrum.cz/?utm_source=ch-toolbar&utm_medium=ff-centrum-cz&utm_campaign=home"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVX-22JC3T0 +++++
--- User ---
[MBR] 625bf4389e033e6e80b31d16991b3bd8
[BSP] 74c02db2c10e3fb517440b052cba0f2c : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: JetFlash Transcend 8GB USB Device +++++
--- User ---
[MBR] 56f1a5cc4b1ebeb38f16df047fe42788
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 256 | Size: 7682 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

Reklama

Příspěvekod **jaro3** » 03 úno 2015 18:40

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vypni antivir
Stáhni
Zoek.exe

a uloz si ho na plochu.
Zavři všechny ostatní programy , okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor , náběh programu může trvat déle.

Do okna programu vlož skript níže:

Kód: Vybrat vše

autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;

klikni na Run Script
Program provede sken , opravu, sken i oprava může trvat i více minut ,je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů , jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

Vlož nový log z HJT + info o problémech.

Jirka006 · Příspěvekod **Jirka006** » 04 úno 2015 16:25

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : Jirka [Práva správce]
Mód : Prohledat -- Datum : 02/04/2015 16:13:12

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-166109200-1551394066-2034920830-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer13.msn.com -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-166109200-1551394066-2034920830-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer13.msn.com -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{399B6F5D-AA20-4E8E-9B2D-61AEE0B493F9} | NameServer : 78.136.128.4 78.136.128.12 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{CE497198-13F6-4C25-B81D-414E6C42584F} | NameServer : 78.136.128.4 78.136.128.12 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DD742FA4-CEDD-4910-9DBF-A74351AC2A41} | DhcpNameServer : 77.242.95.7 81.200.55.34 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{399B6F5D-AA20-4E8E-9B2D-61AEE0B493F9} | NameServer : 78.136.128.4 78.136.128.12 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CE497198-13F6-4C25-B81D-414E6C42584F} | NameServer : 78.136.128.4 78.136.128.12 [CZECH REPUBLIC (CZ)][CZECH REPUBLIC (CZ)] -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DD742FA4-CEDD-4910-9DBF-A74351AC2A41} | DhcpNameServer : 77.242.95.7 81.200.55.34 [(Unknown Country?) (XX)][(Unknown Country?) (XX)] -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Nalezeno
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Nenahrán [0xc000036b]) ¤¤¤

¤¤¤ Webové prohlížeče : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] qr33oryj.default : user_pref("browser.startup.homepage", "http://www.centrum.cz/?utm_source=ch-toolbar&utm_medium=ff-centrum-cz&utm_campaign=home"); -> Nalezeno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVX-22JC3T0 +++++
--- User ---
[MBR] 625bf4389e033e6e80b31d16991b3bd8
[BSP] 74c02db2c10e3fb517440b052cba0f2c : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: JetFlash Transcend 8GB USB Device +++++
--- User ---
[MBR] 56f1a5cc4b1ebeb38f16df047fe42788
[BSP] 4b8b702b557e3455c4e0f1b634afd5c4 : Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0xb) [VISIBLE] Offset (sectors): 256 | Size: 7682 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

============================================
RKreport_SCN_02032015_170529.log

Příspěvekod **jaro3** » 04 úno 2015 19:02

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vlož nový log z HJT + info o problémech.

Jirka006 · Příspěvekod **Jirka006** » 12 úno 2015 16:42

Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Jirka on źt 12. 02. 2015 at 15:58:46,00.
Microsoft Windows 8.1 6.3.9600 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Jirka\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

12. 2. 2015 16:02:22 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-166109200-1551394066-2034920830-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_USERS\S-1-5-21-166109200-1551394066-2034920830-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0D53ACD3-1771-43de-9C13-CC1F014DEAAD} deleted successfully
HKEY_USERS\S-1-5-21-166109200-1551394066-2034920830-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70A5A879-0F23-49D8-AFC1-17416F0A4233} deleted successfully
HKEY_USERS\S-1-5-21-166109200-1551394066-2034920830-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB746CAB-635A-49AC-B571-3B8F85AF9B8B} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== FireFox Fix ======================

Deleted from C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\qr33oryj.default\prefs.js:
user_pref("browser.search.defaultEngineName", "Centrum.cz");
user_pref("browser.search.selectedEngine", "Centrum.cz");

Added to C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\qr33oryj.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\Jirka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PC App Store.lnk deleted
C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Pokki deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\Users\Jirka\AppData\Local\Pokki deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\Jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk deleted
C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\qr33oryj.default\Invalidprefs.js deleted
"C:\Windows\Installer\2a8a9.msi" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [27. 01. 2015 22:37]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\qr33oryj.default
C62322C77D1AAB77B1CF1130FCC3673A - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll - Shockwave Flash

