Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Restart PC hned po přihlášení uživatele

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Zamčeno
Zpráva
Autor
funkymusic
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 402
Registrován: 07 pro 2004 15:16

Restart PC hned po přihlášení uživatele

#1 Příspěvek od funkymusic »

Zdravím, prosím o laskavou pomoc. PC se hned po zobrazení plochy restartuje. Log jsem provedl v nouzovém režimu.

Díky moc.



Logfile of random's system information tool 1.10 (written by random/random)
Run by Iva at 2015-02-18 09:55:27
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 128 GB (81%) free of 157 GB
Total RAM: 1023 MB (79% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\SDMsgUpdate (TE).job - C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe -PTE -V1813 -SSDU.ini -A -Mhttp://www.smartdraw.com/msgs/messagecheck.aspx -D0 -T -N -X
C:\WINDOWS\tasks\WGASetup.job - C:\WINDOWS\system32\KB905474\wgasetup.exe /autoauto

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b0cf41e-334a-4984-a8a0-aa5affeb5482}]
ResultsBay 1.0.0.7 - C:\Program Files\ResultsBay\ResultsBayBHO.dll [2015-02-04 269040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-05 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-09 1001936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-18 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Lištička - C:\Program Files\Seznam.cz\listicka.dll [2009-11-02 1411736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-04-05 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-09-16 69632]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-18 148888]
"StatusClient 2.6"=C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [2004-02-27 61440]
"TomcatStartup 2.5"=C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [2004-05-20 188416]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"Kerio VPN Client"=C:\Program Files\Kerio\VPN Client\kvpncgui.exe [2010-07-18 5293928]
""= []
"pdfSaver3"= []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"pdfSaver3"=C:\Program Files\PDF\pdfSaver\pdfSaver3.exe [2004-05-19 385024]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-09-13 39408]
"Yahoo! Search"=C:\Documents and Settings\Iva\Data aplikací\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe [2015-01-18 644816]

C:\Documents and Settings\Iva\Nabídka Start\Programy\Po spuštění
SQLServer.lnk - C:\CENTURA\dbnt1sv.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe"="C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe"="C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\IPClient\IPClient.exe"="C:\Program Files\IPClient\IPClient.exe:*:Enabled:IPClient"
"C:\Program Files\VideoViewer\VideoViewer.exe"="C:\Program Files\VideoViewer\VideoViewer.exe:*:Enabled:VideoViewer"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2015-02-18 09:55:28 ----D---- C:\Program Files\trend micro
2015-02-18 09:55:27 ----DC---- C:\rsit
2015-02-18 08:48:03 ----A---- C:\WINDOWS\ntbtlog.txt
2015-02-17 16:35:35 ----D---- C:\WINDOWS\Minidump
2015-02-17 16:30:59 ----A---- C:\WINDOWS\system32\drivers\{8f2fe4c6-327e-4d57-9cfc-f57bbfc7d05c}t.sys
2015-02-10 17:23:34 ----A---- C:\WINDOWS\system32\drivers\{f9bf5b7a-c875-4b69-af47-f9a60ab0f8c6}t.sys
2015-02-08 09:30:00 ----A---- C:\WINDOWS\system32\drivers\{e7040ff0-44bd-4369-95b8-ede045386420}t.sys
2015-02-05 20:14:58 ----A---- C:\WINDOWS\system32\drivers\{85c74733-05ab-4712-b709-690a78b239f8}t.sys
2015-01-25 11:28:05 ----A---- C:\WINDOWS\system32\drivers\{adffcaa5-8eaf-4d29-98de-cfac96868329}t.sys

======List of files/folders modified in the last 1 month======

2015-02-18 09:55:28 ----RD---- C:\Program Files
2015-02-18 09:54:14 ----D---- C:\WINDOWS\system32\CatRoot2
2015-02-18 09:52:42 ----D---- C:\WINDOWS
2015-02-18 09:42:08 ----D---- C:\WINDOWS\Temp
2015-02-18 08:52:16 ----D---- C:\WINDOWS\system32
2015-02-18 08:52:11 ----D---- C:\WINDOWS\system32\drivers
2015-02-18 08:45:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2015-02-18 08:44:16 ----HD---- C:\WINDOWS\inf
2015-02-17 16:36:57 ----A---- C:\WINDOWS\win.ini
2015-02-17 16:34:10 ----D---- C:\WINDOWS\Prefetch
2015-02-17 16:30:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\9a9a3a17-f94f-404b-a59a-2dbabe68e70b
2015-02-08 10:24:02 ----SHD---- C:\WINDOWS\Installer
2015-02-08 10:19:34 ----SD---- C:\WINDOWS\Tasks
2015-02-05 21:08:23 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 20:46:58 ----D---- C:\Program Files\ResultsBay

