Prosím Vyoska o kontrolu

Zpráva

Stene · #1 Příspěvek od **Stene** » 18 úno 2014 14:29

Po spuštění notebooku vytěžuje procesor na 100% aplikace () C:\Windows\inf\mskuwexdf\mskuwexdf.exe

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014
Ran by User (administrator) on USER-PC on 17-02-2014 09:25:19
Running from C:\Users\User\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
() C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Users\User\AppData\Roaming\Seznam.cz\bin\szndesktop.exe
() C:\Users\User\AppData\Roaming\Seznam.cz\bin\listicka-x64.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
() C:\Windows\inf\mskuwexdf\mskuwexdf.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2013-07-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2278504 2013-07-12] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [981664 2011-09-30] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [799904 2011-09-30] (Atheros Commnucations)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-11-01] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\ASUS Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] - C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [UnlockerAssistant] - "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [msohtigSrv] - C:\Windows\inf\msohtig.vbe [1558 2013-08-27] ()
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\Run: [cz.seznam.software.autoupdate] - C:\Users\User\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\Run: [cz.seznam.software.szndesktop] - C:\Users\User\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\MountPoints2: {c21ee92a-1c6f-11e3-bf0f-742f6844da6a} - I:\iStudio.exe
AppInit_DLLs: C:\PROGRA~3\WebTect\WEBTEC~1.DLL => C:\ProgramData\WebTect\WebTect_x64.dll [4269568 2013-12-28] ()
AppInit_DLLs-x32: c:\progra~3\webtect\webtect.dll => C:\ProgramData\WebTect\WebTect.dll [4129792 2013-12-28] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=13415
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.oversearch.info/?pid=1 ... Z&unqvl=36
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
SearchScopes: HKCU - {0236CFE2-455E-471E-A99A-F70396DA9077} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {0C515115-0912-4C5E-B016-87A73E332E02} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKCU - {225147DD-2D2C-4E17-90B7-305DB6ABF865} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {93E661AA-A029-43E9-A28C-8C5F4E14760E} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {9733FA15-A513-4DB4-A5DF-782FC60773E1} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
SearchScopes: HKCU - {AE6B8652-7F20-40FF-932C-5E130EA9AB01} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
SearchScopes: HKCU - {C7AEFDC3-80B9-4965-91C2-C8E85B9E8326} URL = http://search.seznam.cz/?q={searchTerms ... arch_13415
SearchScopes: HKCU - {D9D576B7-D1AF-4FC1-97F3-B531FD75641A} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {ED688697-A27F-4F89-9710-475157A72F65} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
BHO: SAaVeLots - {089DC5F6-DE05-121C-7374-EBB5F49F9886} - C:\ProgramData\SAaVeLots\mIhTW.x64.dll ()
BHO: TubeIutAdBloucKFri - {50F5AB13-E97A-993C-2D78-7DD69F3AD888} - C:\ProgramData\TubeIutAdBloucKFri\Qp.x64.dll ()
BHO: GreatSiave4U - {E45A9AC7-E3A1-D540-6C20-D9C479210F65} - C:\ProgramData\GreatSiave4U\u.x64.dll ()
Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR RestoreOnStartup: ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Extension: (TubeIutAdBloucKFri) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghpcigbfmkomjaikaffjmgkegdjjlpkk [2014-02-01]
CHR Extension: (PenÃÂÃÂ¾enka Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (SAaVeLots) - C:\ProgramData\djpmkpehchcnkaalglcgmbdlgkefpkbg [2014-01-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 25e4f9bf; C:\ProgramData\WebTect\WebTectSvc.dll [180048 2013-12-28] ()
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-11-01] (Advanced Micro Devices, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-09-30] (Atheros)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-08-28] (DT Soft Ltd)
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [44480 2011-05-17] (http://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-17 09:25 - 2014-02-17 09:26 - 00013024 _____ () C:\Users\User\Desktop\FRST.txt
2014-02-17 09:24 - 2014-02-17 09:25 - 00000000 ____D () C:\FRST
2014-02-17 09:15 - 2014-02-17 09:15 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2014-02-17 09:14 - 2014-02-17 09:15 - 02152448 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-02-14 13:02 - 2014-02-16 17:27 - 00084478 _____ () C:\Users\User\Desktop\Island 2013.wlmp