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[26. 11. 2014 05:47]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[14. 07. 2014 17:22]

Avast Online Security - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{DA4C06D8-CCBB-4144-BCDF-8B52D44BD991} Unknown Url="Not_Found"

==== Reset Google Chrome ======================

C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-166109200-1551394066-2034920830-1001\Software\Microsoft\Internet Explorer\SearchScopes\{DA4C06D8-CCBB-4144-BCDF-8B52D44BD991} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jirka\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Jirka\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Jirka\AppData\Local\Mozilla\Firefox\Profiles\qr33oryj.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=9046 folders=291 575764103 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jirka\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\Jirka\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on źt 12. 02. 2015 at 16:37:48,59 ======================

Jirka006 · Příspěvekod **Jirka006** » 12 úno 2015 16:55

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : Jirka [Práva správce]
Mód : Prohledat -- Datum : 02/12/2015 16:50:42

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVX-22JC3T0 +++++
--- User ---
[MBR] 625bf4389e033e6e80b31d16991b3bd8
[BSP] 74c02db2c10e3fb517440b052cba0f2c : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_02112015_123517.log - RKreport_DEL_02112015_123637.log - RKreport_SCN_02032015_170529.log - RKreport_SCN_02042015_161312.log
RKreport_SCN_02112015_092140.log - RKreport_SCN_02112015_123215.log

Příspěvekod **jaro3** » 12 úno 2015 19:01

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB (kromě myši s klávesnice) nebo externí disky z počítače před spuštěním tohoto programu.
Spusť znovu RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Pak klikni na "Prohledat " ,po jeho skončení:

- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka)
(musíš dát myší zatržítko do toho čtverečku vlevo od registru ap.)

- Klikni na "Smazat"
- Počkej, dokud Status box nezobrazí " Mazání dokončeno "
- Klikni na "Zpráva " a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

Vlož nový log z HJT + info o problémech.

Jirka006 · Příspěvekod **Jirka006** » 13 úno 2015 07:17

RogueKiller V10.2.0.0 (x64) [Jan 19 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 8.1 (6.3.9200 ) 64 bits version
Spuštěno : Normální režim
Uživatel : Jirka [Práva správce]
Mód : Smazat -- Datum : 02/13/2015 07:14:19

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 1 ¤¤¤
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Nahrazeno (0)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost -> Smazáno

¤¤¤ Antirootkit : 0 (Driver: Nahrán) ¤¤¤

¤¤¤ Webové prohlížeče : 2 ¤¤¤
[FIREFX:Addon] qr33oryj.default : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> Smazáno
[FIREFX:Addon] qr33oryj.default : Avast Online Security [wrc@avast.com] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVX-22JC3T0 +++++
--- User ---
[MBR] 625bf4389e033e6e80b31d16991b3bd8
[BSP] 74c02db2c10e3fb517440b052cba0f2c : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_02112015_123517.log - RKreport_DEL_02112015_123637.log - RKreport_SCN_02032015_170529.log - RKreport_SCN_02042015_161312.log
RKreport_SCN_02112015_092140.log - RKreport_SCN_02112015_123215.log - RKreport_SCN_02122015_165042.log - RKreport_SCN_02132015_071131.log

Příspěvekod **jaro3** » 13 úno 2015 09:23

Prosím stáhni příslušnou verzi programu pro Tvůj systém 32-bit/64-bit FarbarRecovery Scan Tool (FrSt)
32bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
64bit.:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
a ulož jej na plochu. ,pak spusť FrSt.
Potvrď způsob užití.
Neměň žádné z výchozích nastavení a klikni na položku „Scan“ („Skenovat“) .Když je skenování dokončeno, ukážou se dva logy = FRST.txt a Addition.txt a uloží se na ploše.Prosím zkopíruj sem celý jejich obsah.

