Ještě jedna prosba mamky šíleně pomalý mininotebook lenovo.

[tranceee]

Dobrý den,
poslední dobou si mamka stěžuje na šíleně pomalý počítač, jsem si jistý že bude plný havěti. Proto bych poprosil o kontrolu logu, protože se na něm pracuje opravdu špatně jak jsme zjistil Děkuji moc

[Rudy]

Zdravím!
Postupujte podle tohoto návodu: http://forum.viry.cz/viewtopic.php?f=24&t=132509 .

[tranceee]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Marie (administrator) on MARIE-PC on 04-10-2013 20:13:59
Running from C:\Users\Marie\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(DeviceVM, Inc.) C:\QSTART.SYS\config\DVMExportService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Microsoft Corporation) C:\windows\System32\IgrsSvcs.exe
(Microsoft Corporation) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Lenovo.) C:\windows\System32\TPHDEXLG.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo) C:\Program Files\Lenovo\VeriFace\PManage.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo(beijing) Limited) C:\Program Files\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) c:\program files\windows defender\MpCmdRun.exe
(forum.viry.cz) C:\Users\Marie\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1615144 2010-01-14] (Synaptics Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35184 2008-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [VeriFaceManager] - C:\Program Files\Lenovo\VeriFace\PManage.exe [3122528 2010-11-03] (Lenovo)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [186208 2009-09-02] (Lenovo.)
HKLM\...\Run: [EnergyUtility] - C:\Program Files\Lenovo\Energy Management\utility.exe [4114288 2009-10-23] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] - C:\Program Files\Lenovo\Energy Management\Energy Management.exe [5064560 2009-10-23] (Lenovo (Beijing) Limited)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-24] (Google Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-07-20] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18678376 2013-04-19] (Skype Technologies S.A.)
Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/#utm_source=icq&u ... um=centrum
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\5rgipktr.default
FF Homepage: hxxp://www.centrum.cz/#utm_source=icq&utm_medium=centrum
FF Plugin: @adobe.com/ShockwavePlayer - C:\windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Marie\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Marie\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: Seznam lištička - C:\Users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\5rgipktr.default\Extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Marie\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Marie\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Marie\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Marie\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll (Skype Technologies S.A.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (Adblock Plus) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0
CHR Extension: (AdBlock) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0
CHR Extension: (avast! WebRep) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR Extension: (Skype Click to Call) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Marie\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [595232 2009-10-02] (Broadcom Corporation.)
R2 DvmMDES; C:\QSTART.SYS\config\DVMExportService.exe [331776 2009-12-29] (DeviceVM, Inc.)
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
U4 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [x]

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [24408 2012-03-07] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [171648 2009-12-18] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-04 20:06 - 2013-10-04 20:06 - 00000000 ____D C:\FRST
2013-10-04 20:04 - 2013-10-04 20:04 - 00112128 _____ (forum.viry.cz) C:\Users\Marie\Desktop\FRSTLauncher.exe
2013-10-04 20:03 - 2013-10-04 20:04 - 01087213 _____ (Farbar) C:\Users\Marie\Desktop\FRST.exe
2013-09-26 20:45 - 2013-09-26 20:46 - 00864811 _____ C:\Users\Marie\Desktop\bank.wm
2013-09-11 13:35 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-11 13:35 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-11 13:35 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-11 13:35 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-11 13:35 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-11 13:35 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-11 13:35 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-11 13:35 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-11 13:35 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-09-11 13:35 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-09-11 13:35 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-09-11 13:35 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-09-11 13:35 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-09-11 13:35 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-09-11 13:35 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-09-11 13:34 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-11 07:44 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2013-09-11 07:44 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2013-09-11 07:44 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2013-09-11 07:44 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 07:44 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 07:44 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 07:44 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 07:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 07:44 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 07:44 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2013-09-11 07:44 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-09-11 07:44 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-09-11 07:43 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-09-11 07:43 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ataport.sys
2013-09-11 07:43 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 07:43 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll

==================== One Month Modified Files and Folders =======

2013-10-04 20:06 - 2013-10-04 20:06 - 00000000 ____D C:\FRST
2013-10-04 20:04 - 2013-10-04 20:04 - 00112128 _____ (forum.viry.cz) C:\Users\Marie\Desktop\FRSTLauncher.exe
2013-10-04 20:04 - 2013-10-04 20:03 - 01087213 _____ (Farbar) C:\Users\Marie\Desktop\FRST.exe
2013-10-04 19:55 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-04 19:55 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-04 19:54 - 2010-11-03 01:04 - 00000177 ____H C:\dvmexp.idx
2013-10-04 19:51 - 2012-08-03 14:56 - 00000962 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698391458-2474980085-194795029-1000UA.job
2013-10-04 19:50 - 2010-11-02 23:58 - 01491037 _____ C:\windows\WindowsUpdate.log
2013-10-04 19:48 - 2010-11-03 00:50 - 02532224 _____ C:\windows\system32\TPAPSLOG.LOG
2013-10-04 19:45 - 2010-12-24 22:01 - 00000000 ____D C:\Users\Marie\AppData\Roaming\Skype
2013-10-04 19:44 - 2012-11-18 13:53 - 00019716 _____ C:\windows\setupact.log
2013-10-04 19:44 - 2010-12-24 22:03 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-04 19:44 - 2010-11-03 00:48 - 14518208 _____ C:\FaceProv.log
2013-10-04 19:44 - 2010-11-03 00:42 - 00000000 ____D C:\ProgramData\VeriFace
2013-10-04 19:44 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-04 12:47 - 2010-12-24 22:03 - 00000938 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-01 10:16 - 2011-01-15 22:49 - 00000000 ____D C:\Users\Marie\Desktop\Filmy
2013-09-28 18:55 - 2010-11-03 00:08 - 01470298 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-28 17:23 - 2010-12-24 21:22 - 00000000 ____D C:\Users\Marie\AppData\Local\VirtualStore
2013-09-26 20:46 - 2013-09-26 20:45 - 00864811 _____ C:\Users\Marie\Desktop\bank.wm
2013-09-22 18:02 - 2012-08-03 15:00 - 00002326 _____ C:\Users\Marie\Desktop\Google chrome.lnk
2013-09-19 12:39 - 2012-08-03 14:56 - 00000910 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698391458-2474980085-194795029-1000Core.job
2013-09-17 19:50 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-09-14 14:29 - 2010-12-25 20:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-14 13:57 - 2010-12-24 22:02 - 00000000 ____D C:\Program Files\Google
2013-09-12 10:03 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-09-12 08:32 - 2009-07-14 06:33 - 00419392 _____ C:\windows\system32\FNTCACHE.DAT
2013-09-11 13:29 - 2013-08-14 19:51 - 00000000 ____D C:\windows\system32\MRT
2013-09-11 13:25 - 2010-12-25 18:31 - 76725432 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\Marie\AppData\Local\Temp\63yebzl0.dll
C:\Users\Marie\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 12:32




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:188.94 GB) (Free:127.19 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:28.22 GB) NTFS

Available physical RAM: 186.41 MB
Total physical RAM: 1013.42 MB
Percentage of memory in use: 81%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: ED054C7F)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=189 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698391458-2474980085-194795029-1000Core.job => C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698391458-2474980085-194795029-1000UA.job => C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Marie\Desktop" je 22008 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-24] (Google Inc.)
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
C:\Users\Marie\AppData\Local\Temp
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698391458-2474980085-194795029-1000Core.job => C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698391458-2474980085-194795029-1000UA.job => C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Sken hlásí, že velikost složky ploche je:

Velikost slozky "C:\Users\Marie\Desktop" je 22008 MB.

To je opravdu hodně. Chtělo by to přesunout soubory do nějaké složky a na plochu dát pouze odkazy.

[tranceee]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Marie at 2013-10-04 21:11:02 Run:1
Running from C:\Users\Marie\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-12-24] (Google Inc.)
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
C:\Users\Marie\AppData\Local\Temp
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698391458-2474980085-194795029-1000Core.job => C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698391458-2474980085-194795029-1000UA.job => C:\Users\Marie\AppData\Local\Google\Update\GoogleUpdate.exe
End
*****************

[3632] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe => Process closed successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key deleted successfully.

"C:\Users\Marie\AppData\Local\Temp" directory move:

C:\Users\Marie\AppData\Local\Temp\026d551b-ce89-43e0-885b-79cb9f6d882f.dmp => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\63yebzl0.dll => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\63yebzl0.err => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\63yebzl0.out => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\63yebzl0.pdb => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\chrome_installer.log => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\DMI1228.tmp => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\etilqs_1QckwL1Rj0ZqjE8 => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\etilqs_2mr6DGfehYPEGqQ => Moved successfully.
Could not move "C:\Users\Marie\AppData\Local\Temp\etilqs_bGlCbYGau1cjUcy" => Scheduled to move on reboot.
C:\Users\Marie\AppData\Local\Temp\etilqs_dPez7VLUNvfQM8D => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\etilqs_EwJmNij3vwa3og9 => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\etilqs_g158rJHM7yIGT9Y => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\etilqs_J15vgpwgOpyGdIg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\etilqs_kwMwNq0Bub6RNr5 => Moved successfully.
Could not move "C:\Users\Marie\AppData\Local\Temp\etilqs_Q6XDKxsDQgUSc2t" => Scheduled to move on reboot.
C:\Users\Marie\AppData\Local\Temp\etilqs_qm9jLrAhrxoRMFZ => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\etilqs_STrW3TuBkhvrtzk => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\etilqs_vK62q1zSVTllqQ7 => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\etilqs_VqYAP8AzCSr2OmE => Moved successfully.
Could not move "C:\Users\Marie\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Marie\AppData\Local\Temp\GLBAE09.tmp => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\GoogleUpdateSetup.exe1a8495f3 => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\GoogleUpdateSetup.exe22e945 => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\GoogleUpdateSetup.exe25584d => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\GoogleUpdateSetup.exe37f42e => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Kno752F.tmp => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Marie.bmp => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\MCBannerContainerCtor_12_26_41.txt => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\PCW73D7.tmp => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\PCW73D7.xml => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\qaq5391.tmp => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\users00 => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\~2481.tmp => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\~5743.bat => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\~5743.tmp => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\desktop.ini => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\TWKFOBXP\desktop.ini => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\O8WAF8DV\desktop.ini => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\FO39R52H\desktop.ini => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temporary Internet Files\Content.IE5\2D19NSEZ\desktop.ini => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8.zip\Vizualizace 8\1.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8.zip\Vizualizace 8\2.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8.zip\Vizualizace 8\3.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8.zip\Vizualizace 8\4.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8.zip\Vizualizace 8\5.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8.zip\Vizualizace 8\6.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8.zip\Vizualizace 8\7.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8 (1).zip\Vizualizace 8\1.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8 (1).zip\Vizualizace 8\2.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8 (1).zip\Vizualizace 8\3.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8 (1).zip\Vizualizace 8\4.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8 (1).zip\Vizualizace 8\5.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8 (1).zip\Vizualizace 8\6.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 8 (1).zip\Vizualizace 8\7.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 7.zip\Vizualizace 7\1.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 7.zip\Vizualizace 7\10.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 7.zip\Vizualizace 7\2.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 7.zip\Vizualizace 7\3.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 7.zip\Vizualizace 7\4.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 7.zip\Vizualizace 7\5.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 7.zip\Vizualizace 7\6.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 7.zip\Vizualizace 7\7.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 7.zip\Vizualizace 7\8.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp2_Vizualizace 7.zip\Vizualizace 7\9.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp1_Vizualizace 8 (1).zip\Vizualizace 8\2.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp1_Vizualizace 8 (1).zip\Vizualizace 8\3.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp1_Vizualizace 8 (1).zip\Vizualizace 8\4.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp1_Vizualizace 8 (1).zip\Vizualizace 8\5.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp1_Vizualizace 8 (1).zip\Vizualizace 8\6.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp1_Vizualizace 8 (1).zip\Vizualizace 8\7.jpg => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Temp1_Vizualizace 8 (1).zip\Vizualizace 8\PŮDORYSY MECLOV RD.pdf => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Skype\crash.dmp => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Skype\gilasterr.log => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\History\History.IE5\desktop.ini => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\History\History.IE5\index.dat => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\CR_DCA01.tmp\SETUP_PATCH.PACKED.7Z => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\CRX_75DAF8CB7768\crl-set => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.fingerprint => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.json => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Cookies\index.dat => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Cookies\MPZWLR3C.txt => Moved successfully.
C:\Users\Marie\AppData\Local\Temp\Cookies\PV79KNV8.txt => Moved successfully.
Could not move "C:\Users\Marie\AppData\Local\Temp" directory. => Scheduled to move on reboot.

C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698391458-2474980085-194795029-1000Core.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1698391458-2474980085-194795029-1000UA.job => Moved successfully.

=========== Result of Scheduled Files to move ===========

C:\Users\Marie\AppData\Local\Temp\etilqs_bGlCbYGau1cjUcy => Is moved successfully.
C:\Users\Marie\AppData\Local\Temp\etilqs_Q6XDKxsDQgUSc2t => Is moved successfully.
"C:\Users\Marie\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => File could not move.
"C:\Users\Marie\AppData\Local\Temp" => Directory could not move.

==== End of Fixlog ====

[Rudy]

Smazáno. Nastala nějaká změna?

[tranceee]

Vím o tom, ale mamka není zrovna počítačový typ. Dnes musím ve 21:45 odejít do práce, tak pokud se bude řešit něco náročnějšího prosím o zítřejší dodělání, moc děkuji )

[tranceee]

no změna nějak extra asi ne :-/ já s tímto PC nepracuji tak nevím, poslední dvě hodinky jsem jen řešil tohle a přijde mi šílený moje řešení by bylo přemazání disku nahrání oken znovu, asi tak nějak. Ale do toho se mi moc nechce tak se snažím pomoci jinak

[Rudy]

Ještě zkusíme: Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC.

[tranceee]

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marie
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 47535140 bytes
->FireFox cache emptied: 28503177 bytes
->Google Chrome cache emptied: 385117364 bytes
->Flash cache emptied: 3904 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 225644075 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 21063972 bytes
RecycleBin emptied: 121898050 bytes

Total Files Cleaned = 791.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Marie
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 10042013_213005

Files moved on Reboot...
C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[tranceee]

přijde mi pořád stejný

[tranceee]

Dořešíme to zítra, kdyby jste ještě na nějakou možnost přišel Zatím moc děkuji ale asi to bude chtít hrubší zásah když na to tak koukám :-/

[Rudy]

Můžete defragmentovat disk. Dále uděláme hloubkovou kontrolu na viry. Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[tranceee]

Dobrý den, ráno na to vlítnu Teď již to mini po ruce nemám zatím děkuji za snahu, snad s tím něco vyvedeme

[Rudy]

Uvidíme po skenu CF, co se dá dělat.