2014-02-13 11:04 - 2013-12-21 10:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 11:04 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-13 11:03 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 11:02 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 11:02 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-13 11:02 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 11:02 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-13 11:02 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-13 11:02 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 11:02 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-13 11:02 - 2014-02-06 11:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-13 11:02 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 11:02 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-13 11:02 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-13 11:02 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-13 11:02 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-13 11:02 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-13 11:02 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-13 11:02 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 11:02 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-13 11:02 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-13 11:02 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-13 11:02 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 11:02 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-13 11:02 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-13 11:02 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 11:02 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-13 11:02 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-13 11:02 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-13 11:02 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-13 11:02 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-13 11:02 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 11:02 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 11:02 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-13 11:02 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-13 11:02 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-13 11:02 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 11:02 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-13 11:02 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-13 11:02 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-13 11:02 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-12 12:44 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 12:44 - 2014-01-01 00:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 12:44 - 2013-12-06 03:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 12:44 - 2013-12-06 03:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 12:44 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 12:44 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 12:44 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 12:44 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 12:44 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 12:44 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 12:44 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 12:44 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 12:44 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 12:43 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 12:43 - 2013-12-24 23:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 12:43 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 12:43 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 12:43 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 12:43 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 12:43 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 12:43 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 12:43 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 12:43 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 12:43 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 12:43 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 12:43 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 12:43 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 12:43 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 10:55 - 2014-02-10 10:55 - 00007605 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-02-10 09:47 - 2014-02-10 09:47 - 00000000 _____ () C:\Users\User\regbcm
2014-02-07 13:29 - 2014-02-07 13:36 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty
2014-02-07 13:29 - 2014-02-07 13:29 - 00000629 _____ () C:\Users\User\Desktop\Call of Duty Single Player.lnk
2014-02-07 12:38 - 2014-02-07 12:38 - 00000287 _____ () C:\Windows\game.ini
2014-02-07 11:18 - 2014-02-07 13:33 - 00000746 _____ () C:\Windows\CoD.INI
2014-02-01 15:31 - 2014-02-01 15:31 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2014-02-01 15:31 - 2014-02-01 15:31 - 00000000 ____D () C:\ProgramData\TubeIutAdBloucKFri
2014-02-01 15:31 - 2014-02-01 15:31 - 00000000 ____D () C:\ProgramData\ghpcigbfmkomjaikaffjmgkegdjjlpkk
2014-01-20 18:35 - 2014-01-20 18:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