Jirka006 · Příspěvekod **Jirka006** » 13 úno 2015 10:52

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-02-2015
Ran by Jirka at 2015-02-13 10:49:21
Running from C:\Users\Jirka\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3G mobilní internet (HKLM-x32\...\3G mobilní internet) (Version: - CELOT-Wireless)
602XML Filler (HKLM-x32\...\{1AEA787C-781F-4A88-BB06-54C5A9460551}) (Version: 2.59 - Software602 a.s.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Angry Birds (HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\Pokki_39b5ea0a213ecb47efb4c1e80c9951a7da130292) (Version: 1.0.5.46153 - Pokki)
AutoUpdate (HKLM-x32\...\{18D10072035C4515918F7E37EAFAACFC}) (Version: 1.1 - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bloomberg API (HKLM-x32\...\Bloomberg API) (Version: - )
Bloomberg Keyboard v11.9 (HKLM-x32\...\Bloomberg Keyboard v11.9) (Version: v11.9 - Bloomberg L.P.)
Bloomberg Office Tools (32-bit) (HKLM-x32\...\Bloomberg Office Tools (32-bit)) (Version: - )
Bloomberg Professional Service (HKLM-x32\...\Bloomberg Professional Service) (Version: - )
Bloomberg SFD Data Dictionary (HKLM-x32\...\Bloomberg SFD Data Dictionary) (Version: - )
BOSSAFX (HKLM-x32\...\BOSSAFX) (Version: 4.00 - MetaQuotes Software Corp.)
Broadcom Card Reader Driver Installer (HKLM\...\{67AA948F-8D83-4566-B84A-7CAABCF64E3F}) (Version: 16.0.2.3 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{D1D7ED66-5C08-40A0-AEC0-B6DF977697BB}) (Version: 16.0.2.1 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CELOT-W USB Modem Driver (HKLM\...\{B277E30A-B7BC-4f34-9098-BF906D602F23}) (Version: 2.0.0 - CELOT-Wireless)
Citrix Online Launcher (HKLM-x32\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 31.1.2.0 - COMODO)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2826.57 - CyberLink Corp.)
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DivX Codec (HKLM-x32\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.6.1 - DivX, Inc.)
Dragons of Atlantis (HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\Pokki_cfada041afdc4a11092a096cac66ab6a0945d92b) (Version: v1.1.7 - Pokki)
ETDWare PS/2-X64 11.6.23.203_WHQL (HKLM\...\Elantech) (Version: 11.6.23.203 - ELAN Microelectronic Corp.)
ffdshow [rev 1530] [2007-10-14] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Game Channels (HKLM-x32\...\WildTangentGameProvider-packardbell-genres) (Version: 8.1.0.17 - WildTangent, Inc.)
Game Channels (x32 Version: 8.1.0.17 - WildTangent, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
GoToMeeting 6.4.11.2273 (HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\GoToMeeting) (Version: 6.4.11.2273 - CitrixOnline)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3005 - Packard Bell)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.3.1520 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3960 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Java 7 Update 71 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Lizardtech DjVu Control (HKLM-x32\...\{105CFC7C-6992-11D5-BD9D-000102C10FD8}) (Version: - )
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware verze 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MetaTrader 4 Admiral Markets AS (HKLM-x32\...\MetaTrader 4 Admiral Markets AS) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 cs)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
Nxt Wallet version 2.0.1 (including NRS 1.4.5) (HKLM-x32\...\{ED059A3D-83A4-4A3A-A20C-769C010061BC}_is1) (Version: 2.0.1 (including NRS 1.4.5) - Nxt.org)
Packard Bell Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3013 - Packard Bell)
Packard Bell Games (HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\Pokki_c3e2005ede46d0c9848c79a4f19e87561ed8d0aa) (Version: 1.1.7.42206 - Pokki)
Packard Bell Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3005 - Packard Bell)
Packard Bell Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Packard Bell)
Packard Bell Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Packard Bell)
PEKI dictionary 1.21 (HKLM-x32\...\PEKI dictionary) (Version: 1.21 - Pavel Ponec)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pokki Start Menu (HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\Pokki_Start_Menu) (Version: 0.269.5.460 - Pokki)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Pyro Jump (x32 Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.224 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.49 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
School Bus Fun (x32 Version: 3.0.2.59 - ) Hidden
School Bus Fun (x32 Version: 3.0.2.59 - WildTangent) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
TenLittleIndians (HKLM-x32\...\{12BA5DFC-4BE2-4F07-BE38-5BDC50789B35}) (Version: 1.3.0.0 - Vitware)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.8.0.122 - PandoraTV)
TVCenter (HKLM\...\{E0396809-3932-4285-B7D9-67876E7E432F}) (Version: 6.4.4.905 - PCTV Systems)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vícejazyčný překladový slovník 1.1 (HKLM-x32\...\Vícejazyčný překladový slovník_is1) (Version: - Expert SoftWorks)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
Zoomumba (HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\Pokki_fb143c84656e8d30faf9d30d8dc069921acf5bdc) (Version: 1.1.1.53290 - Pokki)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-166109200-1551394066-2034920830-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-166109200-1551394066-2034920830-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jirka\AppData\Local\Citrix\GoToMeeting\1865\G2MOutlookAddin64.dll No File

