Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Tony adware, je to furt spomalene, neda sa spustit combofix

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zpráva
Autor
Uživatelský avatar
cevrik
VIP
VIP
Příspěvky: 93
Registrován: 27 kvě 2005 14:12
Bydliště: Prievidza
Kontaktovat uživatele:

Tony adware, je to furt spomalene, neda sa spustit combofix

#1 Příspěvek od cevrik »

Nazdar, bol by som rad, keby mi niekto mrkol log, mam rezervne okuliare a nevidim dobre

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by personal-pc at 2015-04-16 10:33:16
Running from C:\Documents and Settings\personal-pc\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.3.181.26 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Assister (HKLM\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}) (Version: - Assister) <==== ATTENTION
Balík Compatibility Pack pre systém Office 2007 (HKLM\...\{90120000-0020-041B-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Generic 36C-1Series (HKLM\...\Generic 36C-1Series Installer) (Version: - )
Google Chrome (HKU\S-1-5-21-1482476501-484763869-839522115-1004\...\Google Chrome) (Version: 39.0.2171.65 - Spoločnosť Google Inc.)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM\...\{91CA041B-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.0.0 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.00 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.4 - win.rar GmbH)
Yellow AdBlocker (HKLM\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version: - Yellow AdBlocker) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.5\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.65\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.24.15\psuser (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Temp\3Ca35\temp\ETINA - Dar Lsky - TonySamara.cz - CZ.mp4.exe ()

==================== Restore Points =========================

15-04-2015 10:13:23 Inštalovať nepodpísaný ovládač
15-04-2015 12:12:22 Removed IPTInstaller
15-04-2015 15:53:00 Inštalovať nepodpísaný ovládač
16-04-2015 08:15:41 Odstránené: ESET Smart Security
16-04-2015 09:13:50 Nainštalovaný ovládač tlačiarne Generic 36C-1SeriesPCL

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-02-28 14:00 - 2006-02-28 14:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004Core.job => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004UA.job => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) ==============

2011-01-24 10:00 - 2011-01-05 13:43 - 00139776 _____ () C:\Program Files\WinRAR\rarext.dll
2010-08-03 09:37 - 2001-10-28 17:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
2005-11-14 15:43 - 2005-11-14 15:43 - 00029152 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\FSPPMFP.DLL
2014-08-08 19:50 - 2014-08-08 19:50 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-08-08 19:51 - 2014-08-08 19:51 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-08-08 19:51 - 2014-08-08 19:51 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-08 19:51 - 2014-08-08 19:51 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-08 19:51 - 2014-08-08 19:51 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-08 19:52 - 2014-08-08 19:52 - 00129376 _____ () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll
2014-08-08 19:53 - 2014-08-08 19:53 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2014-08-08 19:51 - 2014-08-08 19:51 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2006-02-28 14:00 - 2013-01-02 08:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2006-02-28 14:00 - 2008-04-14 02:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-28 14:00 - 2008-04-14 02:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-11-21 13:12 - 2014-11-14 23:15 - 09009480 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-11-21 13:12 - 2014-11-14 23:15 - 01677128 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
2014-11-21 13:12 - 2014-11-14 23:15 - 14910280 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1482476501-484763869-839522115-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1482476501-484763869-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1482476501-484763869-839522115-1005 - Limited - Enabled)
Guest (S-1-5-21-1482476501-484763869-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1482476501-484763869-839522115-1000 - Limited - Disabled)
personal-pc (S-1-5-21-1482476501-484763869-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\personal-pc
SUPPORT_388945a0 (S-1-5-21-1482476501-484763869-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2015 09:52:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia chrome.exe, verzia 39.0.2171.65, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (04/16/2015 09:22:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia TeamViewer.exe, verzia 10.0.40798.0, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (04/16/2015 08:15:52 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.

Error: (04/16/2015 08:15:52 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.

Error: (12/15/2014 01:50:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia chrome.exe, verzia 39.0.2171.65, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (11/25/2014 07:30:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia chrome.exe, verzia 39.0.2171.65, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (11/24/2014 07:37:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia OIS.EXE, verzia 11.0.6550.0, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (11/24/2014 01:02:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia OUTLOOK.EXE, verzia 11.0.6565.0, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (11/21/2014 04:09:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia EXCEL.EXE, verzia 11.0.6560.0, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (11/03/2014 07:43:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia chrome.exe, verzia 38.0.2125.111, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.


System errors:
=============
Error: (04/15/2015 00:12:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126


Microsoft Office Sessions:
=========================
Error: (04/16/2015 09:52:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.65hungapp0.0.0.000000000

Error: (04/16/2015 09:22:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TeamViewer.exe10.0.40798.0hungapp0.0.0.000000000

Error: (04/16/2015 08:15:52 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/m ... stl.cabPri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.

Error: (04/16/2015 08:15:52 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/m ... stl.cabPri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.

Error: (12/15/2014 01:50:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.65hungapp0.0.0.000000000

Error: (11/25/2014 07:30:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.65hungapp0.0.0.000000000

Error: (11/24/2014 07:37:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OIS.EXE11.0.6550.0hungapp0.0.0.000000000

Error: (11/24/2014 01:02:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE11.0.6565.0hungapp0.0.0.000000000

Error: (11/21/2014 04:09:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE11.0.6560.0hungapp0.0.0.000000000

Error: (11/03/2014 07:43:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe38.0.2125.111hungapp0.0.0.000000000


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) D CPU 3.06GHz
Percentage of memory in use: 82%
Total physical RAM: 494.73 MB
Available physical RAM: 87.04 MB
Total Pagefile: 1154.86 MB
Available Pagefile: 608.82 MB
Total Virtual: 2047.88 MB
Available Virtual: 1961.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.68 GB) (Free:58.47 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.7 GB) (Disk ID: 7DB47DB4)
Partition 1: (Active) - (Size=76.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Uživatelský avatar
cevrik
VIP
VIP
Příspěvky: 93
Registrován: 27 kvě 2005 14:12
Bydliště: Prievidza
Kontaktovat uživatele:

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#2 Příspěvek od cevrik »