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 {0a76474a-6444-4592-bf0c-76e7ec6a7cd7}t;{0a76474a-6444-4592-bf0c-76e7ec6a7cd7}t; C:\WINDOWS\system32\drivers\{0a76474a-6444-4592-bf0c-76e7ec6a7cd7}t.sys [2014-12-17 55872]
S1 {22a91d06-afc2-49fc-a96f-6562bfb2db80}t;{22a91d06-afc2-49fc-a96f-6562bfb2db80}t; C:\WINDOWS\system32\drivers\{22a91d06-afc2-49fc-a96f-6562bfb2db80}t.sys [2014-10-23 55872]
S1 {2930ffde-ef38-481a-99f8-bec779f19c42}t;{2930ffde-ef38-481a-99f8-bec779f19c42}t; C:\WINDOWS\system32\drivers\{2930ffde-ef38-481a-99f8-bec779f19c42}t.sys [2014-11-15 55872]
S1 {3800c333-b52b-4af7-9e68-ac167654bbca}t;{3800c333-b52b-4af7-9e68-ac167654bbca}t; C:\WINDOWS\system32\drivers\{3800c333-b52b-4af7-9e68-ac167654bbca}t.sys [2014-12-01 55872]
S1 {804ed8bf-87ab-41d2-9d5f-084b8f921ab6}t;{804ed8bf-87ab-41d2-9d5f-084b8f921ab6}t; C:\WINDOWS\system32\drivers\{804ed8bf-87ab-41d2-9d5f-084b8f921ab6}t.sys [2014-10-30 55872]
S1 {80967689-5bac-408f-bcc8-ff2c708bbe9e}t;{80967689-5bac-408f-bcc8-ff2c708bbe9e}t; C:\WINDOWS\system32\drivers\{80967689-5bac-408f-bcc8-ff2c708bbe9e}t.sys [2015-01-12 55824]
S1 {85c74733-05ab-4712-b709-690a78b239f8}t;{85c74733-05ab-4712-b709-690a78b239f8}t; C:\WINDOWS\system32\drivers\{85c74733-05ab-4712-b709-690a78b239f8}t.sys [2015-02-04 55824]
S1 {88704c5f-8dc4-4583-8a38-638e1e57c933}t;{88704c5f-8dc4-4583-8a38-638e1e57c933}t; C:\WINDOWS\system32\drivers\{88704c5f-8dc4-4583-8a38-638e1e57c933}t.sys [2015-01-18 55824]
S1 {8f2fe4c6-327e-4d57-9cfc-f57bbfc7d05c}t;{8f2fe4c6-327e-4d57-9cfc-f57bbfc7d05c}t; C:\WINDOWS\system32\drivers\{8f2fe4c6-327e-4d57-9cfc-f57bbfc7d05c}t.sys [2015-02-16 55824]
S1 {9d2d15b9-c3d6-43c9-9ae9-c5272f79f036}t;{9d2d15b9-c3d6-43c9-9ae9-c5272f79f036}t; C:\WINDOWS\system32\drivers\{9d2d15b9-c3d6-43c9-9ae9-c5272f79f036}t.sys [2014-12-10 55872]
S1 {aa772a4b-d510-413d-87e1-5f45804f3f8f}t;{aa772a4b-d510-413d-87e1-5f45804f3f8f}t; C:\WINDOWS\system32\drivers\{aa772a4b-d510-413d-87e1-5f45804f3f8f}t.sys [2014-11-09 55872]
S1 {adffcaa5-8eaf-4d29-98de-cfac96868329}t;{adffcaa5-8eaf-4d29-98de-cfac96868329}t; C:\WINDOWS\system32\drivers\{adffcaa5-8eaf-4d29-98de-cfac96868329}t.sys [2015-01-24 55824]
S1 {c0c69ebd-4ee7-4114-8b49-15390766507e}t;{c0c69ebd-4ee7-4114-8b49-15390766507e}t; C:\WINDOWS\system32\drivers\{c0c69ebd-4ee7-4114-8b49-15390766507e}t.sys [2015-01-09 55824]
S1 {c1f03e90-6f61-4ede-ad9e-eab2cc1f2e36}t;{c1f03e90-6f61-4ede-ad9e-eab2cc1f2e36}t; C:\WINDOWS\system32\drivers\{c1f03e90-6f61-4ede-ad9e-eab2cc1f2e36}t.sys [2014-11-11 55872]
S1 {ce4b0e98-4d66-4d97-8af3-ec2264c8222f}t;{ce4b0e98-4d66-4d97-8af3-ec2264c8222f}t; C:\WINDOWS\system32\drivers\{ce4b0e98-4d66-4d97-8af3-ec2264c8222f}t.sys [2014-11-18 55872]
S1 {cf659afe-27fc-4e2d-9c49-88406fa09c42}t;{cf659afe-27fc-4e2d-9c49-88406fa09c42}t; C:\WINDOWS\system32\drivers\{cf659afe-27fc-4e2d-9c49-88406fa09c42}t.sys [2014-12-29 55824]
S1 {e34ff9ce-e6b6-450a-ace7-3acd1926facd}t;{e34ff9ce-e6b6-450a-ace7-3acd1926facd}t; C:\WINDOWS\system32\drivers\{e34ff9ce-e6b6-450a-ace7-3acd1926facd}t.sys [2014-07-03 55232]
S1 {e7040ff0-44bd-4369-95b8-ede045386420}t;{e7040ff0-44bd-4369-95b8-ede045386420}t; C:\WINDOWS\system32\drivers\{e7040ff0-44bd-4369-95b8-ede045386420}t.sys [2015-02-07 55824]
S1 {f9bf5b7a-c875-4b69-af47-f9a60ab0f8c6}t;{f9bf5b7a-c875-4b69-af47-f9a60ab0f8c6}t; C:\WINDOWS\system32\drivers\{f9bf5b7a-c875-4b69-af47-f9a60ab0f8c6}t.sys [2015-02-09 55824]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys []
S1 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2008-10-20 52544]
S1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys []
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys []
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys []
S3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-14 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 kvnet;Kerio Virtual Network Adapter; C:\WINDOWS\system32\DRIVERS\kvnet.sys [2010-07-15 30208]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-04-13 70144]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 602SQLFS;602SQL Server; C:\Program Files\Software602\602SQL11FS\602svc11fs.exe [2008-05-19 2048000]
S2 Apache2;Apache2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2007-01-09 20539]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe []
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-18 152984]
S2 KVPNCSvc;Kerio VPN Client Service; C:\Program Files\Kerio\VPN Client\kvpncsvc.exe [2010-07-18 1103720]
S2 MaintainerSvc6.96.773180;MaintainerSvc6.96.773180; C:\Documents and Settings\All Users\Data aplikací\9a9a3a17-f94f-404b-a59a-2dbabe68e70b\maintainer.exe [2015-02-17 123632]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
S2 Update ResultsBay;Update ResultsBay; C:\Program Files\ResultsBay\updateResultsBay.exe [2015-02-17 409328]
S2 Util ResultsBay;Util ResultsBay; C:\Program Files\ResultsBay\bin\utilResultsBay.exe [2015-02-17 409328]
S2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05 267440]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe /service []
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe /service []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-21 107912]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-15 194032]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-10-22 65536]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Restart PC hned po přihlášení uživatele

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Pracujte stale v nouzaku

:arrow: PC se jen restartuje nebo spadne do modre smrti?