==================== Restore Points =========================

28-01-2015 07:27:46 Windows Update
03-02-2015 08:33:22 Windows Update
05-02-2015 17:32:34 Operace obnovení
11-02-2015 17:22:53 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2015-02-13 07:14 - 00000725 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {04CF217A-82AE-4A0E-9D88-44A5486C8D53} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2013-02-22] ()
Task: {10188773-E665-4EFC-A0D1-FE08BECE140C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)
Task: {1F8325E1-99FF-4823-8D15-8EF4A5F0D59F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {3877D8BD-DAC9-4F99-A79D-7C8493FCA737} - System32\Tasks\G2MUpdateTask-S-1-5-21-166109200-1551394066-2034920830-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe [2015-01-26] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {67C5D9DB-12FA-451E-9AB8-3305A8CD3884} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {796080AB-AE14-4B12-B841-FB836DAF3FE0} - System32\Tasks\Power Management => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {BC9D6465-C89F-45B3-9B85-EF85E6FEFDEC} - System32\Tasks\Launch Manager => C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMLauncher.exe [2013-06-18] (Acer Incorporate)
Task: {C3BA72DB-BC5C-4251-8E31-25695055C92B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-23] (Piriform Ltd)
Task: {C4960F5F-1A88-41DB-9B15-49877B4FB66A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)
Task: {D970E9B9-9C25-4CE0-8C94-0AE76D24FE8B} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Packard Bell\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {DD9555B7-0A1F-4AC9-8FB7-57EC477148AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)
Task: {DF88091B-C3CF-4A36-810F-AEBE7D652C6C} - System32\Tasks\{924EBA13-CA50-47DB-AE0A-5D2C23BB005D} => Firefox.exe http://www.skype.com/go/downloading?sou ... astError=2
Task: {FCFF3C16-D5F4-4417-B3ED-EB1B7FB8BB25} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-26] (AVAST Software)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-166109200-1551394066-2034920830-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\2273\g2mupdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-03-07 23:47 - 2014-03-07 23:47 - 02135232 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-11-26 05:47 - 2014-11-26 05:47 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-11-26 05:47 - 2014-11-26 05:47 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2013-04-15 19:23 - 2013-04-15 19:23 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-04-15 19:20 - 2013-04-15 19:20 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2013-04-15 19:25 - 2013-04-15 19:25 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
2015-02-13 06:16 - 2015-02-13 06:16 - 02912256 _____ () C:\Program Files\AVAST Software\Avast\defs\15021201\algo.dll
2014-11-26 05:47 - 2014-11-26 05:47 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-11-26 05:47 - 2014-11-26 05:47 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-18 20:59 - 2013-05-08 21:23 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Jirka\Downloads\message_2523.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-166109200-1551394066-2034920830-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\PackardBell01.jpg
DNS Servers: Media is not connected to internet.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-166109200-1551394066-2034920830-500 - Administrator - Disabled)
Guest (S-1-5-21-166109200-1551394066-2034920830-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-166109200-1551394066-2034920830-1003 - Limited - Enabled)
Jirka (S-1-5-21-166109200-1551394066-2034920830-1001 - Administrator - Enabled) => C:\Users\Jirka

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Virtual Bluetooth Support (Include Audio)
Description: Virtual Bluetooth Support (Include Audio)
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: AthBTPort
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Bluetooth LWFLT Device
Description: Bluetooth LWFLT Device
Class Guid: {c7c038ad-1f2d-44d4-b2fe-d912be20e6d5}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_LWFLT
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/13/2015 08:20:16 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (02/13/2015 07:45:15 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (02/13/2015 07:21:31 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff800434e12e0, 0xffffd00020f0ca68, 0xffffd00020f0c270)C:\WINDOWS\MEMORY.DMP021315-18156-01

Error: (02/13/2015 07:18:24 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/13/2015 07:18:24 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/13/2015 07:18:24 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/13/2015 07:18:24 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (02/13/2015 07:18:24 AM) (Source: DCOM) (EventID: 10010) (User: Notebook)
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/12/2015 04:18:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (02/12/2015 04:18:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) 2955U @ 1.40GHz
Percentage of memory in use: 16%
Total physical RAM: 8072.27 MB
Available physical RAM: 6719.98 MB
Total Pagefile: 16264.27 MB
Available Pagefile: 14650.3 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: (Packard Bell) (Fixed) (Total:679.75 GB) (Free:515.88 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 96E25189)

Partition: GPT Partition Type.