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by personal-pc (administrator) on PERSONAL on 16-04-2015 10:31:39
Running from C:\Documents and Settings\personal-pc\Desktop
Loaded Profiles: personal-pc (Available profiles: personal-pc & Administrator)
Platform: Systém Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Angličtina (USA)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\personal-pc\Desktop\FRSTLauncher (1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1482476501-484763869-839522115-1004\...\Run: [Google Update] => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-1482476501-484763869-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1482476501-484763869-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKU\S-1-5-21-1482476501-484763869-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
URLSearchHook: HKU\S-1-5-21-1482476501-484763869-839522115-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-1482476501-484763869-839522115-1004 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-484763869-839522115-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.mystartsearch.com/web/?type= ... earchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-484763869-839522115-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} https://www.drsr.sk/drsr/dsigner/msxml4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Tcpip\..\Interfaces\{A0BD0CCC-22B1-41A4-A1F4-F5F093AF1802}: [NameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2010-07-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1482476501-484763869-839522115-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1482476501-484763869-839522115-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR DefaultSearchKeyword: Default -> 02742153BC2560252EBB8FC2631137E3B99B1EDBA7EFC5DDFEB4F5E2F6D3C696
CHR DefaultSearchURL: Default -> 97FA68FFBACCBF514B5D886C25827B985FA9519B0267CF4520611F9E8D8C1498
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.5.31.138\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.65\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.65\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
CHR Profile: C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-22]
CHR Extension: (Picasa) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2014-10-16]
CHR Extension: (BuyNsave) - C:\Documents and Settings\All Users\Application Data\cdlceikadbimhianalbpmellpckehehc\ []
CHR Extension: (BuyNsave) - C:\Documents and Settings\All Users\Application Data\neodmhjhchhhggmnaagjlfiemhkbdail\ []
StartMenuInternet: chrome.exe - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2006-02-28] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
S3 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2009-01-30] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913920 2009-02-04] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2006-02-28] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2006-02-28] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2006-02-28] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2006-02-28] (Microsoft Corp., Veritas Software.) [File not signed]
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2006-02-28] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2006-02-28] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HTCAND32; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [24576 2009-06-10] (HTC, Corporation) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2006-02-28] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2006-02-28] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2006-02-28] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2006-02-28] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2006-02-28] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2006-02-28] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\system32\Drivers\PCIIde.sys [3328 2006-02-28] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2006-02-28] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2006-02-28] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2006-02-28] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2006-02-28] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usb_rndisx; C:\WINDOWS\System32\DRIVERS\usb8023x.sys [12928 2013-02-12] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2009-01-30] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2006-02-28] (Microsoft Corporation) [File not signed]
R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
S3 DMusic; system32\drivers\DMusic.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 10:31 - 2015-04-16 10:32 - 00030156 _____ () C:\Documents and Settings\personal-pc\Desktop\FRST.txt
2015-04-16 10:31 - 2015-04-16 10:31 - 00000000 ____D () C:\FRST
2015-04-16 10:30 - 2015-04-16 10:30 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\personal-pc\Desktop\FRSTLauncher (1).exe
2015-04-16 10:27 - 2015-04-16 10:27 - 01137152 _____ (Farbar) C:\Documents and Settings\personal-pc\Desktop\FRST.exe
2015-04-16 09:54 - 2015-04-16 09:55 - 00000000 ___SD () C:\ComboFix
2015-04-16 09:14 - 2015-04-16 09:14 - 00000000 ____D () C:\Program Files\MFP-Printer Utility
2015-04-16 09:14 - 2015-04-16 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MFP-Printer Utility
2015-04-16 09:11 - 2009-10-01 14:07 - 00011264 _____ () C:\WINDOWS\system32\KOAZ8JAL.DLL
2015-04-16 08:38 - 2015-04-16 08:38 - 00147486 _____ () C:\Documents and Settings\personal-pc\Desktop\kika.jpeg
2015-04-16 08:38 - 2015-04-16 08:38 - 00054388 _____ () C:\Documents and Settings\personal-pc\Desktop\filip.jpeg
2015-04-16 08:20 - 2015-04-16 06:50 - 00626727 _____ () C:\Documents and Settings\personal-pc\Desktop\decka.jpeg
2015-04-15 14:44 - 2015-04-15 16:07 - 00000000 ____D () C:\Documents and Settings\personal-pc\VELVET
2015-04-15 14:44 - 2015-04-15 14:44 - 00000000 ____D () C:\Documents and Settings\personal-pc\Local Settings\Application Data\GHISLER
2015-04-15 14:43 - 2015-04-15 14:44 - 00000000 ____D () C:\totalcmd
2015-04-15 14:43 - 2015-04-15 14:43 - 00000548 _____ () C:\Documents and Settings\personal-pc\Desktop\Total Commander.lnk
2015-04-15 14:43 - 2015-04-15 14:43 - 00000000 ____D () C:\Documents and Settings\personal-pc\Start Menu\Programs\Total Commander
2015-04-15 14:43 - 2015-04-15 14:43 - 00000000 ____D () C:\Documents and Settings\personal-pc\Application Data\GHISLER
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\UC.PIF
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\RAR.PIF
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\PKZIP.PIF
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\PKUNZIP.PIF
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\LHA.PIF
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\ARJ.PIF
2015-04-15 13:06 - 2015-04-15 13:06 - 00000000 ____D () C:\Documents and Settings\personal-pc\Application Data\TeamViewer
2015-04-15 11:59 - 2015-04-15 11:59 - 00000000 _RSHD () C:\cmdcons
2015-04-15 11:59 - 2010-07-14 09:56 - 00000211 _____ () C:\Boot.bak
2015-04-15 11:59 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-04-15 11:57 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-04-15 11:57 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-04-15 11:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-04-15 11:56 - 2015-04-16 09:09 - 00000000 ____D () C:\Qoobox
2015-04-15 11:56 - 2015-04-15 11:56 - 00000000 ____D () C:\WINDOWS\erdnt
2015-04-15 11:40 - 2015-04-15 14:56 - 00000000 ____D () C:\Documents and Settings\personal-pc\Desktop\Vladimír Suchánek - hotovo
2015-04-15 11:38 - 2015-04-15 11:38 - 00000000 ____D () C:\Documents and Settings\personal-pc\Local Settings\Application Data\TeamViewer
2015-04-15 10:42 - 2015-04-15 11:52 - 00000020 _____ () C:\Documents and Settings\personal-pc\Application Data\appdataFr3.bin
2015-04-15 10:42 - 2015-04-15 10:42 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yellow AdBlocker
2015-04-15 10:33 - 2015-04-15 10:33 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-04-15 10:33 - 2015-04-15 10:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2015-04-15 10:33 - 2015-04-15 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-04-15 10:32 - 2015-04-15 10:34 - 00000000 ____D () C:\Program Files\TeamViewer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-16 10:32 - 2010-07-14 10:18 - 00000000 ____D () C:\Documents and Settings\personal-pc\Local Settings\Temp
2015-04-16 10:25 - 2010-07-14 10:00 - 01808489 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-16 10:24 - 2014-10-10 16:41 - 00000000 ____D () C:\Documents and Settings\personal-pc\Local Settings\Application Data\HTC MediaHub
2015-04-16 10:24 - 2014-07-22 13:21 - 00000234 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-16 10:24 - 2010-07-14 10:04 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-16 10:23 - 2010-07-14 10:18 - 00000278 ___SH () C:\Documents and Settings\personal-pc\ntuser.ini
2015-04-16 09:54 - 2010-07-14 10:04 - 00032402 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-16 09:13 - 2014-07-22 13:04 - 00372664 _____ () C:\WINDOWS\setupapi.log
2015-04-16 09:06 - 2010-07-14 10:35 - 00001040 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004UA.job
2015-04-15 14:44 - 2010-07-14 10:18 - 00000000 ____D () C:\Documents and Settings\personal-pc
2015-04-15 14:06 - 2010-07-14 10:35 - 00000988 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004Core.job
2015-04-15 12:16 - 2014-11-21 15:40 - 00000000 ____D () C:\Program Files\BuyNsave
2015-04-15 12:13 - 2014-11-28 15:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DownSave
2015-04-15 12:13 - 2014-11-04 14:43 - 00000000 ____D () C:\Program Files\Trell
2015-04-15 12:12 - 2014-12-12 14:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\GreatSave4U
2015-04-15 12:12 - 2014-12-05 12:36 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Isaver
2015-04-15 12:12 - 2014-10-09 13:19 - 00000000 ____D () C:\Program Files\HTC
2015-04-15 12:08 - 2014-07-24 12:58 - 00000409 _____ () C:\WINDOWS\wiadebug.log
2015-04-15 12:08 - 2014-07-24 12:58 - 00000051 _____ () C:\WINDOWS\wiaservc.log
2015-04-15 12:07 - 2010-07-14 11:47 - 00183424 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-15 11:59 - 2010-07-14 11:47 - 00000327 __RSH () C:\boot.ini
2015-04-15 10:18 - 2010-07-14 10:46 - 00002581 _____ () C:\Documents and Settings\personal-pc\Desktop\Microsoft Office Word 2003.lnk
2015-04-15 10:03 - 2010-07-14 11:49 - 00525890 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-15 10:03 - 2006-02-28 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl

==================== Files in the root of some directories =======

2014-11-04 14:43 - 2014-11-04 16:34 - 0000005 _____ () C:\Program Files\trl.trl
2015-04-15 10:42 - 2015-04-15 11:52 - 0000020 _____ () C:\Documents and Settings\personal-pc\Application Data\appdataFr3.bin
2014-08-01 10:06 - 2014-08-01 10:06 - 0038478 _____ () C:\Documents and Settings\personal-pc\Application Data\Hodnoty oddelené čiarkou (Windows).ADR
2011-04-20 10:31 - 2011-04-20 10:34 - 0037613 _____ () C:\Documents and Settings\personal-pc\Application Data\Microsoft Excel.ADR
2011-02-21 14:42 - 2011-02-28 17:21 - 0004608 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-26 12:51 - 2014-09-26 12:51 - 0012306 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\recently-used.xbel

Some content of TEMP:
====================
C:\Documents and Settings\personal-pc\Local Settings\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================


Total physical RAM: 494.73 MB
Percentage of memory in use: 82%

==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004Core.job => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004UA.job => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================




===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\personal-pc\Desktop" je 2144 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe"="C:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe:*:Enabled:HTCSyncManager"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe:*:Enabled:Skype Extras Manager"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\personal-pc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"="C:\\Documents and Settings\\personal-pc\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe"="C:\\Program Files\\HTC\\HTC Sync Manager\\HTCSyncManager.exe:*:Enabled:HTCSyncManager"
"C:\\Program Files\\TeamViewer\\TeamViewer.exe"="C:\\Program Files\\TeamViewer\\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\\Program Files\\TeamViewer\\TeamViewer_Service.exe"="C:\\Program Files\\TeamViewer\\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#3 Příspěvek od vyosek »

Ahoj :)

:arrow: Navody mam psane ve vykani, snad to prezijes :D

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize
  • Kód: Vybrat vše

    autoclean;
    resethosts;
    emptyclsid;
    IEdefaults;
    FFdefaults;
    CHRdefaults;
    emptyIEcache;
    emptyFFcache;
    emptyCHRcache;
    emptyalltemp;
    emptyflash;
    emptyjava;
    emptyrecycle.bin;
    
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Uživatelský avatar
cevrik
VIP
VIP
Příspěvky: 93
Registrován: 27 kvě 2005 14:12
Bydliště: Prievidza
Kontaktovat uživatele:

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#4 Příspěvek od cevrik »

dakujem, nevidim lustit logy, tak musim takto. Je to stare PC vo firme, tie procesyy trvaju vecnost, toto pisem z domaceho PC len, aby nedbata nestala, Teamviewer rulez

Uživatelský avatar
cevrik
VIP
VIP
Příspěvky: 93
Registrován: 27 kvě 2005 14:12
Bydliště: Prievidza
Kontaktovat uživatele:

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#5 Příspěvek od cevrik »

# AdwCleaner v4.201 - Logfile created 16/04/2015 at 11:37:08
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Local]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : personal-pc - PERSONAL
# Running from : C:\Documents and Settings\personal-pc\My Documents\Downloads\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trusted Publisher
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Block The Ads
Folder Deleted : C:\Documents and Settings\All Users\Application Data\c5019463638fa7ce
Folder Deleted : C:\Program Files\DeltaFix
Folder Deleted : C:\Program Files\BuyNsave
File Deleted : C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
File Deleted : C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-4116432645
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F1422DAA-0829-09A1-7536-73936CAB8FFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{842C4394-47F7-60DE-480B-C09116B63559}

***** [ Web browsers ] *****

-\\ Internet Explorer v6.0.2900.5512


-\\ Google Chrome v

[C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://hanscraft.inshop.cz/inshop/scripts/shop.aspx?action=dosearch&searchphrase={searchTerms}
[C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
[C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
[C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Deleted [Startup_URLs] : hxxp://www.mystartsearch.com/?type=hp&ts=14165 ... DLJS08DLJX

*************************

AdwCleaner[R0].txt - [3964 bytes] - [16/04/2015 11:28:28]
AdwCleaner[S0].txt - [3817 bytes] - [16/04/2015 11:37:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3876 bytes] ##########

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#6 Příspěvek od vyosek »

OK, prozen to jeste Zoek-em a uvidime
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Uživatelský avatar
cevrik
VIP
VIP
Příspěvky: 93
Registrován: 27 kvě 2005 14:12
Bydliště: Prievidza
Kontaktovat uživatele:

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#7 Příspěvek od cevrik »

Takto to dopadne, ked firemne PC bezi pod admin uctom


Zoek.exe v5.0.0.0 Updated 08-April-2015
Tool run by personal-pc on št 16.04.2015 at 11:41:17,37.
Systém Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\personal-pc\My Documents\Downloads\zoek.exe [Scan current user] [Script inserted]

==== Older Logs ======================

C:\zoek-results2015-04-16-092815.log 1707 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1482476501-484763869-839522115-1004\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0A900DF-9611-4446-86BD-4B1D47E7DB2A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Program Files\ComPlus Applications deleted
C:\Program Files\WindowsUpdate deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\cdlceikadbimhianalbpmellpckehehc deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\neodmhjhchhhggmnaagjlfiemhkbdail deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\14195790655041546190 deleted
C:\Documents and Settings\personal-pc\.android deleted
C:\Documents and Settings\personal-pc\Application Data\appdataFr3.bin deleted
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yellow AdBlocker deleted
C:\WINDOWS\002724_.tmp deleted
C:\WINDOWS\SET25.tmp deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted
C:\WINDOWS\System32\lMMLDeleteUserData42107612FX.tmp deleted

==== Chromium Look ======================


==== Chromium Startpages ======================

C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
"homepage": "http://www.google.sk/",


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
"Search Bar"="http://www.google.com/ie"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Goo Url="http://www.google.com/search?q={searc"

==== Reset Google Chrome ======================

C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== Empty IE Cache ======================

C:\Documents and Settings\personal-pc\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\personal-pc\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=22 folders=7 2648160 bytes)

==== Empty Temp Folders ======================

C:\Documents and Settings\personal-pc\Local Settings\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\PERSON~1\LOCALS~1\Temp successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\personal-pc\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on št 16.04.2015 at 11:54:20,76 ======================

Uživatelský avatar
cevrik
VIP
VIP
Příspěvky: 93
Registrován: 27 kvě 2005 14:12
Bydliště: Prievidza
Kontaktovat uživatele:

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#8 Příspěvek od cevrik »

musim na par hodin od tej masiny, neskor, alebo zajtra mozeme pokracovat, zatial vela zdaru prajem

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#9 Příspěvek od vyosek »

OK, neco jsme procistili...

Pak mi dej novy log z FRST, ale ono moc kouzel nevymyslime, je tam proklate malo RAM :?:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Uživatelský avatar
cevrik
VIP
VIP
Příspěvky: 93
Registrován: 27 kvě 2005 14:12
Bydliště: Prievidza
Kontaktovat uživatele:

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#10 Příspěvek od cevrik »

Chcel som len odstranit adware, este su tam nejake prejavy, nieco tam este citim. Je to stary srot. SKusim tam spustit teraz cez Teamviewer Combofix, do zajtra snad nieco urobi, zatial dakujem, potom hodim log z combofixu aj ten druhy

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#11 Příspěvek od vyosek »

OuKej :)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Uživatelský avatar
cevrik
VIP
VIP
Příspěvky: 93
Registrován: 27 kvě 2005 14:12
Bydliště: Prievidza
Kontaktovat uživatele:

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#12 Příspěvek od cevrik »