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
funkymusic
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 402
Registrován: 07 pro 2004 15:16

Re: Restart PC hned po přihlášení uživatele

#3 Příspěvek od funkymusic »

Jen se restartoval, bez modré smrti. Po tomto cleanu už jede .

Tady je log:


# AdwCleaner v4.110 - Logfile created 18/02/2015 at 11:41:22
# Updated 05/02/2015 by Xplode
# Database : 2015-02-14.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Iva - PC
# Running from : C:\Documents and Settings\Iva\Dokumenty\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : Update ResultsBay
[#] Service Deleted : Util ResultsBay
[#] Service Deleted : {0a76474a-6444-4592-bf0c-76e7ec6a7cd7}t
[#] Service Deleted : {22a91d06-afc2-49fc-a96f-6562bfb2db80}t
[#] Service Deleted : {2930ffde-ef38-481a-99f8-bec779f19c42}t
[#] Service Deleted : {3800c333-b52b-4af7-9e68-ac167654bbca}t
[#] Service Deleted : {804ed8bf-87ab-41d2-9d5f-084b8f921ab6}t
[#] Service Deleted : {80967689-5bac-408f-bcc8-ff2c708bbe9e}t
[#] Service Deleted : {85c74733-05ab-4712-b709-690a78b239f8}t
[#] Service Deleted : {88704c5f-8dc4-4583-8a38-638e1e57c933}t
[#] Service Deleted : {8f2fe4c6-327e-4d57-9cfc-f57bbfc7d05c}t
[#] Service Deleted : {9d2d15b9-c3d6-43c9-9ae9-c5272f79f036}t
[#] Service Deleted : {aa772a4b-d510-413d-87e1-5f45804f3f8f}t
[#] Service Deleted : {adffcaa5-8eaf-4d29-98de-cfac96868329}t
[#] Service Deleted : {c0c69ebd-4ee7-4114-8b49-15390766507e}t
[#] Service Deleted : {c1f03e90-6f61-4ede-ad9e-eab2cc1f2e36}t
[#] Service Deleted : {ce4b0e98-4d66-4d97-8af3-ec2264c8222f}t
[#] Service Deleted : {cf659afe-27fc-4e2d-9c49-88406fa09c42}t
[#] Service Deleted : {e34ff9ce-e6b6-450a-ace7-3acd1926facd}t
[#] Service Deleted : {e7040ff0-44bd-4369-95b8-ede045386420}t
[#] Service Deleted : {f9bf5b7a-c875-4b69-af47-f9a60ab0f8c6}t

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\apn
Folder Deleted : C:\Program Files\ResultsBay
Folder Deleted : C:\Documents and Settings\Iva\Data aplikací\pay-by-ads
Folder Deleted : C:\Documents and Settings\Iva\Dokumenty\smart pc cleaner
File Deleted : C:\WINDOWS\system32\drivers\{0a76474a-6444-4592-bf0c-76e7ec6a7cd7}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{22a91d06-afc2-49fc-a96f-6562bfb2db80}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{2930ffde-ef38-481a-99f8-bec779f19c42}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{3800c333-b52b-4af7-9e68-ac167654bbca}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{804ed8bf-87ab-41d2-9d5f-084b8f921ab6}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{80967689-5bac-408f-bcc8-ff2c708bbe9e}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{85c74733-05ab-4712-b709-690a78b239f8}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{88704c5f-8dc4-4583-8a38-638e1e57c933}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{8f2fe4c6-327e-4d57-9cfc-f57bbfc7d05c}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{9d2d15b9-c3d6-43c9-9ae9-c5272f79f036}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{aa772a4b-d510-413d-87e1-5f45804f3f8f}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{adffcaa5-8eaf-4d29-98de-cfac96868329}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{c0c69ebd-4ee7-4114-8b49-15390766507e}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{c1f03e90-6f61-4ede-ad9e-eab2cc1f2e36}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{ce4b0e98-4d66-4d97-8af3-ec2264c8222f}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{cf659afe-27fc-4e2d-9c49-88406fa09c42}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{e34ff9ce-e6b6-450a-ace7-3acd1926facd}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{e7040ff0-44bd-4369-95b8-ede045386420}t.sys
File Deleted : C:\WINDOWS\system32\drivers\{f9bf5b7a-c875-4b69-af47-f9a60ab0f8c6}t.sys

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Documents and Settings\All Users\Nabídka Start\Programy\Příslušenství\Systémové nástroje\Naplánované úlohy.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKCU\Software\Classes\keepmysearch
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update ResultsBay
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util ResultsBay
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1b0cf41e-334a-4984-a8a0-aa5affeb5482}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CF5D16C-D3B2-41C7-8617-228BB180FB3F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{f01c8228-e114-47a1-b79b-eabff2a34a02}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b0cf41e-334a-4984-a8a0-aa5affeb5482}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1b0cf41e-334a-4984-a8a0-aa5affeb5482}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1b0cf41e-334a-4984-a8a0-aa5affeb5482}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1A111C1E-C5D2-4F5E-BE2A-362967405B01}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\ResultsBay
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\ResultsBay
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultsBay
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ResultsBay
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Google Chrome v40.0.2214.111