==================== One Month Modified Files and Folders =======

2014-02-17 09:26 - 2014-02-17 09:25 - 00013024 _____ () C:\Users\User\Desktop\FRST.txt
2014-02-17 09:25 - 2014-02-17 09:24 - 00000000 ____D () C:\FRST
2014-02-17 09:24 - 2013-08-28 18:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\Seznam.cz
2014-02-17 09:23 - 2013-07-11 13:51 - 01252543 _____ () C:\Windows\WindowsUpdate.log
2014-02-17 09:19 - 2013-09-25 16:54 - 00000414 ____H () C:\Windows\Tasks\schedule!3036567561.job
2014-02-17 09:19 - 2013-07-12 13:27 - 00000944 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 09:19 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 09:18 - 2009-07-14 05:51 - 00040909 _____ () C:\Windows\setupact.log
2014-02-17 09:15 - 2014-02-17 09:15 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2014-02-17 09:15 - 2014-02-17 09:14 - 02152448 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-02-17 09:15 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-17 09:15 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-16 21:35 - 2013-07-12 13:27 - 00000948 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-16 20:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-16 19:08 - 2013-08-12 16:21 - 00000000 ____D () C:\Users\User\Documents\FIFA 13
2014-02-16 18:11 - 2009-07-14 16:18 - 00631292 _____ () C:\Windows\system32\perfh005.dat
2014-02-16 18:11 - 2009-07-14 16:18 - 00121914 _____ () C:\Windows\system32\perfc005.dat
2014-02-16 18:11 - 2009-07-14 06:13 - 01470062 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-16 17:50 - 2013-07-12 09:00 - 00046278 _____ () C:\Windows\PFRO.log
2014-02-16 17:30 - 2013-08-14 21:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 17:28 - 2013-07-12 11:01 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 17:27 - 2014-02-14 13:02 - 00084478 _____ () C:\Users\User\Desktop\Island 2013.wlmp
2014-02-13 14:18 - 2013-07-14 18:04 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-02-13 10:58 - 2013-07-12 09:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Atheros
2014-02-12 13:52 - 2013-07-12 09:41 - 00000000 ____D () C:\Users\User\Documents\Bluetooth Folder
2014-02-12 13:46 - 2013-12-29 19:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\Audacity
2014-02-11 18:47 - 2013-08-15 18:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-02-11 13:18 - 2013-07-12 15:53 - 00000000 ____D () C:\Users\User\Desktop\Jeníček
2014-02-11 11:59 - 2014-01-05 10:51 - 00000000 ____D () C:\Users\User\Desktop\Životopisy
2014-02-10 10:55 - 2014-02-10 10:55 - 00007605 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2014-02-10 09:47 - 2014-02-10 09:47 - 00000000 _____ () C:\Users\User\regbcm
2014-02-09 15:35 - 2013-07-12 20:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\XnView
2014-02-07 13:49 - 2013-08-15 18:55 - 00000000 ____D () C:\Users\User\Desktop\Programy
2014-02-07 13:36 - 2014-02-07 13:29 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty
2014-02-07 13:33 - 2014-02-07 11:18 - 00000746 _____ () C:\Windows\CoD.INI
2014-02-07 13:29 - 2014-02-07 13:29 - 00000629 _____ () C:\Users\User\Desktop\Call of Duty Single Player.lnk
2014-02-07 13:29 - 2013-08-15 18:48 - 00209744 _____ () C:\Windows\DirectX.log
2014-02-07 12:38 - 2014-02-07 12:38 - 00000287 _____ () C:\Windows\game.ini
2014-02-07 12:38 - 2013-07-12 09:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-07 12:17 - 2013-07-11 14:00 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-02-06 13:16 - 2014-02-13 11:02 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-13 11:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-13 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-13 11:02 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-13 11:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-13 11:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-13 11:02 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-13 11:02 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 11:52 - 2014-02-13 11:02 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 11:49 - 2014-02-13 11:02 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-13 11:02 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-13 11:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-13 11:02 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-13 11:02 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-13 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-13 11:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 11:11 - 2014-02-13 11:02 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-13 11:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-13 11:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-13 11:02 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-13 11:02 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-13 11:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-13 11:02 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-13 11:02 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 10:49 - 2014-02-13 11:02 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 10:47 - 2014-02-13 11:02 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-13 11:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-13 11:02 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-13 11:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-13 11:02 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 10:22 - 2014-02-13 11:02 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-13 11:02 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-13 11:02 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-13 11:02 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-13 11:02 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-13 11:02 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-13 11:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-13 11:02 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-13 11:02 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-01 15:31 - 2014-02-01 15:31 - 00000270 __RSH () C:\ProgramData\ntuser.pol
2014-02-01 15:31 - 2014-02-01 15:31 - 00000000 ____D () C:\ProgramData\TubeIutAdBloucKFri
2014-02-01 15:31 - 2014-02-01 15:31 - 00000000 ____D () C:\ProgramData\ghpcigbfmkomjaikaffjmgkegdjjlpkk
2014-02-01 15:31 - 2014-01-01 09:36 - 00000000 ____D () C:\ProgramData\7518a9b485dd076
2014-02-01 15:31 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-01 15:31 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-20 18:35 - 2014-01-20 18:35 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-01-19 08:33 - 2013-07-12 13:41 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\bitool.dll
C:\Users\User\AppData\Local\Temp\install_reader11_cz_mssd_aaa_aih.exe
C:\Users\User\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\User\AppData\Local\Temp\miCoach_micoachmanagersetup.exe
C:\Users\User\AppData\Local\Temp\OptimizerPro.exe
C:\Users\User\AppData\Local\Temp\Optimizer_Pro.exe
C:\Users\User\AppData\Local\Temp\QuickStores_Unlocker.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

==================== MBR and Partition Table ==================

==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION

==================== Alternate Data Streams (whitelisted) ==================

==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)

***** Velikost "Plochy" *****

Velikost slozky "C:\Users\User\Desktop" je 53654 MB.