Ahoj. Uz mam z PC dobry pocit. Je to stary sunt, ale browser sa chova normalne

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by personal-pc (administrator) on PERSONAL on 17-04-2015 10:14:21
Running from C:\Documents and Settings\personal-pc\Desktop
Loaded Profiles: personal-pc (Available profiles: personal-pc & Administrator)
Platform: Systém Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Angličtina (USA)
Internet Explorer Version 6 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\personal-pc\Desktop\FRSTLauncher (1).exe
(Microsoft Corporation) C:\WINDOWS\system32\cmd.exe
(Microsoft Corporation) C:\WINDOWS\system32\ping.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1482476501-484763869-839522115-1004\...\Run: [Google Update] => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-1482476501-484763869-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1482476501-484763869-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
URLSearchHook: HKU\S-1-5-21-1482476501-484763869-839522115-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1482476501-484763869-839522115-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1482476501-484763869-839522115-1004 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
DPF: {62789780-B744-11D0-986B-00609731A21D} http://195.28.70.134/kapor2/lib/mgaxctrl.cab
DPF: {88D969C0-F192-11D4-A65F-0040963251E5} https://www.drsr.sk/drsr/dsigner/msxml4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab
Tcpip\..\Interfaces\{A0BD0CCC-22B1-41A4-A1F4-F5F093AF1802}: [NameServer] 192.168.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll [2010-07-14] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2010-05-05] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1482476501-484763869-839522115-1004: @tools.google.com/Google Update;version=3 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)
FF Plugin HKU\S-1-5-21-1482476501-484763869-839522115-1004: @tools.google.com/Google Update;version=9 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll [2014-11-13] (Google Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-16]
CHR Extension: (Google Docs) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-16]
CHR Extension: (Google Drive) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-16]
CHR Extension: (YouTube) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-16]
CHR Extension: (Google Search) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-16]
CHR Extension: (Google Sheets) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-16]
CHR Extension: (Gmail) - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-16]
StartMenuInternet: chrome.exe - C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Alerter; C:\WINDOWS\system32\alrsvc.dll [17408 2008-04-14] (Microsoft Corporation) [File not signed]
R3 ALG; C:\WINDOWS\System32\alg.exe [44544 2008-04-14] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\WINDOWS\System32\audiosrv.dll [42496 2008-04-14] (Microsoft Corporation) [File not signed]
S3 BITS; C:\WINDOWS\system32\qmgr.dll [409088 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Browser; C:\WINDOWS\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation) [File not signed]
S3 CiSvc; C:\WINDOWS\system32\cisvc.exe [5632 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ClipSrv; C:\WINDOWS\system32\clipsrv.exe [33280 2008-04-14] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\WINDOWS\System32\cryptsvc.dll [62464 2008-04-14] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\WINDOWS\System32\dhcpcsvc.dll [126976 2008-04-14] (Microsoft Corporation) [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2008-04-14] (Microsoft Corp., Veritas Software) [File not signed]
S3 dmserver; C:\WINDOWS\System32\dmserver.dll [23552 2008-04-14] (Microsoft Corp.) [File not signed]
R2 Dnscache; C:\WINDOWS\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation) [File not signed]
S3 Dot3svc; C:\WINDOWS\System32\dot3svc.dll [132096 2008-04-14] (Microsoft Corporation) [File not signed]
S3 EapHost; C:\WINDOWS\System32\eapsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ERSvc; C:\WINDOWS\System32\ersvc.dll [23040 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Eventlog; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R3 EventSystem; C:\WINDOWS\system32\es.dll [253952 2008-07-07] (Microsoft Corporation) [File not signed]
R3 FastUserSwitchingCompatibility; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 helpsvc; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HidServ; C:\WINDOWS\System32\hidserv.dll [21504 2008-04-14] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\WINDOWS\System32\kmsvc.dll [61440 2008-04-14] (Microsoft Corporation) [File not signed]
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-08-04] (Nero AG)
S3 HTTPFilter; C:\WINDOWS\System32\w3ssl.dll [15872 2008-04-14] (Microsoft Corporation) [File not signed]
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [150528 2008-04-14] (Microsoft Corporation) [File not signed]
R2 lanmanserver; C:\WINDOWS\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation) [File not signed]
R2 lanmanworkstation; C:\WINDOWS\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation) [File not signed]
R2 LmHosts; C:\WINDOWS\System32\lmhsvc.dll [13824 2008-04-14] (Microsoft Corporation) [File not signed]
S4 Messenger; C:\WINDOWS\System32\msgsvc.dll [33792 2008-04-14] (Microsoft Corporation) [File not signed]
S3 mnmsrvc; C:\WINDOWS\system32\mnmsrvc.exe [32768 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\WINDOWS\system32\msdtc.exe [6144 2008-04-14] (Microsoft Corporation) [File not signed]
S3 MSIServer; C:\WINDOWS\System32\msiexec.exe [78848 2008-04-14] (Microsoft Corporation) [File not signed]
S3 napagent; C:\WINDOWS\System32\qagentrt.dll [291328 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDE; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S4 NetDDEdsdm; C:\WINDOWS\system32\netdde.exe [111104 2008-04-14] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Netman; C:\WINDOWS\System32\netman.dll [198144 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Nla; C:\WINDOWS\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation) [File not signed]
S3 NtLmSsp; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 NtmsSvc; C:\WINDOWS\system32\ntmssvc.dll [435200 2008-04-14] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\WINDOWS\system32\services.exe [110592 2009-02-06] (Microsoft Corporation) [File not signed]
R2 PolicyAgent; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ProtectedStorage; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\WINDOWS\System32\rasauto.dll [88576 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\WINDOWS\System32\rasmans.dll [186368 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [141312 2008-04-14] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\WINDOWS\System32\mprdim.dll [53248 2008-04-14] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [75264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\WINDOWS\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation) [File not signed]
S3 RSVP; C:\WINDOWS\system32\rsvp.exe [132608 2006-02-28] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\WINDOWS\system32\lsass.exe [13312 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\WINDOWS\System32\SCardSvr.exe [95744 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\WINDOWS\system32\schedsvc.dll [192512 2008-04-14] (Microsoft Corporation) [File not signed]
R2 seclogon; C:\WINDOWS\System32\seclogon.dll [18944 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SENS; C:\WINDOWS\system32\sens.dll [39424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 SharedAccess; C:\WINDOWS\System32\ipnathlp.dll [331264 2008-04-14] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\WINDOWS\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation) [File not signed]
R2 srservice; C:\WINDOWS\system32\srsvc.dll [171008 2008-04-14] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\WINDOWS\System32\ssdpsrv.dll [71680 2008-04-14] (Microsoft Corporation) [File not signed]
S3 stisvc; C:\WINDOWS\system32\wiaservc.dll [333824 2008-04-14] (Microsoft Corporation) [File not signed]
S3 SysmonLog; C:\WINDOWS\system32\smlogsvc.exe [89600 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\WINDOWS\System32\tapisrv.dll [249856 2008-04-14] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R3 TermService; C:\WINDOWS\System32\termsrv.dll [295424 2008-04-14] (Microsoft Corporation) [File not signed]
R2 Themes; C:\WINDOWS\System32\shsvcs.dll [135168 2009-07-28] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\WINDOWS\system32\trkwks.dll [90112 2008-04-14] (Microsoft Corporation) [File not signed]
S3 upnphost; C:\WINDOWS\System32\upnphost.dll [185856 2008-04-14] (Microsoft Corporation) [File not signed]
S3 UPS; C:\WINDOWS\System32\ups.exe [18432 2008-04-14] (Microsoft Corporation) [File not signed]
S3 VSS; C:\WINDOWS\System32\vssvc.exe [289792 2008-04-14] (Microsoft Corporation) [File not signed]
R2 W32Time; C:\WINDOWS\system32\w32time.dll [175104 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WebClient; C:\WINDOWS\System32\webclnt.dll [68096 2008-04-14] (Microsoft Corporation) [File not signed]
R2 winmgmt; C:\WINDOWS\system32\wbem\WMIsvc.dll [144896 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WmdmPmSN; C:\WINDOWS\system32\MsPMSNSv.dll [27136 2009-01-30] (Microsoft Corporation) [File not signed]
S3 WmiApSrv; C:\WINDOWS\system32\wbem\wmiapsrv.exe [126464 2008-04-14] (Microsoft Corporation) [File not signed]
S3 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [913920 2009-02-04] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\WINDOWS\system32\wscsvc.dll [80896 2008-04-14] (Microsoft Corporation) [File not signed]
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [6656 2008-04-14] (Microsoft Corporation) [File not signed]
R2 WudfSvc; C:\WINDOWS\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation) [File not signed]
R2 WZCSVC; C:\WINDOWS\System32\wzcsvc.dll [483840 2008-04-14] (Microsoft Corporation) [File not signed]
S3 xmlprov; C:\WINDOWS\System32\xmlprov.dll [129024 2008-04-14] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ACPI; C:\WINDOWS\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation) [File not signed]
S4 ACPIEC; C:\WINDOWS\system32\Drivers\ACPIEC.sys [11648 2006-02-28] (Microsoft Corporation) [File not signed]
R1 AFD; C:\WINDOWS\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation) [File not signed]
S3 AsyncMac; C:\WINDOWS\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation) [File not signed]
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Atmarpc; C:\WINDOWS\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation) [File not signed]
R3 audstub; C:\WINDOWS\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation) [File not signed]
S4 cbidf2k; C:\WINDOWS\system32\Drivers\cbidf2k.sys [13952 2006-02-28] (Microsoft Corporation) [File not signed]
S1 Cdaudio; C:\WINDOWS\system32\Drivers\Cdaudio.sys [18688 2006-02-28] (Microsoft Corporation) [File not signed]
R4 Cdfs; C:\WINDOWS\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Cdrom; C:\WINDOWS\System32\DRIVERS\cdrom.sys [62976 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Disk; C:\WINDOWS\System32\DRIVERS\disk.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmio; C:\WINDOWS\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software) [File not signed]
S4 dmload; C:\WINDOWS\System32\drivers\dmload.sys [5888 2006-02-28] (Microsoft Corp., Veritas Software.) [File not signed]
S4 Fastfat; C:\WINDOWS\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Fdc; C:\WINDOWS\System32\DRIVERS\fdc.sys [27392 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Fips; C:\WINDOWS\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Flpydisk; C:\WINDOWS\System32\DRIVERS\flpydisk.sys [20480 2008-04-13] (Microsoft Corporation) [File not signed]