[C:\Documents and Settings\Iva\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences] - Deleted [Homepage] : hxxp://rts.dsrlte.com?affID=na

*************************

AdwCleaner[R0].txt - [7151 bytes] - [18/02/2015 11:37:13]
AdwCleaner[S0].txt - [6671 bytes] - [18/02/2015 11:41:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6730 bytes] ##########
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Restart PC hned po přihlášení uživatele

#4 Příspěvek od vyosek »

:arrow: Supr, aspon nejaky pokrok

:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
funkymusic
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 402
Registrován: 07 pro 2004 15:16

Re: Restart PC hned po přihlášení uživatele

#5 Příspěvek od funkymusic »

tak je to tady:



Zoek.exe v5.0.0.0 Updated 17-February-2015
Tool run by Iva on st 18.02.2015 at 15:37:11,68.
Systém Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Iva\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18.2.2015 15:39:45 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Empty Folders Check ======================

C:\Program Files\NeroInstall.bak deleted successfully
C:\Program Files\trend micro deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\jqs@sun.com deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MaintainerSvc6.96.773180 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MaintainerSvc6.96.773180 deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MaintainerSvc6.96.773180 deleted successfully

==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1\DATAAP~1\9a9a3a17-f94f-404b-a59a-2dbabe68e70b deleted
C:\Program Files\ComPlus Applications deleted
C:\WINDOWS\002683_.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\system32\GroupPolicy\ADM deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [04.09.2009 02:00]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Search Page"="http://www.seznam.cz/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{C265A13A-0EB7-4999-BE7F-18F3588E5D9D}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{22CC10DF-C285-4EC4-8769-CC9F481F7874} Slovník CZ/EN Url="http://slovnik.seznam.cz/?lg=cz_en&wd={ ... IElisticka"
{3EC4DBFF-46C7-4964-AB26-60E942F7387C} Encyklopedie Url="http://encyklopedie.seznam.cz/search?s= ... IElisticka"
{400375A6-E7C5-4CF5-8CB4-F18257510E53} Zboží.cz Url="http://zbozi.seznam.cz/?q={searchTerms} ... IElisticka"
{400375A6-E7C5-4CF5-8CB4-F18257510E53} Zboží.cz Url="http://zbozi.seznam.cz/?q={searchTerms} ... IElisticka"
{4921EDF0-1C7B-456E-8F03-FC43C10A97AF} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... IElisticka"
{75C3F1D5-F961-47FC-9C9F-5E573C85DDA6} Slovník EN/CZ Url="http://slovnik.seznam.cz/?lg=en_cz&wd={ ... IElisticka"
{9BA58561-8738-48B3-838D-5115098764CE} Firmy.cz Url="http://www.firmy.cz/phr/{searchTerms}?p ... IElisticka"
{A3B1A68E-51A6-4355-BBD8-4F9F33248A0A} Seznam Url="http://search.seznam.cz/searchScreen?w= ... IElisticka"
{C265A13A-0EB7-4999-BE7F-18F3588E5D9D} Google Url="http://www.google.com/search?q={searchT ... RU_csCZ501"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Mirek\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Iva\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=8 folders=3 2450558 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\Iva\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Iva\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on st 18.02.2015 at 15:53:56,25 ======================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Restart PC hned po přihlášení uživatele

#6 Příspěvek od vyosek »

Poprosim o log z FRST http://forum.viry.cz/viewtopic.php?f=24&t=132509
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
funkymusic
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 402
Registrován: 07 pro 2004 15:16