==================== End Of Log ============================

Jirka006 · Příspěvekod **Jirka006** » 13 úno 2015 10:53

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2015
Ran by Jirka (administrator) on NOTEBOOK on 13-02-2015 10:48:24
Running from C:\Users\Jirka\Desktop
Loaded Profiles: Jirka (Available profiles: Jirka)
Platform: Windows 8.1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMEvent.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Acer Incorporate) C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Bloomberg L.P.) C:\blp\API\Office Tools\bxlaui.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2890640 2013-04-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-03] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132736 2013-04-15] ( (Qualcomm Atheros Commnucations))
HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\Run: [CLRHost] => C:\blp\API\Office Tools\bbxlcmd.exe [2879488 2014-06-23] ()
HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30879328 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-23] (Piriform Ltd)
HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\MountPoints2: {13094949-8f6b-11e3-be75-a4db30769e8c} - "D:\Launcher.exe"
HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\MountPoints2: {1309495f-8f6b-11e3-be75-a4db30769e8c} - "D:\Launcher.exe"
HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\MountPoints2: {84fc28d9-949c-11e4-bf47-a4db30770e1c} - "D:\Launcher.exe"
HKU\S-1-5-21-166109200-1551394066-2034920830-1001\...\MountPoints2: {d00937ec-8f21-11e4-bf40-a4db30770e1c} - "D:\Launcher.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-166109200-1551394066-2034920830-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-166109200-1551394066-2034920830-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\qr33oryj.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchUrl: hxxp://www.google.com/search?btnG=Google+Search&q=
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-166109200-1551394066-2034920830-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jirka\AppData\Local\Citrix\Plugins\104\npappdetector.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdjvu.dll (LizardTech)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-01-26]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-31]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentace Google) - C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-12]
CHR Extension: (Dokumenty Google) - C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31]
CHR Extension: (Disk Google) - C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-31]
CHR Extension: (YouTube) - C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]
CHR Extension: (Vyhledávání Google) - C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]
CHR Extension: (Tabulky Google) - C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-12]
CHR Extension: (Avast Online Security) - C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-31]
CHR Extension: (Peněženka Google) - C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
CHR Extension: (Gmail) - C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-26]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [228480 2013-04-15] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-26] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-26] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Packard Bell\Packard Bell Device Fast-lane\DeviceFastLaneSvc.exe [470056 2013-05-01] (Acer Incorporated)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2135232 2014-03-07] ()
R3 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2014-12-19] (WildTangent)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-03] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-05-08] (Intel Corporation)
R2 LMSvc; C:\Program Files\Packard Bell\Packard Bell Launch Manager\LMSvc.exe [431656 2013-06-18] (Acer Incorporate)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-11-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-11-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-26] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-26] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-26] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-26] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-26] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-26] ()
R3 azvusb; C:\Windows\System32\drivers\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-04-15] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-30] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-30] (Symantec Corporation) [File not signed]
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-08] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-26] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-11-27] (Microsoft Corporation)
S3 XICTAMDM; C:\Windows\system32\DRIVERS\XICTAMDM.sys [238080 2012-05-30] (QUALCOMM Incorporated)
S3 XICTANmea; C:\Windows\system32\DRIVERS\XICTANmea.sys [238080 2012-05-30] (QUALCOMM Incorporated)
S3 XICTAVSP; C:\Windows\system32\DRIVERS\XICTAVSP.sys [238080 2012-05-30] (QUALCOMM Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-13 10:48 - 2015-02-13 10:48 - 00018656 _____ () C:\Users\Jirka\Desktop\FRST.txt
2015-02-13 10:48 - 2015-02-13 10:48 - 00000000 ____D () C:\FRST
2015-02-13 10:45 - 2015-02-13 10:45 - 02134016 _____ (Farbar) C:\Users\Jirka\Desktop\FRST64.exe
2015-02-13 07:20 - 2015-02-13 07:21 - 00285720 _____ () C:\WINDOWS\Minidump\021315-18156-01.dmp
2015-02-13 06:25 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 06:25 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-12 16:36 - 2015-02-12 16:36 - 00000332 _____ () C:\WINDOWS\PFRO.log
2015-02-12 16:24 - 2015-02-12 15:58 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-02-12 16:02 - 2015-02-12 16:37 - 00009466 _____ () C:\zoek-results.log
2015-02-12 15:58 - 2015-02-12 16:36 - 00000000 ____D () C:\zoek_backup
2015-02-12 15:56 - 2015-02-12 15:56 - 01295360 _____ () C:\Users\Jirka\Desktop\zoek.exe
2015-02-11 20:29 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 20:29 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 20:29 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 20:29 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 20:29 - 2015-01-12 03:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 20:29 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 20:29 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 20:29 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 20:29 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 20:29 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 20:29 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 20:29 - 2015-01-12 02:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 20:29 - 2015-01-12 02:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 20:29 - 2015-01-12 02:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 20:29 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 20:29 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 20:29 - 2015-01-12 02:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 20:29 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 20:29 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 20:29 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 20:29 - 2015-01-12 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 20:29 - 2015-01-12 02:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 20:29 - 2015-01-12 02:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 20:29 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 20:29 - 2015-01-12 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 20:29 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 20:29 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 20:29 - 2015-01-12 02:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 20:29 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 20:29 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 20:29 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 20:29 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 20:29 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 20:29 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 20:22 - 2015-01-10 10:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 20:22 - 2015-01-10 10:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 20:22 - 2015-01-10 09:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 20:22 - 2014-10-29 03:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 20:22 - 2014-10-29 03:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 20:22 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 20:22 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 20:22 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 20:22 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 20:22 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 20:22 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 14:55 - 2015-01-15 23:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 14:55 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 14:55 - 2015-01-14 05:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 14:55 - 2015-01-14 04:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 14:55 - 2014-10-29 03:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 14:55 - 2014-10-29 03:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 14:55 - 2014-10-29 03:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 14:55 - 2014-10-29 03:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 14:55 - 2014-10-29 02:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 14:44 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 14:15 - 2015-02-04 00:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 14:15 - 2015-02-04 00:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 14:15 - 2015-02-04 00:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 14:15 - 2015-02-03 00:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 14:15 - 2015-02-03 00:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 14:15 - 2015-02-03 00:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 13:21 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 13:21 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 13:20 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 13:20 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 13:20 - 2014-12-09 00:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 13:15 - 2015-01-13 23:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 13:15 - 2015-01-13 23:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 13:12 - 2015-01-10 08:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 13:12 - 2015-01-10 07:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 12:50 - 2015-01-10 09:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 12:44 - 2015-02-13 07:20 - 449175289 _____ () C:\WINDOWS\MEMORY.DMP
2015-02-11 12:44 - 2015-02-11 12:44 - 00285720 _____ () C:\WINDOWS\Minidump\021115-20531-01.dmp
2015-02-11 09:15 - 2015-02-11 09:16 - 00001549 _____ () C:\Users\Jirka\Desktop\RogueKillerX64 – zástupce.lnk
2015-02-11 08:34 - 2015-02-11 09:15 - 18570328 _____ () C:\Users\Jirka\Downloads\RogueKillerX64.exe
2015-02-11 07:56 - 2015-02-11 07:56 - 00000624 _____ () C:\Users\Jirka\Desktop\JRT.txt
2015-02-10 13:33 - 2014-01-24 08:29 - 00076288 _____ () C:\Users\Jirka\Desktop\+TEL.SEZN. 2436+.xls
2015-02-08 18:14 - 2015-02-13 09:19 - 01752821 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-08 18:12 - 2015-02-13 07:21 - 00001868 _____ () C:\WINDOWS\setupact.log
2015-02-08 18:12 - 2015-02-08 18:12 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-02-07 19:49 - 2015-02-07 19:14 - 265739623 ____N () C:\Users\Jirka\Desktop\VID_20150207_191401.3gp
2015-02-05 18:15 - 2015-02-05 18:16 - 00000000 ____D () C:\f8e9e021d090564632
2015-02-05 18:14 - 2015-02-05 18:14 - 01005568 _____ (Microsoft Corporation) C:\Users\Jirka\Downloads\dotNetFx45_Full_setup.exe
2015-02-05 18:12 - 2015-02-05 18:13 - 04159880 _____ (ReviverSoft LLC) C:\Users\Jirka\Downloads\RegistryReviverInstaller.exe
2015-02-03 16:58 - 2015-02-13 07:06 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-02-03 16:58 - 2015-02-03 16:58 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-03 16:21 - 2015-02-03 16:58 - 00001522 _____ () C:\Users\Jirka\Desktop\RogueKiller – zástupce.lnk
2015-02-03 16:17 - 2015-02-03 16:20 - 15431256 _____ () C:\Users\Jirka\Downloads\RogueKiller.exe
2015-02-03 08:35 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-02-03 08:35 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-02-02 21:36 - 2015-02-10 13:33 - 00000273 _____ () C:\Users\Jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Menu.lnk
2015-02-02 21:30 - 2015-02-02 21:32 - 00001444 _____ () C:\Users\Jirka\Desktop\JRT – zástupce.lnk
2015-02-02 21:28 - 2015-02-02 21:30 - 01388274 _____ (Thisisu) C:\Users\Jirka\Downloads\JRT.exe
2015-02-02 14:38 - 2015-02-02 14:39 - 00115431 _____ () C:\Users\Jirka\Downloads\Logo LHJ.zip
2015-02-02 10:19 - 2015-02-02 20:39 - 00041984 _____ () C:\Users\Jirka\Desktop\Karta JPO LHJ Pce.xls
2015-02-02 09:50 - 2015-02-02 09:50 - 01352107 _____ () C:\Users\Jirka\Downloads\Vildman 2015.zip
2015-02-02 09:49 - 2015-02-02 09:50 - 01381017 _____ () C:\Users\Jirka\Downloads\Šťastný 2015.zip
2015-02-02 09:47 - 2015-02-02 09:48 - 01352782 _____ () C:\Users\Jirka\Downloads\Machová 2015.zip
2015-01-29 21:16 - 2015-02-13 08:54 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-29 21:15 - 2015-02-03 06:47 - 00001126 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-29 21:15 - 2015-02-03 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-29 21:15 - 2015-02-03 06:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-29 21:15 - 2015-01-29 21:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-29 21:15 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-29 21:15 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-01-29 21:15 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-01-29 20:58 - 2015-02-05 18:25 - 00000000 ____D () C:\AdwCleaner
2015-01-29 20:54 - 2015-01-29 20:54 - 00000000 ____D () C:\Users\Jirka\AppData\Local\BMExplorer
2015-01-28 17:39 - 2015-01-28 17:39 - 02194432 _____ () C:\Users\Jirka\Desktop\adwcleaner_4.109.exe
2015-01-28 17:17 - 2015-01-28 17:21 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Jirka\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-28 17:15 - 2015-01-28 17:15 - 00448512 _____ (OldTimer Tools) C:\Users\Jirka\Desktop\TFC.exe
2015-01-28 17:09 - 2015-01-28 17:09 - 00050688 _____ (Atribune.org) C:\Users\Jirka\Desktop\ATF-Cleaner.exe
2015-01-27 16:33 - 2015-01-27 16:33 - 00010857 _____ () C:\Users\Jirka\Desktop\hijackthis.log
2015-01-27 16:31 - 2015-02-13 06:22 - 00003970 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DD726619-C8BD-419A-B5A2-628A8F14E5F9}