***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv
C:\Windows\inf\ntvdm.vbe

***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

==================== End Of Log ==============================

#2 Příspěvek od **vyosek** » 18 úno 2014 14:36

Zdravim

Nekomu tam tezite bitcointy

Maly moment prosim, udelam si kafe a mrknu na to

#3 Příspěvek od **vyosek** » 18 úno 2014 14:48

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] - C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [UnlockerAssistant] - "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [msohtigSrv] - C:\Windows\inf\msohtig.vbe [1558 2013-08-27] ()
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\Run: [cz.seznam.software.autoupdate] - C:\Users\User\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\Run: [cz.seznam.software.szndesktop] - C:\Users\User\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\MountPoints2: {c21ee92a-1c6f-11e3-bf0f-742f6844da6a} - I:\iStudio.exe
AppInit_DLLs: C:\PROGRA~3\WebTect\WEBTEC~1.DLL => C:\ProgramData\WebTect\WebTect_x64.dll [4269568 2013-12-28] ()
AppInit_DLLs-x32: c:\progra~3\webtect\webtect.dll => C:\ProgramData\WebTect\WebTect.dll [4129792 2013-12-28] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.oversearch.info/?pid=1 ... Z&unqvl=36
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q={searchTerms}&pid=1067&r=2013/09/25&hid=2743631420552793332&lg=EN&cc=CZ&unqvl=36
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q={searchTerms}&pid=1067&r=2013/09/25&hid=2743631420552793332&lg=EN&cc=CZ&unqvl=36
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q={searchTerms}&pid=1067&r=2013/09/25&hid=2743631420552793332&lg=EN&cc=CZ&unqvl=36
BHO: SAaVeLots - {089DC5F6-DE05-121C-7374-EBB5F49F9886} - C:\ProgramData\SAaVeLots\mIhTW.x64.dll ()
BHO: TubeIutAdBloucKFri - {50F5AB13-E97A-993C-2D78-7DD69F3AD888} - C:\ProgramData\TubeIutAdBloucKFri\Qp.x64.dll ()
BHO: GreatSiave4U - {E45A9AC7-E3A1-D540-6C20-D9C479210F65} - C:\ProgramData\GreatSiave4U\u.x64.dll ()

CHR Extension: (TubeIutAdBloucKFri) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghpcigbfmkomjaikaffjmgkegdjjlpkk [2014-02-01]
CHR Extension: (PenÃÂÃÂ¾enka Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (SAaVeLots) - C:\ProgramData\djpmkpehchcnkaalglcgmbdlgkefpkbg [2014-01-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 25e4f9bf; C:\ProgramData\WebTect\WebTectSvc.dll [180048 2013-12-28] ()

2014-02-17 09:15 - 2014-02-17 09:15 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2014-02-01 15:31 - 2014-02-01 15:31 - 00000000 ____D () C:\ProgramData\TubeIutAdBloucKFri
2014-02-01 15:31 - 2014-02-01 15:31 - 00000000 ____D () C:\ProgramData\ghpcigbfmkomjaikaffjmgkegdjjlpkk
C:\ProgramData\SAaVeLots
C:\ProgramData\TubeIutAdBloucKFri
C:\ProgramData\GreatSiave4U
C:\ProgramData\WebTect
C:\Windows\inf\msohtig.vbe
C:\ProgramData\BetterSoft
C:\Windows\inf\mskuwexdf
C:\Windows\inf\ntvdm.vbe
C:\Users\User\AppData\Local\Temp\bitool.dll
C:\Users\User\AppData\Local\Temp\install_reader11_cz_mssd_aaa_aih.exe
C:\Users\User\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\User\AppData\Local\Temp\miCoach_micoachmanagersetup.exe
C:\Users\User\AppData\Local\Temp\OptimizerPro.exe
C:\Users\User\AppData\Local\Temp\Optimizer_Pro.exe
C:\Users\User\AppData\Local\Temp\QuickStores_Unlocker.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f

Hosts:
CMD: shutdown /r /f /t 2

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Stene · #4 Příspěvek od **Stene** » 18 úno 2014 14:59

Tak to byla blesková káva

Jak se ty bestie dostávají do počítače :-/
tady je výsledný log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-02-2014
Ran by User at 2014-02-18 14:54:40 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-12-09] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] - C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM-x32\...\Run: [UnlockerAssistant] - "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe"
HKLM-x32\...\Run: [msohtigSrv] - C:\Windows\inf\msohtig.vbe [1558 2013-08-27] ()
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\Run: [cz.seznam.software.autoupdate] - C:\Users\User\AppData\Roaming\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\Run: [cz.seznam.software.szndesktop] - C:\Users\User\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\...\MountPoints2: {c21ee92a-1c6f-11e3-bf0f-742f6844da6a} - I:\iStudio.exe
AppInit_DLLs: C:\PROGRA~3\WebTect\WEBTEC~1.DLL => C:\ProgramData\WebTect\WebTect_x64.dll [4269568 2013-12-28] ()
AppInit_DLLs-x32: c:\progra~3\webtect\webtect.dll => C:\ProgramData\WebTect\WebTect.dll [4129792 2013-12-28] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.oversearch.info/?pid=1 ... Z&unqvl=36
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.oversearch.info/?l=1&q ... Z&unqvl=36
BHO: SAaVeLots - {089DC5F6-DE05-121C-7374-EBB5F49F9886} - C:\ProgramData\SAaVeLots\mIhTW.x64.dll ()
BHO: TubeIutAdBloucKFri - {50F5AB13-E97A-993C-2D78-7DD69F3AD888} - C:\ProgramData\TubeIutAdBloucKFri\Qp.x64.dll ()
BHO: GreatSiave4U - {E45A9AC7-E3A1-D540-6C20-D9C479210F65} - C:\ProgramData\GreatSiave4U\u.x64.dll ()