Re: Restart PC hned po přihlášení uživatele

#7 Příspěvek od funkymusic »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by Iva (administrator) on PC on 18-02-2015 18:14:31
Running from C:\Documents and Settings\Iva\Plocha
Loaded Profiles: Iva (Available profiles: Mirek & Iva)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Software602 a.s.) C:\Program Files\Software602\602SQL11FS\602svc11fs.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Apache Software Foundation) C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(Kerio Technologies Inc.) C:\Program Files\Kerio\VPN Client\kvpncsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(Prolific Technology Inc.) C:\WINDOWS\system32\IoctlSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\SOUNDMAN.EXE
(Hewlett-Packard Company) C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Kerio Technologies Inc.) C:\Program Files\Kerio\VPN Client\kvpncgui.exe
(Tracker Software Products Ltd.) C:\Program Files\PDF\pdfSaver\pdfSaver3.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
() C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(forum.viry.cz) C:\Documents and Settings\Iva\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\WINDOWS\SOUNDMAN.EXE [69632 2004-09-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [HPDJ Taskbar Utility] => C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe [172032 2004-03-04] (HP)
HKLM\...\Run: [HP Component Manager] => C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [241664 2003-12-22] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [49152 2004-02-18] (Hewlett-Packard Company)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [StatusClient 2.6] => C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe [61440 2004-02-27] (Hewlett-Packard)
HKLM\...\Run: [TomcatStartup 2.5] => C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [188416 2004-05-20] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kerio VPN Client] => C:\Program Files\Kerio\VPN Client\kvpncgui.exe [5293928 2010-07-18] (Kerio Technologies Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [pdfSaver3] => [X]
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\Run: [pdfSaver3] => C:\Program Files\PDF\pdfSaver\pdfSaver3.exe [385024 2004-05-19] (Tracker Software Products Ltd.)
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-13] (Google Inc.)
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\Run: [Yahoo! Search] => C:\Documents and Settings\Iva\Data aplikací\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\MountPoints2: {7501c554-a4fa-11dd-9db7-0011098d298a} - E:\Web'n'walk_Helper.exe
Startup: C:\Documents and Settings\Iva\Nabídka Start\Programy\Po spuštění\SQLServer.lnk
ShortcutTarget: SQLServer.lnk -> C:\CENTURA\dbnt1sv.exe (Centura Software Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1645522239-362288127-839522115-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.seznam.cz/
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1645522239-362288127-839522115-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1645522239-362288127-839522115-1004 -> {22CC10DF-C285-4EC4-8769-CC9F481F7874} URL = http://slovnik.seznam.cz/?lg=cz_en&wd={ ... IElisticka
SearchScopes: HKU\S-1-5-21-1645522239-362288127-839522115-1004 -> {3EC4DBFF-46C7-4964-AB26-60E942F7387C} URL = http://encyklopedie.seznam.cz/search?s= ... IElisticka
SearchScopes: HKU\S-1-5-21-1645522239-362288127-839522115-1004 -> {400375A6-E7C5-4CF5-8CB4-F18257510E53} URL = http://zbozi.seznam.cz/?q={searchTerms} ... IElisticka
SearchScopes: HKU\S-1-5-21-1645522239-362288127-839522115-1004 -> {4921EDF0-1C7B-456E-8F03-FC43C10A97AF} URL = http://www.mapy.cz/?query={searchTerms} ... IElisticka
SearchScopes: HKU\S-1-5-21-1645522239-362288127-839522115-1004 -> {75C3F1D5-F961-47FC-9C9F-5E573C85DDA6} URL = http://slovnik.seznam.cz/?lg=en_cz&wd={ ... IElisticka
SearchScopes: HKU\S-1-5-21-1645522239-362288127-839522115-1004 -> {9BA58561-8738-48B3-838D-5115098764CE} URL = http://www.firmy.cz/phr/{searchTerms}?p ... IElisticka
SearchScopes: HKU\S-1-5-21-1645522239-362288127-839522115-1004 -> {A3B1A68E-51A6-4355-BBD8-4F9F33248A0A} URL = http://search.seznam.cz/searchScreen?w= ... IElisticka
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: Lištička -> {EA837F48-5AD1-443E-AE34-FFE03CBF3099} -> C:\Program Files\Seznam.cz\listicka.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1645522239-362288127-839522115-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-1645522239-362288127-839522115-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/ ... dl.sun.com
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 62.240.163.170 62.204.224.2

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-22]

Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\25.0.1364.152\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\25.0.1364.152\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U12) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Documents and Settings\Iva\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Documents and Settings\Iva\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-13]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Iva\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-13]
CHR Extension: (Gmail) - C:\Documents and Settings\Iva\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 602SQLFS; C:\Program Files\Software602\602SQL11FS\602svc11fs.exe [2048000 2008-05-19] (Software602 a.s.) [File not signed]
R2 Apache2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [20539 2007-01-09] (Apache Software Foundation) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-02-18] (Sun Microsystems, Inc.)
R2 KVPNCSvc; C:\Program Files\Kerio\VPN Client\kvpncsvc.exe [1103720 2010-07-18] (Kerio Technologies Inc.)
R2 PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S3 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [65536 2003-10-22] (HP) [File not signed]
S2 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [X]
S2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast4\ashServ.exe" [X]
S3 avast! Mail Scanner; "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service [X]
S3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ALCXWDM; C:\WINDOWS\System32\drivers\ALCXWDM.SYS [2278784 2004-09-21] (Realtek Semiconductor Corp.)
R1 Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [52544 2008-10-20] (Identcode Ltd.) [File not signed]
R3 kvnet; C:\WINDOWS\System32\DRIVERS\kvnet.sys [30208 2010-07-15] (Kerio Technologies Inc.)
R3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [70144 2004-04-13] (Realtek Semiconductor Corporation )
S1 Aavmker4; No ImagePath
S2 ADILOADER; System32\Drivers\adildr.sys [X]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [X]
S2 aswFsBlk; system32\DRIVERS\aswFsBlk.sys [X]
S2 aswMon2; No ImagePath
S3 aswRdr; No ImagePath
S1 aswSP; No ImagePath
S1 aswTdi; No ImagePath
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 MSICPL; \??\D:\install4\MSICPL.sys [X]
S3 NTACCESS; \??\D:\NTACCESS.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 18:14 - 2015-02-18 18:14 - 00015427 _____ () C:\Documents and Settings\Iva\Plocha\FRST.txt
2015-02-18 18:14 - 2015-02-18 18:14 - 00000000 ___DC () C:\FRST
2015-02-18 18:12 - 2015-02-18 18:12 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Iva\Plocha\FRSTLauncher.exe
2015-02-18 18:11 - 2015-02-18 18:12 - 01125888 _____ (Farbar) C:\Documents and Settings\Iva\Plocha\FRST.exe
2015-02-18 15:49 - 2015-02-18 18:14 - 00000000 ___DC () C:\Documents and Settings\Iva\Local Settings\Temp
2015-02-18 15:49 - 2015-02-18 15:36 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-02-18 15:39 - 2015-02-18 15:53 - 00006965 ____C () C:\zoek-results.log
2015-02-18 15:36 - 2015-02-18 15:47 - 00000000 ___DC () C:\zoek_backup
2015-02-18 15:35 - 2015-02-18 15:35 - 01304576 _____ () C:\Documents and Settings\Iva\Plocha\zoek.exe
2015-02-18 11:36 - 2015-02-18 11:42 - 00000000 ___DC () C:\AdwCleaner
2015-02-18 11:35 - 2015-02-18 11:29 - 02112512 _____ () C:\Documents and Settings\Iva\Dokumenty\adwcleaner_4.110.exe
2015-02-18 11:32 - 2015-02-18 11:32 - 00000000 __SHD () C:\WINDOWS\CSC
2015-02-18 09:55 - 2015-02-18 09:55 - 00000000 ___DC () C:\rsit
2015-02-18 09:55 - 2015-02-18 09:50 - 01107968 _____ () C:\Documents and Settings\Iva\Dokumenty\RSIT.exe
2015-02-18 09:52 - 2015-02-18 09:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021815-08.dmp
2015-02-18 09:45 - 2015-02-18 09:45 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021815-07.dmp
2015-02-18 09:41 - 2015-02-18 09:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021815-06.dmp
2015-02-18 09:33 - 2015-02-18 09:32 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021815-05.dmp
2015-02-18 09:10 - 2015-02-18 09:10 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021815-04.dmp
2015-02-18 09:08 - 2015-02-18 09:08 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021815-03.dmp
2015-02-18 08:55 - 2015-02-18 08:54 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021815-02.dmp
2015-02-18 08:48 - 2015-02-18 08:47 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021815-01.dmp
2015-02-17 19:55 - 2015-02-17 19:55 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-19.dmp
2015-02-17 19:53 - 2015-02-17 19:53 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-18.dmp
2015-02-17 18:43 - 2015-02-17 18:43 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-17.dmp
2015-02-17 18:42 - 2015-02-17 18:41 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-16.dmp
2015-02-17 18:40 - 2015-02-17 18:40 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-15.dmp
2015-02-17 17:11 - 2015-02-17 17:11 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-14.dmp
2015-02-17 17:10 - 2015-02-17 17:10 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-13.dmp
2015-02-17 17:08 - 2015-02-17 17:08 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-12.dmp
2015-02-17 17:06 - 2015-02-17 17:06 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-11.dmp
2015-02-17 17:04 - 2015-02-17 17:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-10.dmp
2015-02-17 17:03 - 2015-02-17 17:03 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-09.dmp
2015-02-17 17:01 - 2015-02-17 17:01 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-08.dmp
2015-02-17 16:59 - 2015-02-17 16:59 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-07.dmp
2015-02-17 16:57 - 2015-02-17 16:57 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-06.dmp
2015-02-17 16:56 - 2015-02-17 16:56 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-05.dmp
2015-02-17 16:53 - 2015-02-17 16:52 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-04.dmp
2015-02-17 16:51 - 2015-02-17 16:51 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-03.dmp
2015-02-17 16:50 - 2015-02-17 16:50 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-02.dmp
2015-02-17 16:35 - 2015-02-18 09:41 - 00000000 ____D () C:\WINDOWS\Minidump
2015-02-17 16:35 - 2015-02-17 16:35 - 00090112 _____ () C:\WINDOWS\Minidump\Mini021715-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-18 18:14 - 2008-10-20 20:55 - 00000000 ____D () C:\Documents and Settings\Iva\Plocha
2015-02-18 18:13 - 2008-10-20 20:55 - 00000000 ___HD () C:\Documents and Settings\Iva\Local Settings\Data aplikací
2015-02-18 18:08 - 2012-09-13 21:07 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-18 17:24 - 2012-09-13 21:07 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 17:24 - 2008-10-02 08:09 - 00032616 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-18 15:54 - 2010-02-20 20:52 - 00004124 ____C () C:\statusclient.log
2015-02-18 15:54 - 2008-10-02 08:04 - 01389207 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-18 15:52 - 2014-03-30 17:19 - 00000218 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-18 15:52 - 2012-09-13 21:07 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 15:52 - 2010-05-16 18:45 - 00000460 _____ () C:\WINDOWS\Tasks\SDMsgUpdate (TE).job
2015-02-18 15:52 - 2009-04-25 18:55 - 00000260 _____ () C:\WINDOWS\Tasks\WGASetup.job
2015-02-18 15:52 - 2004-08-18 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-18 15:51 - 2008-10-02 08:09 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-18 15:50 - 2008-10-20 20:55 - 00000272 ___SH () C:\Documents and Settings\Iva\ntuser.ini
2015-02-18 15:47 - 2008-10-22 16:33 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-02-18 15:47 - 2008-10-02 09:54 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-02-18 11:51 - 2008-10-02 09:54 - 00719553 _____ () C:\WINDOWS\setupapi.log
2015-02-18 11:42 - 2008-10-20 20:55 - 00000000 ___RD () C:\Documents and Settings\Iva\Dokumenty
2015-02-18 09:31 - 2008-10-02 08:10 - 00000000 ____D () C:\Documents and Settings\Mirek\Local Settings\Temp
2015-02-18 09:30 - 2008-10-02 09:54 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
2015-02-18 09:30 - 2008-10-02 08:10 - 00000178 ___SH () C:\Documents and Settings\Mirek\ntuser.ini
2015-02-18 09:30 - 2008-10-02 08:10 - 00000000 ____D () C:\Documents and Settings\Mirek\Plocha
2015-02-18 08:52 - 2008-10-02 09:54 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-18 08:52 - 2008-10-02 09:54 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-18 08:52 - 2008-10-02 08:05 - 00002546 _____ () C:\WINDOWS\system32\config.nt
2015-02-17 16:36 - 2004-08-18 13:00 - 00000705 _____ () C:\WINDOWS\win.ini
2015-02-10 17:35 - 2009-02-08 17:57 - 00001859 _____ () C:\Documents and Settings\All Users\Plocha\Money S3.lnk
2015-02-10 17:35 - 2008-11-26 19:16 - 00001864 _____ () C:\Documents and Settings\All Users\Plocha\S3 Kasa.lnk
2015-02-10 17:23 - 2014-03-30 17:19 - 00000212 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-08 11:00 - 2008-10-20 20:55 - 00000000 ____D () C:\Documents and Settings\Iva
2015-02-08 10:25 - 2012-09-13 21:09 - 00001813 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2015-02-05 21:08 - 2012-09-13 21:07 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 21:08 - 2012-09-13 21:07 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2009-05-24 09:57 - 2011-08-15 14:49 - 0005632 _____ () C:\Documents and Settings\Iva\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2008-11-25 18:14 - 2008-11-25 18:14 - 0000123 _____ () C:\Documents and Settings\Iva\Local Settings\Data aplikací\fusioncache.dat