2015-01-27 16:31 - 2015-01-27 16:31 - 00000000 __SHD () C:\Users\Jirka\AppData\Local\EmieUserList
2015-01-27 16:31 - 2015-01-27 16:31 - 00000000 __SHD () C:\Users\Jirka\AppData\Local\EmieSiteList
2015-01-27 16:31 - 2015-01-27 16:31 - 00000000 __SHD () C:\Users\Jirka\AppData\Local\EmieBrowserModeList
2015-01-27 16:25 - 2015-01-27 16:25 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-01-27 16:25 - 2015-01-27 16:25 - 00000846 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-27 16:25 - 2015-01-27 16:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-27 16:25 - 2015-01-27 16:25 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-27 16:22 - 2015-01-27 16:24 - 04974864 _____ (Piriform Ltd) C:\Users\Jirka\Downloads\ccleaner_4.19.4867.exe
2015-01-27 16:07 - 2015-01-27 16:07 - 00388608 _____ (Trend Micro Inc.) C:\Users\Jirka\Desktop\HijackThis.exe
2015-01-26 21:15 - 2015-01-26 21:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-23 17:19 - 2015-01-23 17:19 - 00286316 _____ () C:\Users\Jirka\Desktop\grafforexx.htm
2015-01-19 18:24 - 2015-01-19 18:24 - 00024259 _____ () C:\Users\Jirka\Desktop\AOS2.htm
2015-01-19 18:23 - 2015-01-19 18:23 - 00010133 _____ () C:\Users\Jirka\Desktop\AOS1.htm
2015-01-19 18:21 - 2015-01-19 18:21 - 00032443 _____ () C:\Users\Jirka\Desktop\AOS.htm
2015-01-14 08:10 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-01-14 08:10 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-01-14 08:10 - 2014-12-12 01:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-01-14 08:10 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-01-14 08:10 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-01-14 08:10 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-01-14 08:10 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-01-14 08:10 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-01-14 08:10 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-01-14 08:10 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-01-14 08:10 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-01-14 08:10 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-01-14 08:10 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-01-14 08:10 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-01-14 08:10 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-01-14 08:10 - 2014-10-29 05:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-01-14 08:10 - 2014-10-29 05:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2015-01-14 08:10 - 2014-10-29 04:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-01-14 08:10 - 2014-10-29 04:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-01-14 08:10 - 2014-10-29 04:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-01-14 08:10 - 2014-10-29 04:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-01-14 08:10 - 2014-10-29 04:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-01-14 08:10 - 2014-10-29 04:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2015-01-14 08:10 - 2014-10-29 04:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-01-14 08:10 - 2014-10-29 04:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-01-14 08:10 - 2014-10-29 04:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-01-14 08:10 - 2014-10-29 03:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-01-14 08:10 - 2014-10-29 02:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll
2015-01-14 08:10 - 2014-10-29 02:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-01-14 08:10 - 2014-10-29 02:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-01-14 08:10 - 2014-10-29 02:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2021-10-21 14:36 - 2013-10-18 21:07 - 00000852 _____ () C:\WINDOWS\system32\Drivers\RTKHDRC.dat
2021-10-04 08:34 - 2013-10-18 21:07 - 00000712 _____ () C:\WINDOWS\system32\Drivers\RTMICEQ0.dat
2015-02-13 10:48 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\tracing
2015-02-13 10:12 - 2014-04-15 16:40 - 00000556 _____ () C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-166109200-1551394066-2034920830-1001.job
2015-02-13 10:05 - 2014-01-31 13:18 - 00000978 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-13 10:00 - 2013-12-30 18:50 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-13 10:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-02-13 07:26 - 2014-06-12 09:58 - 00000000 ____D () C:\Users\Jirka\AppData\Roaming\Skype
2015-02-13 07:22 - 2014-01-31 13:18 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 07:21 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-13 07:20 - 2015-01-03 14:10 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-13 07:18 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-02-13 06:26 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-02-12 20:52 - 2015-01-06 23:04 - 00000000 ____D () C:\Users\Jirka\AppData\Local\Nxt Wallet
2015-02-12 16:29 - 2014-02-03 20:33 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-166109200-1551394066-2034920830-1001
2015-02-12 14:20 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-11 22:23 - 2014-11-27 07:03 - 00000000 ____D () C:\Users\Jirka
2015-02-11 21:47 - 2013-08-22 15:44 - 00481568 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-02-11 17:23 - 2014-12-15 20:03 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-11 17:23 - 2014-09-24 20:02 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-11 12:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-02-10 13:32 - 2014-09-24 17:23 - 01745984 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-10 13:32 - 2014-09-24 16:39 - 00739924 _____ () C:\WINDOWS\system32\perfh005.dat
2015-02-10 13:32 - 2014-09-24 16:39 - 00151610 _____ () C:\WINDOWS\system32\perfc005.dat
2015-02-07 10:07 - 2014-01-31 13:19 - 00002215 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 09:00 - 2013-12-30 18:50 - 00003802 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-02-04 12:00 - 2014-01-31 13:18 - 00003950 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 12:00 - 2014-01-31 13:18 - 00003714 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-03 20:31 - 2014-12-15 20:05 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-02-03 20:31 - 2014-12-15 20:05 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-27 22:39 - 2014-11-26 05:47 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-27 16:29 - 2014-11-27 06:48 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-27 06:42 - 2014-01-31 13:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 20:35 - 2014-06-17 15:54 - 00002379 _____ () C:\Users\Jirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dragons of Atlantis.lnk
2015-01-26 20:33 - 2014-04-15 16:40 - 00003560 _____ () C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-166109200-1551394066-2034920830-1001
2015-01-24 16:06 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2015-01-22 21:37 - 2014-01-31 13:37 - 00000000 ____D () C:\Users\Jirka\AppData\Roaming\vlc
2015-01-22 20:57 - 2014-03-24 17:05 - 00000000 ____D () C:\Users\Jirka\Downloads\fotky
2015-01-15 06:06 - 2014-06-12 09:58 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-15 06:06 - 2014-06-12 09:58 - 00000000 ____D () C:\ProgramData\Skype
2015-01-14 08:27 - 2014-04-14 15:15 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-01-14 08:20 - 2014-04-14 15:15 - 113365784 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Jirka\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 07:32