CHR Extension: (TubeIutAdBloucKFri) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghpcigbfmkomjaikaffjmgkegdjjlpkk [2014-02-01]
CHR Extension: (PenA?Â?A?Â3enka Google) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (SAaVeLots) - C:\ProgramData\djpmkpehchcnkaalglcgmbdlgkefpkbg [2014-01-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

R2 25e4f9bf; C:\ProgramData\WebTect\WebTectSvc.dll [180048 2013-12-28] ()

2014-02-17 09:15 - 2014-02-17 09:15 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2014-02-01 15:31 - 2014-02-01 15:31 - 00000000 ____D () C:\ProgramData\TubeIutAdBloucKFri
2014-02-01 15:31 - 2014-02-01 15:31 - 00000000 ____D () C:\ProgramData\ghpcigbfmkomjaikaffjmgkegdjjlpkk
C:\ProgramData\SAaVeLots
C:\ProgramData\TubeIutAdBloucKFri
C:\ProgramData\GreatSiave4U
C:\ProgramData\WebTect
C:\Windows\inf\msohtig.vbe
C:\ProgramData\BetterSoft
C:\Windows\inf\mskuwexdf
C:\Windows\inf\ntvdm.vbe
C:\Users\User\AppData\Local\Temp\bitool.dll
C:\Users\User\AppData\Local\Temp\install_reader11_cz_mssd_aaa_aih.exe
C:\Users\User\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe
C:\Users\User\AppData\Local\Temp\miCoach_micoachmanagersetup.exe
C:\Users\User\AppData\Local\Temp\OptimizerPro.exe
C:\Users\User\AppData\Local\Temp\Optimizer_Pro.exe
C:\Users\User\AppData\Local\Temp\QuickStores_Unlocker.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\schedule!3036567561.job => C:\ProgramData\BetterSoft\OptimizerPro\OptimizerPro.exe <==== ATTENTION

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\WinampAgent => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UnlockerAssistant => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\msohtigSrv => Value deleted successfully.
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\S-1-5-21-2997931258-60898498-2630263037-1000\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKU\1\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c21ee92a-1c6f-11e3-bf0f-742f6844da6a} => Key not found.
HKCR\CLSID\{c21ee92a-1c6f-11e3-bf0f-742f6844da6a} => Key not found.
"C:\\PROGRA~3\\WebTect\\WEBTEC~1.DLL" => Value Data removed successfully.
"c:\\progra~3\\webtect\\webtect.dll" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key deleted successfully.
HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089DC5F6-DE05-121C-7374-EBB5F49F9886} => Key deleted successfully.
HKCR\CLSID\{089DC5F6-DE05-121C-7374-EBB5F49F9886} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F5AB13-E97A-993C-2D78-7DD69F3AD888} => Key deleted successfully.
HKCR\CLSID\{50F5AB13-E97A-993C-2D78-7DD69F3AD888} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E45A9AC7-E3A1-D540-6C20-D9C479210F65} => Key deleted successfully.
HKCR\CLSID\{E45A9AC7-E3A1-D540-6C20-D9C479210F65} => Key deleted successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghpcigbfmkomjaikaffjmgkegdjjlpkk => Moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
CHR Extension: (SAaVeLots) - C:\ProgramData\djpmkpehchcnkaalglcgmbdlgkefpkbg [2014-01-01] directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
25e4f9bf => Service deleted successfully.
C:\Users\User\Desktop\FRSTLauncher.exe => Moved successfully.
C:\ProgramData\TubeIutAdBloucKFri => Moved successfully.
C:\ProgramData\ghpcigbfmkomjaikaffjmgkegdjjlpkk => Moved successfully.
C:\ProgramData\SAaVeLots => Moved successfully.
"C:\ProgramData\TubeIutAdBloucKFri" => File/Directory not found.
C:\ProgramData\GreatSiave4U => Moved successfully.