Some content of TEMP:
====================
C:\Documents and Settings\Mirek\Local Settings\Temp\jre-6u17-windows-i586-iftw-rv.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\Mirek\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:153.38 GB) (Free:125.48 GB) NTFS ==>[Drive with boot components (Windows XP)]

Available physical RAM: 502.6 MB
Total physical RAM: 1023.48 MB
Percentage of memory in use: 50%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 153.4 GB) (Disk ID: 23712370)
Partition 1: (Active) - (Size=153.4 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Iva\Plocha" je 1286 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"="C:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe:*:Enabled:javaw"
"C:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe"="C:\\Program Files\\Apache Software Foundation\\Apache2.2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\IPClient\\IPClient.exe"="C:\\Program Files\\IPClient\\IPClient.exe:*:Enabled:IPClient"
"C:\\Program Files\\VideoViewer\\VideoViewer.exe"="C:\\Program Files\\VideoViewer\\VideoViewer.exe:*:Enabled:VideoViewer"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15808
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Restart PC hned po přihlášení uživatele

#8 Příspěvek od JaRon »

jednorazovo zaskocim:
Velikost slozky "C:\Documents and Settings\Iva\Plocha" je 1286 MB.
uprac aby to nebolo viac ako 300MB
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Restart PC hned po přihlášení uživatele

#9 Příspěvek od vyosek »

:arrow: Je tam nejaky poskozeny Avast - odstrante zbytky pomoci jejich removeru https://www.avast.com/cs-cz/uninstall-utility a pak jej nainstalujte znovu

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [TomcatStartup 2.5] => C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [188416 2004-05-20] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kerio VPN Client] => C:\Program Files\Kerio\VPN Client\kvpncgui.exe [5293928 2010-07-18] (Kerio Technologies Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [pdfSaver3] => [X]
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\Run: [pdfSaver3] => C:\Program Files\PDF\pdfSaver\pdfSaver3.exe [385024 2004-05-19] (Tracker Software Products Ltd.)
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-13] (Google Inc.)
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\Run: [Yahoo! Search] => C:\Documents and Settings\Iva\Data aplikací\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\MountPoints2: {7501c554-a4fa-11dd-9db7-0011098d298a} - E:\Web'n'walk_Helper.exe

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lištička -> {EA837F48-5AD1-443E-AE34-FFE03CBF3099} -> C:\Program Files\Seznam.cz\listicka.dll ()

S2 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [X]
S2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast4\ashServ.exe" [X]
S3 avast! Mail Scanner; "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service [X]
S3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service [X]
S1 Aavmker4; No ImagePath
S2 ADILOADER; System32\Drivers\adildr.sys [X]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [X]
S2 aswFsBlk; system32\DRIVERS\aswFsBlk.sys [X]
S2 aswMon2; No ImagePath
S3 aswRdr; No ImagePath
S1 aswSP; No ImagePath
S1 aswTdi; No ImagePath
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 MSICPL; \??\D:\install4\MSICPL.sys [X]
S3 NTACCESS; \??\D:\NTACCESS.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]
U1 WS2IFSL; No ImagePath

C:\Documents and Settings\Iva\Data aplikací\Pay-By-Ads
2015-02-18 18:14 - 2015-02-18 18:14 - 00015427 _____ () C:\Documents and Settings\Iva\Plocha\FRST.txt
2015-02-18 18:12 - 2015-02-18 18:12 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Iva\Plocha\FRSTLauncher.exe
2015-02-18 15:49 - 2015-02-18 15:36 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-02-18 15:39 - 2015-02-18 15:53 - 00006965 ____C () C:\zoek-results.log
2015-02-18 15:36 - 2015-02-18 15:47 - 00000000 ___DC () C:\zoek_backup
2015-02-18 15:35 - 2015-02-18 15:35 - 01304576 _____ () C:\Documents and Settings\Iva\Plocha\zoek.exe
2015-02-18 11:36 - 2015-02-18 11:42 - 00000000 ___DC () C:\AdwCleaner
2015-02-18 11:35 - 2015-02-18 11:29 - 02112512 _____ () C:\Documents and Settings\Iva\Dokumenty\adwcleaner_4.110.exe
2015-02-18 09:55 - 2015-02-18 09:55 - 00000000 ___DC () C:\rsit
2015-02-18 09:55 - 2015-02-18 09:50 - 01107968 _____ () C:\Documents and Settings\Iva\Dokumenty\RSIT.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
funkymusic
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 402
Registrován: 07 pro 2004 15:16

Re: Restart PC hned po přihlášení uživatele

#10 Příspěvek od funkymusic »

Tak tady to je:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by Iva at 2015-02-19 09:24:12 Run:2
Running from C:\Documents and Settings\Iva\Plocha
Loaded Profiles: Iva (Available profiles: Mirek & Iva)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [148888 2009-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [TomcatStartup 2.5] => C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe [188416 2004-05-20] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Kerio VPN Client] => C:\Program Files\Kerio\VPN Client\kvpncgui.exe [5293928 2010-07-18] (Kerio Technologies Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [pdfSaver3] => [X]
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\Run: [pdfSaver3] => C:\Program Files\PDF\pdfSaver\pdfSaver3.exe [385024 2004-05-19] (Tracker Software Products Ltd.)
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-09-13] (Google Inc.)
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\Run: [Yahoo! Search] => C:\Documents and Settings\Iva\Data aplikací\Pay-By-Ads\Yahoo! Search\1.3.19.2\dsrlte.exe
HKU\S-1-5-21-1645522239-362288127-839522115-1004\...\MountPoints2: {7501c554-a4fa-11dd-9db7-0011098d298a} - E:\Web'n'walk_Helper.exe