==================== End Of Log ============================

Příspěvekod **Orcus** » 13 úno 2015 12:47

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

CustomCLSID: HKU\S-1-5-21-166109200-1551394066-2034920830-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jirka\AppData\Local\Citrix\GoToMeeting\1865\G2MOutlookAddin64.dll No File
Task: {04CF217A-82AE-4A0E-9D88-44A5486C8D53} - System32\Tasks\ALU => C:\Program Files (x86)\Packard Bell\Live Updater\updater.exe [2013-02-22] ()
Task: {1F8325E1-99FF-4823-8D15-8EF4A5F0D59F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {DD9555B7-0A1F-4AC9-8FB7-57EC477148AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-31] (Google Inc.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
HKU\S-1-5-21-166109200-1551394066-2034920830-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt

Spusť FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

====================================================

Co problémy? + nový log z HJT

Zpomalování notebooku Vyřešeno

Re: Zpomalování notebooku

Re: Zpomalování notebooku

Re: Zpomalování notebooku

Re: Zpomalování notebooku

Re: Zpomalování notebooku

Re: Zpomalování notebooku

Re: Zpomalování notebooku

Re: Zpomalování notebooku

Re: Zpomalování notebooku

Re: Zpomalování notebooku

Re: Zpomalování notebooku

Re: Zpomalování notebooku

Kdo je online