"C:\ProgramData\WebTect" directory move:

Could not move "C:\ProgramData\WebTect" directory. => Scheduled to move on reboot.

C:\Windows\inf\msohtig.vbe => Moved successfully.
C:\ProgramData\BetterSoft => Moved successfully.
C:\Windows\inf\mskuwexdf => Moved successfully.
C:\Windows\inf\ntvdm.vbe => Moved successfully.
C:\Users\User\AppData\Local\Temp\bitool.dll => Moved successfully.
C:\Users\User\AppData\Local\Temp\install_reader11_cz_mssd_aaa_aih.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\listicka-partner-13415-1.1.2-offline.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\miCoach_micoachmanagersetup.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\OptimizerPro.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\Optimizer_Pro.exe => Moved successfully.
C:\Users\User\AppData\Local\Temp\QuickStores_Unlocker.exe => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\schedule!3036567561.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NtVdmSrv" /f =========

Operace byla dokonźena ŁspŘçnŘ.

========= End of Reg: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-18 14:56:22)<=

C:\ProgramData\WebTect => Moved successfully.

==== End of Fixlog ====

#5 Příspěvek od **vyosek** » 18 úno 2014 15:01

Kafe jsem si jen udelal, piju ho prubezne u fora

Vetsinou jsem je tak videl v nejakem cracku\keygenu nebo nejaka pochybna stranka ci napadena webovka

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Stene · #6 Příspěvek od **Stene** » 18 úno 2014 15:08

log z adw cleaneru

# AdwCleaner v3.019 - Report created 18/02/2014 at 15:05:48
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : User - USER-PC
# Running from : C:\Users\User\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DownaLoad keeeperr
Folder Deleted : C:\ProgramData\SearchNewTab
Folder Deleted : C:\Program Files (x86)\EZDownloader
Folder Deleted : C:\Program Files (x86)\Ss-Helper
Folder Deleted : C:\Program Files (x86)\WebSearch
Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
Folder Deleted : C:\Users\User\AppData\LocalLow\DownaLoad keeeperr
Folder Deleted : C:\Users\User\AppData\LocalLow\SearchNewTab
Folder Deleted : C:\Users\User\AppData\Roaming\QuickStoresToolbar
File Deleted : C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
File Deleted : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0F44DC3A-6E62-4961-A14B-95323C512F9B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OptimizerPro

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4121 octets] - [18/02/2014 15:04:55]
AdwCleaner[S0].txt - [4053 octets] - [18/02/2014 15:05:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4113 octets] ##########

#7 Příspěvek od **vyosek** » 18 úno 2014 15:17

Fajn, jak se chova PC??

Stene · #8 Příspěvek od **Stene** » 18 úno 2014 15:19

Po restartu už tam ten proces vytěžující počítač není. Zkusím ještě jednou restartovat a hned napíšu

Stene · #9 Příspěvek od **Stene** » 18 úno 2014 15:25

tak jo, počítač už vypadá fit

#10 Příspěvek od **vyosek** » 18 úno 2014 15:25

Tak jeste klasicky uklid

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Stene · #11 Příspěvek od **Stene** » 18 úno 2014 15:38

Dokonalá a blesková pomoc

Máš můj obdiv, ale jestli to je poslední dotaz ti slíbit nemůžu!

Děkuji mnohokrát!

#12 Příspěvek od **vyosek** » 18 úno 2014 15:39

Jasny, v pohode - vsak kdyby neco, mail mas

A jinak, neni zac

A na zaklade Pravidla o zamykani temat

VIRY.CZ

Prosím Vyoska o kontrolu

Prosím Vyoska o kontrolu

Re: Prosím Vyoska o kontrolu

Re: Prosím Vyoska o kontrolu

Re: Prosím Vyoska o kontrolu

Re: Prosím Vyoska o kontrolu

Re: Prosím Vyoska o kontrolu

Re: Prosím Vyoska o kontrolu

Re: Prosím Vyoska o kontrolu

Re: Prosím Vyoska o kontrolu

Re: Prosím Vyoska o kontrolu

Re: Prosím Vyoska o kontrolu

Re: Prosím Vyoska o kontrolu