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lištička -> {EA837F48-5AD1-443E-AE34-FFE03CBF3099} -> C:\Program Files\Seznam.cz\listicka.dll ()

S2 aswUpdSv; "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" [X]
S2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast4\ashServ.exe" [X]
S3 avast! Mail Scanner; "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service [X]
S3 avast! Web Scanner; "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service [X]
S1 Aavmker4; No ImagePath
S2 ADILOADER; System32\Drivers\adildr.sys [X]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [X]
S2 aswFsBlk; system32\DRIVERS\aswFsBlk.sys [X]
S2 aswMon2; No ImagePath
S3 aswRdr; No ImagePath
S1 aswSP; No ImagePath
S1 aswTdi; No ImagePath
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [X]
S3 MSICPL; \??\D:\install4\MSICPL.sys [X]
S3 NTACCESS; \??\D:\NTACCESS.sys [X]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [X]
U1 WS2IFSL; No ImagePath

C:\Documents and Settings\Iva\Data aplikací\Pay-By-Ads
2015-02-18 18:14 - 2015-02-18 18:14 - 00015427 _____ () C:\Documents and Settings\Iva\Plocha\FRST.txt
2015-02-18 18:12 - 2015-02-18 18:12 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Iva\Plocha\FRSTLauncher.exe
2015-02-18 15:49 - 2015-02-18 15:36 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-02-18 15:39 - 2015-02-18 15:53 - 00006965 ____C () C:\zoek-results.log
2015-02-18 15:36 - 2015-02-18 15:47 - 00000000 ___DC () C:\zoek_backup
2015-02-18 15:35 - 2015-02-18 15:35 - 01304576 _____ () C:\Documents and Settings\Iva\Plocha\zoek.exe
2015-02-18 11:36 - 2015-02-18 11:42 - 00000000 ___DC () C:\AdwCleaner
2015-02-18 11:35 - 2015-02-18 11:29 - 02112512 _____ () C:\Documents and Settings\Iva\Dokumenty\adwcleaner_4.110.exe
2015-02-18 09:55 - 2015-02-18 09:55 - 00000000 ___DC () C:\rsit
2015-02-18 09:55 - 2015-02-18 09:50 - 01107968 _____ () C:\Documents and Settings\Iva\Dokumenty\RSIT.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~1\SMARTD~1\Messages\SDNotify.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe

Hosts:
EmptyTemp:
Reboot:
End


*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\TomcatStartup 2.5 => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Kerio VPN Client => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\pdfSaver3 => Value not found.
HKU\S-1-5-21-1645522239-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\pdfSaver3 => Value not found.
HKU\S-1-5-21-1645522239-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\swg => value deleted successfully.
HKU\S-1-5-21-1645522239-362288127-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Yahoo! Search => Value not found.
HKU\S-1-5-21-1645522239-362288127-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7501c554-a4fa-11dd-9db7-0011098d298a} => Key not found.
HKCR\CLSID\{7501c554-a4fa-11dd-9db7-0011098d298a} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099} => Key not found.
"HKCR\CLSID\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}" => Key deleted successfully.
aswUpdSv => Service deleted successfully.
avast! Antivirus => Service not found.
avast! Mail Scanner => Service deleted successfully.
avast! Web Scanner => Service deleted successfully.
Aavmker4 => Service not found.
ADILOADER => Service deleted successfully.
adiusbaw => Service deleted successfully.
aswFsBlk => Service not found.
aswMon2 => Service not found.
aswRdr => Service not found.
aswSP => Service not found.
aswTdi => Service not found.
GMSIPCI => Service deleted successfully.
MSICPL => Service deleted successfully.
NTACCESS => Service deleted successfully.
SetupNTGLM7X => Service deleted successfully.
WS2IFSL => Service deleted successfully.
"C:\Documents and Settings\Iva\Data aplikací\Pay-By-Ads" => File/Directory not found.
C:\Documents and Settings\Iva\Plocha\FRST.txt => Moved successfully.
"C:\Documents and Settings\Iva\Plocha\FRSTLauncher.exe" => File/Directory not found.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Documents and Settings\Iva\Plocha\zoek.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Documents and Settings\Iva\Dokumenty\adwcleaner_4.110.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Documents and Settings\Iva\Dokumenty\RSIT.exe => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\SDMsgUpdate (TE).job => Moved successfully.
C:\WINDOWS\Tasks\WGASetup.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 970.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:25:20 ====
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Restart PC hned po přihlášení uživatele

#11 Příspěvek od vyosek »

Jak se chova PC??
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
funkymusic
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 402
Registrován: 07 pro 2004 15:16

Re: Restart PC hned po přihlášení uživatele

#12 Příspěvek od funkymusic »

Vzhledem k svému stáří normálně. :-)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Restart PC hned po přihlášení uživatele

#13 Příspěvek od vyosek »

Tak jeste uklidime :James008:

:arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remote disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
funkymusic
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 402
Registrován: 07 pro 2004 15:16

Re: Restart PC hned po přihlášení uživatele

#14 Příspěvek od funkymusic »

Skvělá práce, díky moc.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Restart PC hned po přihlášení uživatele

#15 Příspěvek od vyosek »

Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek


A na zaklade Pravidla o zamykani temat :lock:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Sekce pouze pro Vzorné návštěvníky“