Zpomalený ntb

[Richard_]

Dobrý den, rád bych Vás poprosil o kontrolu následujícího FRST logu. Notebook nebyl udržovaný, je hrozně pomalý, otevření složky trvá i několik minut o odinstalaci programu nemluvě. Prozatím děkuji za jakoukoli pomoc.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2014 03
Ran by Andrea (administrator) on ANDREA-NB on 28-01-2014 14:55:14
Running from D:\Andrea\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(Nero AG) C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(ASUSTeK Computer INC.) C:\Program Files\ASUS\ATK Media\DMedia.exe
(ASUS) C:\Windows\System32\ASUSTPE.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\ASScrPro.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\RacAgent.exe
(Google Inc.) C:\Program Files\Google\Update\Install\{58710BB6-4EDF-4968-BC82-C0E273995237}\GoogleUpdateSetup.exe
(Google Inc.) C:\Program Files\GUM513.tmp\GoogleUpdate.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4186112 2006-12-02] (Realtek Semiconductor)
HKLM\...\Run: [SMSERIAL] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [1466368 2009-05-05] (Motorola Inc.)
HKLM\...\Run: [ATKMEDIA] - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [61440 2006-11-02] (ASUSTeK Computer INC.)
HKLM\...\Run: [ASUSTPE] - C:\Windows\system32\ASUSTPE.exe [106496 2006-12-12] (ASUS)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-11-23] (Synaptics, Inc.)
HKLM\...\Run: [ASUS Screen Saver Protector] - C:\Windows\ASScrPro.exe [33136 2007-07-28] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-08-12] (Microsoft Corporation)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKCU\...\Run: [Google Update] - C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2010-04-25] (Google Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-18] (Microsoft Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
MountPoints2: {a8584c0c-4827-11df-b441-001bfca9898c} - G:\Launcher.exe
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\system32\oobefldr.dll [ 2009-04-10] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
SearchScopes: HKCU - DefaultScope {CD56275C-D606-4761-8DE3-C180C8386BCE} URL = http://www.google.cz/search?q={searchTe ... SM_csCZ399
SearchScopes: HKCU - {4D69161E-4E75-42CB-A183-AF138DBF2370} URL = http://search.seznam.cz/searchScreen?w= ... rms}&mod=f
SearchScopes: HKCU - {5FA010FD-672D-4A36-AE86-07907F665781} URL = http://search.centrum.cz/index.php?char ... x&kibitz=0
SearchScopes: HKCU - {AF9249D7-32C3-4687-9CB1-2E8E4792A623} URL = http://search.yahoo.com/search?p={searc ... f-8&fr=ie8
SearchScopes: HKCU - {CD56275C-D606-4761-8DE3-C180C8386BCE} URL = http://www.google.cz/search?q={searchTe ... SM_csCZ399
SearchScopes: HKCU - {D18F7D8C-6794-4825-B225-8002F8742B28} URL = http://websearch.ask.com/redirect?clien ... 6EA29CBB82
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.4.2/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\j0nr8mwu.default
FF Homepage: hxxp://www.seznam.cz/
FF SelectedSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF DefaultSearchEngine: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Andrea\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\j0nr8mwu.default\searchplugins\askcom.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Andrea\AppData\Roaming\Mozilla\Firefox\Profiles\j0nr8mwu.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-04-24]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ []

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR RestoreOnStartup: "hxxp://www.seznam.cz/"
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\30.0.1599.101\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Default) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkacjpbfdknhflllbcmjibkdeoafencn [2011-04-20]
CHR Extension: (Peněženka Google) - C:\Users\Andrea\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR StartMenuInternet: Google Chrome - C:\Users\Andrea\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-06] ()
R2 InCDsrv; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [864816 2007-03-26] (Nero AG)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-08-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-08-12] (Microsoft Corporation)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [24576 2006-12-10] (Syntek America Inc.)