R0 FltMgr; C:\WINDOWS\System32\drivers\fltmgr.sys [129792 2008-04-13] (Microsoft Corporation) [File not signed]
U1 Fs_Rec; C:\WINDOWS\system32\Drivers\Fs_Rec.sys [7936 2006-02-28] (Microsoft Corporation) [File not signed]
R0 Ftdisk; C:\WINDOWS\System32\DRIVERS\ftdisk.sys [125056 2006-02-28] (Microsoft Corporation) [File not signed]
R3 Gpc; C:\WINDOWS\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\WINDOWS\System32\DRIVERS\hidusb.sys [10368 2008-04-13] (Microsoft Corporation) [File not signed]
S3 HTCAND32; C:\WINDOWS\System32\Drivers\ANDROIDUSB.sys [24576 2009-06-10] (HTC, Corporation) [File not signed]
R3 HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation) [File not signed]
S1 i8042prt; C:\WINDOWS\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Imapi; C:\WINDOWS\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation) [File not signed]
R0 IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [5504 2008-04-13] (Microsoft Corporation) [File not signed]
R1 intelppm; C:\WINDOWS\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation) [File not signed]
S3 Ip6Fw; C:\WINDOWS\System32\drivers\ip6fw.sys [36608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys [32896 2006-02-28] (Microsoft Corporation) [File not signed]
S3 IpInIp; C:\WINDOWS\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation) [File not signed]
R3 IpNat; C:\WINDOWS\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation) [File not signed]
R1 IPSec; C:\WINDOWS\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\WINDOWS\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation) [File not signed]
R0 isapnp; C:\WINDOWS\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Kbdclass; C:\WINDOWS\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation) [File not signed]
R1 kbdhid; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R0 KSecDD; C:\WINDOWS\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation) [File not signed]
R1 mnmdd; C:\WINDOWS\system32\Drivers\mnmdd.sys [4224 2006-02-28] (Microsoft Corporation) [File not signed]
S3 Modem; C:\WINDOWS\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Mouclass; C:\WINDOWS\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\WINDOWS\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation) [File not signed]
R0 MountMgr; C:\WINDOWS\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 MRxDAV; C:\WINDOWS\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation) [File not signed]
R1 MRxSmb; C:\WINDOWS\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation) [File not signed]
R3 mssmbios; C:\WINDOWS\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation) [File not signed]
R0 Mup; C:\WINDOWS\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation) [File not signed]
R0 NDIS; C:\WINDOWS\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\WINDOWS\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\WINDOWS\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\WINDOWS\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\WINDOWS\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\WINDOWS\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\WINDOWS\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Npfs; C:\WINDOWS\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation) [File not signed]
R4 Ntfs; C:\WINDOWS\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\WINDOWS\system32\Drivers\Null.sys [2944 2006-02-28] (Microsoft Corporation) [File not signed]
S3 NwlnkFlt; C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys [12416 2006-02-28] (Microsoft Corporation) [File not signed]
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2006-02-28] (Microsoft Corporation) [File not signed]
R3 Parport; C:\WINDOWS\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PartMgr; C:\WINDOWS\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation) [File not signed]
R2 ParVdm; C:\WINDOWS\system32\Drivers\ParVdm.sys [6784 2006-02-28] (Microsoft Corporation) [File not signed]
R0 PCI; C:\WINDOWS\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation) [File not signed]
R0 PCIIde; C:\WINDOWS\system32\Drivers\PCIIde.sys [3328 2006-02-28] (Microsoft Corporation) [File not signed]
S4 Pcmcia; C:\WINDOWS\system32\Drivers\Pcmcia.sys [120192 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\WINDOWS\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation) [File not signed]
R3 PSched; C:\WINDOWS\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Ptilink; C:\WINDOWS\System32\DRIVERS\ptilink.sys [17792 2006-02-28] (Parallel Technologies, Inc.) [File not signed]
R1 RasAcd; C:\WINDOWS\System32\DRIVERS\rasacd.sys [8832 2006-02-28] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\WINDOWS\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\WINDOWS\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Raspti; C:\WINDOWS\System32\DRIVERS\raspti.sys [16512 2006-02-28] (Microsoft Corporation) [File not signed]
R1 Rdbss; C:\WINDOWS\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [4224 2006-02-28] (Microsoft Corporation) [File not signed]
R1 redbook; C:\WINDOWS\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation) [File not signed]
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [20480 2007-11-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R3 serenum; C:\WINDOWS\System32\DRIVERS\serenum.sys [15744 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Serial; C:\WINDOWS\System32\DRIVERS\serial.sys [64512 2008-04-13] (Microsoft Corporation) [File not signed]
R0 sr; C:\WINDOWS\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Srv; C:\WINDOWS\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation) [File not signed]
R3 swenum; C:\WINDOWS\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation) [File not signed]
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\WINDOWS\system32\Drivers\TDPIPE.sys [12040 2008-04-14] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\WINDOWS\system32\Drivers\TDTCP.sys [21896 2008-04-14] (Microsoft Corporation) [File not signed]
R1 TermDD; C:\WINDOWS\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation) [File not signed]
R3 Update; C:\WINDOWS\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbccgp; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [32384 2013-08-09] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\WINDOWS\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\WINDOWS\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [14976 2013-07-03] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-13] (Microsoft Corporation) [File not signed]
R3 usbuhci; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation) [File not signed]
S3 usb_rndisx; C:\WINDOWS\System32\DRIVERS\usb8023x.sys [12928 2013-02-12] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\WINDOWS\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation) [File not signed]
R0 VolSnap; C:\WINDOWS\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation) [File not signed]
R3 Wanarp; C:\WINDOWS\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation) [File not signed]
S3 WpdUsb; C:\WINDOWS\System32\DRIVERS\wpdusb.sys [38528 2009-01-30] (Microsoft Corporation) [File not signed]
R1 WS2IFSL; C:\WINDOWS\System32\drivers\ws2ifsl.sys [12032 2006-02-28] (Microsoft Corporation) [File not signed]
R0 WudfPf; C:\WINDOWS\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation) [File not signed]
S3 WudfRd; C:\WINDOWS\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation) [File not signed]
S3 DMusic; system32\drivers\DMusic.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) [File not signed]
U3 TlntSvr; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 10:14 - 2015-04-17 10:14 - 00029696 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\MSGBOX.EXE
2015-04-17 10:14 - 2015-04-17 10:14 - 00015327 _____ () C:\Documents and Settings\personal-pc\Desktop\LM.bat
2015-04-16 11:54 - 2015-04-17 10:11 - 00000020 _____ () C:\Documents and Settings\personal-pc\Application Data\appdataFr3.bin
2015-04-16 11:54 - 2015-04-16 11:54 - 00000000 ____D () C:\Documents and Settings\personal-pc\.android
2015-04-16 11:53 - 2015-04-17 10:14 - 00000000 ____D () C:\Documents and Settings\personal-pc\Local Settings\Temp
2015-04-16 11:53 - 2015-04-16 11:41 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-04-16 11:42 - 2015-04-16 11:28 - 00001707 _____ () C:\zoek-results2015-04-16-092815.log
2015-04-16 11:27 - 2015-04-16 11:37 - 00000000 ____D () C:\AdwCleaner
2015-04-16 11:25 - 2015-04-16 11:54 - 00006254 _____ () C:\zoek-results.log
2015-04-16 11:23 - 2015-04-16 11:50 - 00000000 ____D () C:\zoek_backup
2015-04-16 10:31 - 2015-04-17 10:14 - 00028961 _____ () C:\Documents and Settings\personal-pc\Desktop\FRST.txt
2015-04-16 10:31 - 2015-04-17 10:14 - 00000000 ____D () C:\FRST
2015-04-16 10:30 - 2015-04-16 10:30 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\personal-pc\Desktop\FRSTLauncher (1).exe
2015-04-16 10:27 - 2015-04-16 10:27 - 01137152 _____ (Farbar) C:\Documents and Settings\personal-pc\Desktop\FRST.exe
2015-04-16 09:54 - 2015-04-16 09:55 - 00000000 ___SD () C:\ComboFix
2015-04-16 09:14 - 2015-04-16 09:14 - 00000000 ____D () C:\Program Files\MFP-Printer Utility
2015-04-16 09:14 - 2015-04-16 09:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\MFP-Printer Utility
2015-04-16 09:11 - 2009-10-01 14:07 - 00011264 _____ () C:\WINDOWS\system32\KOAZ8JAL.DLL
2015-04-16 08:38 - 2015-04-16 08:38 - 00147486 _____ () C:\Documents and Settings\personal-pc\Desktop\kika.jpeg
2015-04-16 08:38 - 2015-04-16 08:38 - 00054388 _____ () C:\Documents and Settings\personal-pc\Desktop\filip.jpeg
2015-04-16 08:20 - 2015-04-16 06:50 - 00626727 _____ () C:\Documents and Settings\personal-pc\Desktop\decka.jpeg
2015-04-15 14:44 - 2015-04-15 16:07 - 00000000 ____D () C:\Documents and Settings\personal-pc\VELVET
2015-04-15 14:43 - 2015-04-15 14:44 - 00000000 ____D () C:\totalcmd
2015-04-15 14:43 - 2015-04-15 14:43 - 00000548 _____ () C:\Documents and Settings\personal-pc\Desktop\Total Commander.lnk
2015-04-15 14:43 - 2015-04-15 14:43 - 00000000 ____D () C:\Documents and Settings\personal-pc\Start Menu\Programs\Total Commander
2015-04-15 14:43 - 2015-04-15 14:43 - 00000000 ____D () C:\Documents and Settings\personal-pc\Application Data\GHISLER
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\UC.PIF
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\RAR.PIF
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\PKZIP.PIF
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\PKUNZIP.PIF
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\LHA.PIF
2015-04-15 14:43 - 2014-04-30 08:51 - 00000545 _____ () C:\WINDOWS\ARJ.PIF
2015-04-15 13:06 - 2015-04-15 13:06 - 00000000 ____D () C:\Documents and Settings\personal-pc\Application Data\TeamViewer
2015-04-15 11:59 - 2015-04-15 11:59 - 00000000 _RSHD () C:\cmdcons
2015-04-15 11:59 - 2010-07-14 09:56 - 00000211 _____ () C:\Boot.bak
2015-04-15 11:59 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2015-04-15 11:57 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-04-15 11:57 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-04-15 11:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-04-15 11:56 - 2015-04-16 09:09 - 00000000 ____D () C:\Qoobox
2015-04-15 11:56 - 2015-04-15 11:56 - 00000000 ____D () C:\WINDOWS\erdnt
2015-04-15 11:40 - 2015-04-15 14:56 - 00000000 ____D () C:\Documents and Settings\personal-pc\Desktop\Vladimír Suchánek - hotovo
2015-04-15 11:38 - 2015-04-15 11:38 - 00000000 ____D () C:\Documents and Settings\personal-pc\Local Settings\Application Data\TeamViewer
2015-04-15 10:33 - 2015-04-15 10:33 - 00000706 _____ () C:\Documents and Settings\All Users\Desktop\TeamViewer 10.lnk
2015-04-15 10:33 - 2015-04-15 10:33 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2015-04-15 10:33 - 2015-04-15 10:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 10
2015-04-15 10:32 - 2015-04-15 10:34 - 00000000 ____D () C:\Program Files\TeamViewer