==================== Drivers (Whitelisted) ====================

S3 adusbser; C:\Windows\System32\DRIVERS\adusbser.sys [97920 2006-12-20] (QUALCOMM Incorporated)
R3 Atc002; C:\Windows\System32\DRIVERS\L260x86.sys [25600 2006-12-13] (Attansic Corporation)
R3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [28048 2010-02-05] (CSR, plc)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-10] (Společnost Microsoft)
R4 InCDfs; C:\Windows\System32\drivers\InCDFs.sys [108592 2007-03-26] (Nero AG)
R1 InCDPass; C:\Windows\System32\drivers\InCDPass.sys [37040 2007-03-26] (Nero AG)
U1 InCDrec; C:\Windows\system32\Drivers\InCDrec.sys [16304 2007-03-26] (Nero AG)
R1 incdrm; C:\Windows\System32\drivers\InCDRm.sys [39472 2007-03-26] (Nero AG)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R1 MpKslaa4a89fa; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFE29FAF-7214-418F-88B0-F1EB45DF4D8F}\MpKslaa4a89fa.sys [29904 2014-01-28] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1083880 2009-04-10] (Společnost Microsoft)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1324544 2007-01-19] (Syntek)
R3 WCPU; C:\Program Files\P4G\WCPU.sys [11120 2007-01-02] (Windows (R) Codename Longhorn DDK provider)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S2 eamonm; system32\DRIVERS\eamonm.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 lvupdtio; \??\C:\Program Files\ASUS\ASUS Live Update\SYS64\lvupdtio.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-28 14:52 - 2014-01-28 14:52 - 00000000 ____D C:\FRST
2014-01-28 14:45 - 2014-01-28 14:50 - 00000000 ____D C:\Program Files\GUM513.tmp
2014-01-28 14:45 - 2014-01-28 14:45 - 49940480 _____ C:\Program Files\GUT514.tmp
2014-01-28 14:41 - 2014-01-28 14:51 - 00029696 _____ C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2014-01-28 14:06 - 2014-01-28 14:09 - 00010898 _____ C:\Windows\DPINST.LOG
2014-01-28 14:04 - 2008-11-09 22:16 - 00045163 _____ C:\Windows\system32\javaw.exe
2014-01-28 14:04 - 2008-11-09 22:16 - 00045161 _____ C:\Windows\system32\java.exe

==================== One Month Modified Files and Folders =======

2014-01-28 15:01 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-28 14:58 - 2007-07-28 12:06 - 01817686 _____ C:\Windows\WindowsUpdate.log
2014-01-28 14:52 - 2014-01-28 14:52 - 00000000 ____D C:\FRST
2014-01-28 14:51 - 2014-01-28 14:41 - 00029696 _____ C:\Users\Andrea\AppData\Local\MSGBOX.EXE
2014-01-28 14:50 - 2014-01-28 14:45 - 00000000 ____D C:\Program Files\GUM513.tmp
2014-01-28 14:48 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 14:48 - 2006-11-02 13:47 - 00003168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-28 14:45 - 2014-01-28 14:45 - 49940480 _____ C:\Program Files\GUT514.tmp
2014-01-28 14:45 - 2010-09-27 18:08 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-28 14:34 - 2012-06-09 19:10 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-28 14:31 - 2013-08-19 13:42 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce9cd99008c7d1.job
2014-01-28 14:31 - 2010-04-11 15:23 - 00045056 _____ C:\Windows\system32\acovcnt.exe
2014-01-28 14:29 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-28 14:27 - 2007-04-21 11:36 - 00003204 _____ C:\Windows\bthservsdp.dat
2014-01-28 14:27 - 2006-11-02 14:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-28 14:25 - 2010-04-25 08:53 - 00000966 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249156938-2861578229-4021060293-1000UA.job
2014-01-28 14:09 - 2014-01-28 14:06 - 00010898 _____ C:\Windows\DPINST.LOG
2014-01-28 14:05 - 2010-11-06 14:05 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-28 14:04 - 2010-11-06 14:06 - 00000000 ____D C:\Program Files\Java
2014-01-17 17:38 - 2012-06-09 19:10 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-17 17:38 - 2011-07-27 09:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-15 13:18 - 2006-11-02 11:33 - 01418494 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-28 14:38

==================== End Of Log ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKCU\...\Run: [] - [x]
MountPoints2: {a8584c0c-4827-11df-b441-001bfca9898c} - G:\Launcher.exe
SearchScopes: HKCU - {D18F7D8C-6794-4825-B225-8002F8742B28} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=19AA79F7-4EF0-431D-B014-0F6828A3C54F&apn_sauid=9101DF1F-2ACD-43B9-B84F-226EA29CBB82
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SelectedSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF DefaultSearchEngine: Ask.com
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
C:\Program Files\GUM513.tmp
C:\Program Files\GUT514.tmp
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce9cd99008c7d1.job
C:\Windows\system32\acovcnt.exe
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249156938-2861578229-4021060293-1000UA.job
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce9cd99008c7d1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249156938-2861578229-4021060293-1000Core.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249156938-2861578229-4021060293-1000UA.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