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-17 10:09 - 2010-07-14 10:00 - 01819054 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-17 10:08 - 2014-10-10 16:41 - 00000000 ____D () C:\Documents and Settings\personal-pc\Local Settings\Application Data\HTC MediaHub
2015-04-17 10:08 - 2014-07-22 13:21 - 00000234 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-04-17 10:08 - 2010-07-14 10:04 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-16 16:41 - 2010-07-14 10:18 - 00000278 ___SH () C:\Documents and Settings\personal-pc\ntuser.ini
2015-04-16 16:41 - 2010-07-14 10:04 - 00032402 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-16 16:06 - 2010-07-14 10:35 - 00001040 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004UA.job
2015-04-16 14:06 - 2010-07-14 10:35 - 00000988 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004Core.job
2015-04-16 11:54 - 2010-07-14 10:18 - 00000000 ____D () C:\Documents and Settings\personal-pc
2015-04-16 11:02 - 2014-07-22 13:04 - 00373592 _____ () C:\WINDOWS\setupapi.log
2015-04-15 12:13 - 2014-11-04 14:43 - 00000000 ____D () C:\Program Files\Trell
2015-04-15 12:12 - 2014-10-09 13:19 - 00000000 ____D () C:\Program Files\HTC
2015-04-15 12:08 - 2014-07-24 12:58 - 00000409 _____ () C:\WINDOWS\wiadebug.log
2015-04-15 12:08 - 2014-07-24 12:58 - 00000051 _____ () C:\WINDOWS\wiaservc.log
2015-04-15 12:07 - 2010-07-14 11:47 - 00183424 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-15 11:59 - 2010-07-14 11:47 - 00000327 __RSH () C:\boot.ini
2015-04-15 10:18 - 2010-07-14 10:46 - 00002581 _____ () C:\Documents and Settings\personal-pc\Desktop\Microsoft Office Word 2003.lnk
2015-04-15 10:03 - 2010-07-14 11:49 - 00525890 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-15 10:03 - 2006-02-28 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl

==================== Files in the root of some directories =======

2014-11-04 14:43 - 2014-11-04 16:34 - 0000005 _____ () C:\Program Files\trl.trl
2015-04-16 11:54 - 2015-04-17 10:11 - 0000020 _____ () C:\Documents and Settings\personal-pc\Application Data\appdataFr3.bin
2014-08-01 10:06 - 2014-08-01 10:06 - 0038478 _____ () C:\Documents and Settings\personal-pc\Application Data\Hodnoty oddelené čiarkou (Windows).ADR
2011-04-20 10:31 - 2011-04-20 10:34 - 0037613 _____ () C:\Documents and Settings\personal-pc\Application Data\Microsoft Excel.ADR
2011-02-21 14:42 - 2011-02-28 17:21 - 0004608 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-04-17 10:14 - 2015-04-17 10:14 - 0029696 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\MSGBOX.EXE
2014-09-26 12:51 - 2014-09-26 12:51 - 0012306 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\recently-used.xbel

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Uživatelský avatar
cevrik
VIP
VIP
Příspěvky: 93
Registrován: 27 kvě 2005 14:12
Bydliště: Prievidza
Kontaktovat uživatele:

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#13 Příspěvek od cevrik »

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-04-2015 04
Ran by personal-pc at 2015-04-17 10:15:39
Running from C:\Documents and Settings\personal-pc\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.3.181.26 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.53.64 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Balík Compatibility Pack pre systém Office 2007 (HKLM\...\{90120000-0020-041B-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Generic 36C-1Series (HKLM\...\Generic 36C-1Series Installer) (Version: - )
Google Chrome (HKU\S-1-5-21-1482476501-484763869-839522115-1004\...\Google Chrome) (Version: 39.0.2171.65 - Spoločnosť Google Inc.)
HTC Driver Installer (HKLM\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.13.0.003 - HTC Corporation)
HTC Sync Manager (HKLM\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.24.5 - HTC)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Small Business Edition 2003 (HKLM\...\{91CA041B-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.0.0 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.51a - Ghisler Software GmbH)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.00 beta 4 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.4 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.5\psuser. (the data entry has 11 more characters).
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.65\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.24.15\psuser (the data entry has 12 more characters).
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\1.3.25.11\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1482476501-484763869-839522115-1004_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\DOCUME~1\PERSON~1\LOCALS~1\Temp\3Ca35\temp\ETINA - Dar Lsky - TonySamara.cz - CZ.mp4.exe No File

==================== Restore Points =========================

15-04-2015 10:13:23 Inštalovať nepodpísaný ovládač
15-04-2015 12:12:22 Removed IPTInstaller
15-04-2015 15:53:00 Inštalovať nepodpísaný ovládač
16-04-2015 08:15:41 Odstránené: ESET Smart Security
16-04-2015 09:13:50 Nainštalovaný ovládač tlačiarne Generic 36C-1SeriesPCL
16-04-2015 11:25:14 zoek.exe restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-02-28 14:00 - 2015-04-16 11:42 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004Core.job => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004UA.job => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) ==============

2010-08-03 09:37 - 2001-10-28 17:42 - 00116224 _____ () C:\WINDOWS\system32\pdfcmnnt.dll
2005-11-14 15:43 - 2005-11-14 15:43 - 00029152 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\FSPPMFP.DLL
2014-08-08 19:50 - 2014-08-08 19:50 - 00031080 _____ () C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
2014-08-08 19:51 - 2014-08-08 19:51 - 00607376 _____ () C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
2014-08-08 19:51 - 2014-08-08 19:51 - 00059752 _____ () C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
2014-08-08 19:51 - 2014-08-08 19:51 - 00036216 _____ () C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2014-08-08 19:51 - 2014-08-08 19:51 - 00080248 _____ () C:\Program Files\HTC\HTC Sync Manager\ninstallerhelper.dll
2014-08-08 19:52 - 2014-08-08 19:52 - 00129376 _____ () C:\Program Files\HTC\HTC Sync Manager\zlib1.dll
2014-08-08 19:53 - 2014-08-08 19:53 - 00223592 _____ () C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
2014-08-08 19:51 - 2014-08-08 19:51 - 00821600 _____ () C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
2006-02-28 14:00 - 2013-01-02 08:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2006-02-28 14:00 - 2008-04-14 02:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2006-02-28 14:00 - 2008-04-14 02:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2014-11-21 13:12 - 2014-11-14 23:15 - 01677128 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.65\ffmpegsumo.dll
2014-11-21 13:12 - 2014-11-14 23:15 - 14910280 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.65\PepperFlash\pepflashplayer.dll
2014-11-21 13:12 - 2014-11-14 23:15 - 09009480 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\Application\39.0.2171.65\pdf.dll
2014-07-24 12:02 - 2014-02-10 13:44 - 04592128 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-07-24 12:02 - 2014-02-10 13:44 - 00112128 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1482476501-484763869-839522115-1004\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\personal-pc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-1482476501-484763869-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1482476501-484763869-839522115-1005 - Limited - Enabled)
Guest (S-1-5-21-1482476501-484763869-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1482476501-484763869-839522115-1000 - Limited - Disabled)
personal-pc (S-1-5-21-1482476501-484763869-839522115-1004 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\personal-pc
SUPPORT_388945a0 (S-1-5-21-1482476501-484763869-839522115-1002 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Multimedia Audio Controller
Description: Multimedia Audio Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/16/2015 09:52:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia chrome.exe, verzia 39.0.2171.65, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (04/16/2015 09:22:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia TeamViewer.exe, verzia 10.0.40798.0, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (04/16/2015 08:15:52 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.

Error: (04/16/2015 08:15:52 AM) (Source: crypt32) (EventID: 11) (User: )
Description: Zlyhala extrakcia zoznamu základných certifikátov nezávislých vydavateľov zo súboru CAB automatickej aktualizácie v: <http://www.download.windowsupdate.com/m ... ootstl.cab> s chybou: Pri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.

Error: (12/15/2014 01:50:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia chrome.exe, verzia 39.0.2171.65, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (11/25/2014 07:30:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia chrome.exe, verzia 39.0.2171.65, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (11/24/2014 07:37:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia OIS.EXE, verzia 11.0.6550.0, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (11/24/2014 01:02:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia OUTLOOK.EXE, verzia 11.0.6565.0, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (11/21/2014 04:09:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia EXCEL.EXE, verzia 11.0.6560.0, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error: (11/03/2014 07:43:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Zablokovaná aplikácia chrome.exe, verzia 38.0.2125.111, zablokovaný modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.


System errors:
=============
Error: (04/16/2015 11:37:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Application Layer Gateway Service sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát.

Error: (04/16/2015 11:37:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HTCMonitorService sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát.

Error: (04/16/2015 11:37:10 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Print Spooler sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát.

Error: (04/15/2015 00:12:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:39 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126

Error: (04/15/2015 00:12:38 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Služba Application Management bola ukončená s nasledujúcou chybou:
%%126


Microsoft Office Sessions:
=========================
Error: (04/16/2015 09:52:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.65hungapp0.0.0.000000000

Error: (04/16/2015 09:22:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TeamViewer.exe10.0.40798.0hungapp0.0.0.000000000

Error: (04/16/2015 08:15:52 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/m ... stl.cabPri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.