[Richard_]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-01-2014 03
Ran by Andrea at 2014-01-28 19:46:19 Run:1
Running from D:\Andrea\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [] - [x]
MountPoints2: {a8584c0c-4827-11df-b441-001bfca9898c} - G:\Launcher.exe
SearchScopes: HKCU - {D18F7D8C-6794-4825-B225-8002F8742B28} URL = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYCZ&apn_uid=19AA79F7-4EF0-431D-B014-0F6828A3C54F&apn_sauid=9101DF1F-2ACD-43B9-B84F-226EA29CBB82
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF SelectedSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF DefaultSearchEngine: Ask.com
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
C:\Program Files\GUM513.tmp
C:\Program Files\GUT514.tmp
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce9cd99008c7d1.job
C:\Windows\system32\acovcnt.exe
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249156938-2861578229-4021060293-1000UA.job
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce9cd99008c7d1.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249156938-2861578229-4021060293-1000Core.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249156938-2861578229-4021060293-1000UA.job => C:\Users\Andrea\AppData\Local\Google\Update\GoogleUpdate.exe
End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8584c0c-4827-11df-b441-001bfca9898c} => Key deleted successfully.
HKCR\CLSID\{a8584c0c-4827-11df-b441-001bfca9898c} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D18F7D8C-6794-4825-B225-8002F8742B28} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{D18F7D8C-6794-4825-B225-8002F8742B28} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox SelectedSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox DefaultSearchEngine deleted successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Program Files\GUM513.tmp => Moved successfully.
C:\Program Files\GUT514.tmp => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce9cd99008c7d1.job" => File/Directory not found.
C:\Windows\system32\acovcnt.exe => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249156938-2861578229-4021060293-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce9cd99008c7d1.job not found.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249156938-2861578229-4021060293-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1249156938-2861578229-4021060293-1000UA.job not found.

==== End of Fixlog ====

[Rudy]

Smazáno.Nastala nějaká změna?

[Richard_]

Velmi mírně, s notebookem se pořád nedá pracovat. Možná je vhodné zmínit, že jej uživatelka asi půl roku aktivně nepoužívala a problém byl už předtím. Údajně největší zpomalení přinesla instalace CDMA karty AnyData. Přechod na jiné internetové připojení prý problém na chvíli vyřešil. Pokoušel jsem se driver odstranit (odinstalovat nebo změnit program), ale nepodařilo se. Nicméně předpokládám, že je problém někde jinde.

[Rudy]

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

[Richard_]

Včera jsem spustil ComboFix, po asi čtyřech hodinách se celý notebook zasekl, vyčkal jsem asi hodinu a poté jsem byl nucen jej vypnout. Dnes jsem Combofix pustil znovu a počítač se opět zasekl asi po devíti hodinách.

[Rudy]

Zkuste ho spustit v nouz. režimu.

[Richard_]

Spustil jsem to včera po desáté v nouzovém režimu a vyhledávání nakažených souborů pořád probíhá.

[Rudy]

Půjdeme na to jinak. CF sken zruště a udělejte sken MBAM: http://www.malwarebytes.org/mbam.php . Dejte log, předem nic nemažte.

[Richard_]

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.04.04.07

Windows Vista Service Pack 2 x86 NTFS (Nouzový režim)
Internet Explorer 9.0.8112.16421
Andrea :: ANDREA-NB [administrátor]

Ochrana: Zakázána

1.2.2014 14:47:02
mbam-log-2014-02-01 (14-47-02).txt

Typ: Kompletní kontrola (C:\|D:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 335498
Uplynulý čas: 1 hodin, 23 minut, 39 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[Rudy]

Toto je OK. Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC.

[Richard_]

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrea
->Temp folder emptied: 27759030 bytes
->Temporary Internet Files folder emptied: 1117148 bytes
->Java cache emptied: 9244042 bytes
->FireFox cache emptied: 2487816 bytes
->Google Chrome cache emptied: 9836092 bytes
->Opera cache emptied: 4807 bytes
->Flash cache emptied: 541 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2641122 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 455062 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 728 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 51,00 mb


[EMPTYFLASH]

User: All Users

User: Andrea
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 02022014_121709

Files moved on Reboot...
File move failed. C:\Windows\temp\MpCmdRun.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

[Richard_]

Ještě při každém vypínáni probíhá instalace 3 aktualizací a při každém zapínání konfigurace.

[Rudy]

O jaké aktualizace jde?