Error: (04/16/2015 08:15:52 AM) (Source: crypt32) (EventID: 11) (User: )
Description: http://www.download.windowsupdate.com/m ... stl.cabPri overovaní s aktuálnymi systémovými hodinami alebo časovou pečiatkou podpísaného súboru sa zistilo, že požadovaný certifikát je mimo dobu platnosti.

Error: (12/15/2014 01:50:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.65hungapp0.0.0.000000000

Error: (11/25/2014 07:30:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe39.0.2171.65hungapp0.0.0.000000000

Error: (11/24/2014 07:37:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OIS.EXE11.0.6550.0hungapp0.0.0.000000000

Error: (11/24/2014 01:02:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: OUTLOOK.EXE11.0.6565.0hungapp0.0.0.000000000

Error: (11/21/2014 04:09:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: EXCEL.EXE11.0.6560.0hungapp0.0.0.000000000

Error: (11/03/2014 07:43:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe38.0.2125.111hungapp0.0.0.000000000


==================== Memory info ===========================

Processor: Intel(R) Celeron(R) D CPU 3.06GHz
Percentage of memory in use: 36%
Total physical RAM: 494.73 MB
Available physical RAM: 314.23 MB
Total Pagefile: 1154.86 MB
Available Pagefile: 976.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:76.68 GB) (Free:60.37 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 76.7 GB) (Disk ID: 7DB47DB4)
Partition 1: (Active) - (Size=76.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#14 Příspěvek od vyosek »

:arrow: Supr, tak jeste docistime :James008:

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize
  • Kód: Vybrat vše

    Start
    CloseProcesses:
    CreateRestorePoint:
    
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1482476501-484763869-839522115-1004\...\Run: [Google Update] => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
    HKU\S-1-5-21-1482476501-484763869-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    HKU\S-1-5-21-1482476501-484763869-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    URLSearchHook: HKU\S-1-5-21-1482476501-484763869-839522115-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
    HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    
    2015-04-17 10:14 - 2015-04-17 10:14 - 00029696 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\MSGBOX.EXE
    2015-04-17 10:14 - 2015-04-17 10:14 - 00015327 _____ () C:\Documents and Settings\personal-pc\Desktop\LM.bat
    2015-04-16 11:53 - 2015-04-16 11:41 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
    2015-04-16 11:42 - 2015-04-16 11:28 - 00001707 _____ () C:\zoek-results2015-04-16-092815.log
    2015-04-16 11:27 - 2015-04-16 11:37 - 00000000 ____D () C:\AdwCleaner
    2015-04-16 11:25 - 2015-04-16 11:54 - 00006254 _____ () C:\zoek-results.log
    2015-04-16 11:23 - 2015-04-16 11:50 - 00000000 ____D () C:\zoek_backup
    2015-04-16 10:31 - 2015-04-17 10:14 - 00028961 _____ () C:\Documents and Settings\personal-pc\Desktop\FRST.txt
    2015-04-16 10:30 - 2015-04-16 10:30 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\personal-pc\Desktop\FRSTLauncher (1).exe
    2015-04-16 09:54 - 2015-04-16 09:55 - 00000000 ___SD () C:\ComboFix
    2015-04-15 11:57 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
    2015-04-15 11:57 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
    2015-04-15 11:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
    2015-04-15 11:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
    2015-04-15 11:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
    2015-04-15 11:57 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
    2015-04-15 11:57 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
    2015-04-15 11:57 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
    2015-04-15 11:57 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
    2015-04-15 11:56 - 2015-04-16 09:09 - 00000000 ____D () C:\Qoobox
    2015-04-15 11:56 - 2015-04-15 11:56 - 00000000 ____D () C:\WINDOWS\erdnt
    
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004Core.job => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004UA.job => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
    
    Hosts:
    EmptyTemp:
    Reboot:
    End
    
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.

Uživatelský avatar
cevrik
VIP
VIP
Příspěvky: 93
Registrován: 27 kvě 2005 14:12
Bydliště: Prievidza
Kontaktovat uživatele:

Re: Tony adware, je to furt spomalene, neda sa spustit combo

#15 Příspěvek od cevrik »

No, je to o poznanie lepsie, uz len par giga RAMky a pojde to svizne :)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-04-2015 04
Ran by personal-pc at 2015-04-17 12:07:10 Run:1
Running from C:\Documents and Settings\personal-pc\Desktop
Loaded Profiles: personal-pc (Available profiles: personal-pc & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-1482476501-484763869-839522115-1004\...\Run: [Google Update] => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
HKU\S-1-5-21-1482476501-484763869-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1482476501-484763869-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
URLSearchHook: HKU\S-1-5-21-1482476501-484763869-839522115-1004 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

2015-04-17 10:14 - 2015-04-17 10:14 - 00029696 _____ () C:\Documents and Settings\personal-pc\Local Settings\Application Data\MSGBOX.EXE
2015-04-17 10:14 - 2015-04-17 10:14 - 00015327 _____ () C:\Documents and Settings\personal-pc\Desktop\LM.bat
2015-04-16 11:53 - 2015-04-16 11:41 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2015-04-16 11:42 - 2015-04-16 11:28 - 00001707 _____ () C:\zoek-results2015-04-16-092815.log
2015-04-16 11:27 - 2015-04-16 11:37 - 00000000 ____D () C:\AdwCleaner
2015-04-16 11:25 - 2015-04-16 11:54 - 00006254 _____ () C:\zoek-results.log
2015-04-16 11:23 - 2015-04-16 11:50 - 00000000 ____D () C:\zoek_backup
2015-04-16 10:31 - 2015-04-17 10:14 - 00028961 _____ () C:\Documents and Settings\personal-pc\Desktop\FRST.txt
2015-04-16 10:30 - 2015-04-16 10:30 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\personal-pc\Desktop\FRSTLauncher (1).exe
2015-04-16 09:54 - 2015-04-16 09:55 - 00000000 ___SD () C:\ComboFix
2015-04-15 11:57 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-04-15 11:57 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-04-15 11:57 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-04-15 11:57 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-04-15 11:56 - 2015-04-16 09:09 - 00000000 ____D () C:\Qoobox
2015-04-15 11:56 - 2015-04-15 11:56 - 00000000 ____D () C:\WINDOWS\erdnt

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004Core.job => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004UA.job => C:\Documents and Settings\personal-pc\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKU\S-1-5-21-1482476501-484763869-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
HKU\S-1-5-21-1482476501-484763869-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
HKU\S-1-5-21-1482476501-484763869-839522115-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"C:\Documents and Settings\personal-pc\Local Settings\Application Data\MSGBOX.EXE" => File/Directory not found.
"C:\Documents and Settings\personal-pc\Desktop\LM.bat" => File/Directory not found.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results2015-04-16-092815.log => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Documents and Settings\personal-pc\Desktop\FRST.txt => Moved successfully.
C:\Documents and Settings\personal-pc\Desktop\FRSTLauncher (1).exe => Moved successfully.
C:\ComboFix => Moved successfully.
C:\WINDOWS\PEV.exe => Moved successfully.
C:\WINDOWS\MBR.exe => Moved successfully.
C:\WINDOWS\NIRCMD.exe => Moved successfully.
C:\WINDOWS\SWREG.exe => Moved successfully.
C:\WINDOWS\SWSC.exe => Moved successfully.
C:\WINDOWS\SWXCACLS.exe => Moved successfully.
C:\WINDOWS\sed.exe => Moved successfully.
C:\WINDOWS\grep.exe => Moved successfully.
C:\WINDOWS\zip.exe => Moved successfully.
"C:\Qoobox" => File/Directory not found.
C:\WINDOWS\erdnt => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004Core.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-484763869-839522115-1004UA.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => Moved successfully.
C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1.2 GB temporary data.


The system needed a reboot.

==== End of Fixlog 12:06:12 ====

Odpovědět