Prosím i preventivní kontrolu

[John Hoof]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:02-08-2015 01
Ran by Kopejtice (administrator) on HANKA (03-08-2015 13:46:35)
Running from C:\Documents and Settings\Kopejtice\Plocha
Loaded Profiles: Kopejtice (Available Profiles: Kopejtice & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\BBSvc.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\Kopejtice\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2005-09-20] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [114688 2005-09-20] (Intel Corporation)
HKLM\...\Run: [Smapp] => C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-07-30] (Analog Devices, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKU\S-1-5-21-1934121800-541894680-2237922073-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)
Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk [2013-07-24]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Documents and Settings\Kopejtice\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk [2013-07-24]
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Documents and Settings\Kopejtice\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk [2014-12-15]
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-04-22] (Avast Software s.r.o.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1934121800-541894680-2237922073-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.seznam.cz/?sourceid=quick ... earchTerms}
HKU\S-1-5-21-1934121800-541894680-2237922073-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.seznam.cz/?clid=22668
HKU\S-1-5-21-1934121800-541894680-2237922073-1006\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.seznam.cz/?clid=22668
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1934121800-541894680-2237922073-1006 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = http://search.seznam.cz/?sourceid=quick ... earchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-22] (Avast Software s.r.o.)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 1139284062
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{9B90BE78-772D-43FA-932A-EB579AFF3CE7}: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Kopejtice\Data aplikací\Mozilla\Firefox\Profiles\4z96sqkf.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: https://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: https://www.google.com
FF Keyword.URL: https://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Kopejtice\Data aplikací\Mozilla\Firefox\Profiles\4z96sqkf.default\searchplugins\google-avast.xml [2015-06-10]
FF SearchPlugin: C:\Documents and Settings\Kopejtice\Data aplikací\Mozilla\Firefox\Profiles\4z96sqkf.default\searchplugins\seznam-avast.xml [2015-01-03]
FF Extension: FEBE - C:\Documents and Settings\Kopejtice\Data aplikací\Mozilla\Firefox\Profiles\4z96sqkf.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-05-30]
FF Extension: Plná Peněženka Lištička - C:\Documents and Settings\Kopejtice\Data aplikací\Mozilla\Firefox\Profiles\4z96sqkf.default\Extensions\toolbar@plnapenezenka.cz.xpi [2015-01-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-05-08]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-08]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Documents and Settings\Kopejtice\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Kopejtice\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-21]
CHR Extension: (No Name) - C:\Documents and Settings\Kopejtice\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (YouTube) - C:\Documents and Settings\Kopejtice\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-21]
CHR Extension: (Google Search) - C:\Documents and Settings\Kopejtice\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-21]
CHR Extension: (Avast Online Security) - C:\Documents and Settings\Kopejtice\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-08]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Kopejtice\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-21]
CHR Extension: (Gmail) - C:\Documents and Settings\Kopejtice\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-21]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-22]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-22] (Avast Software s.r.o.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aeaudio; C:\WINDOWS\System32\drivers\aeaudio.sys [100384 2003-10-23] (Andrea Electronics Corporation) [File not signed]
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-04-22] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-04-22] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-04-22] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-04-22] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-04-22] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-26] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-04-22] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-04-22] ()
S3 Blfp; C:\WINDOWS\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Broadcom Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 smwdm; C:\WINDOWS\System32\drivers\smwdm.sys [612416 2004-04-15] (Analog Devices, Inc.) [File not signed]
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [343456 2014-04-19] (BitDefender S.R.L.)
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-03 13:46 - 2015-08-03 13:46 - 00014289 _____ C:\Documents and Settings\Kopejtice\Plocha\FRST.txt
2015-08-03 13:46 - 2015-08-03 13:46 - 00000000 ____D C:\FRST
2015-08-03 13:44 - 2015-08-03 13:44 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Kopejtice\Plocha\FRSTLauncher.exe
2015-08-03 13:43 - 2015-08-03 13:43 - 01673728 _____ (Farbar) C:\Documents and Settings\Kopejtice\Plocha\FRST.exe
2015-07-22 22:59 - 2015-07-22 23:00 - 00000000 ____D C:\Documents and Settings\Kopejtice\Plocha\Nová složka (3)
2015-07-22 22:57 - 2015-07-22 23:07 - 00000000 ____D C:\Documents and Settings\Kopejtice\Plocha\Nová složka (2)
2015-07-22 22:53 - 2015-07-22 23:34 - 00000000 ____D C:\Documents and Settings\Kopejtice\Plocha\Nová složka
2015-07-18 18:18 - 2015-07-18 18:18 - 00000000 ____D C:\Documents and Settings\Kopejtice\Data aplikací\Malwarebytes
2015-07-18 18:17 - 2015-07-18 18:17 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-07-18 15:55 - 2015-07-18 15:59 - 00000000 ____D C:\AdwCleaner
2015-07-18 15:53 - 2015-07-18 15:53 - 02248704 _____ C:\Documents and Settings\Kopejtice\Plocha\adwcleaner_4.208.exe
2015-07-04 22:32 - 2015-07-05 12:46 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-04 16:40 - 2015-08-03 13:41 - 00000000 ____D C:\Program Files\trend micro
2015-07-04 16:40 - 2015-07-04 16:40 - 00000000 ____D C:\rsit
2015-07-04 16:15 - 2015-07-04 16:15 - 01107968 _____ C:\Documents and Settings\Kopejtice\Plocha\RSIT.exe
2015-07-04 15:51 - 2015-07-04 15:51 - 00000000 ____D C:\Documents and Settings\Kopejtice\Dokumenty\Any Video Converter
2015-07-04 15:49 - 2015-07-04 15:51 - 00000000 ____D C:\Documents and Settings\Kopejtice\Data aplikací\Anvsoft
2015-07-04 15:49 - 2015-07-04 15:49 - 00000852 _____ C:\Documents and Settings\Kopejtice\Plocha\Any Audio Converter.lnk
2015-07-04 15:48 - 2015-07-04 15:48 - 00000000 ____D C:\Program Files\Anvsoft
2015-07-04 15:36 - 2015-07-04 15:39 - 00000000 ____D C:\Documents and Settings\Kopejtice\Data aplikací\Media Converter
2015-07-04 15:35 - 2015-07-04 15:35 - 00000864 _____ C:\Documents and Settings\All Users\Plocha\SDR Free CDA to MP3 Converter.lnk
2015-07-04 15:35 - 2015-07-04 15:35 - 00000000 ____D C:\Program Files\SDR Free CDA to MP3 Converter
2015-07-04 15:35 - 2015-07-04 15:35 - 00000000 ____D C:\Documents and Settings\All Users\Nabídka Start\Programy\SDR Free CDA to MP3 Converter

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-03 13:46 - 2013-07-24 14:22 - 00000000 ___HD C:\Documents and Settings\Kopejtice\Local Settings\Data aplikací
2015-08-03 13:46 - 2013-07-24 14:22 - 00000000 ____D C:\Documents and Settings\Kopejtice\Plocha
2015-08-03 13:46 - 2013-07-24 14:22 - 00000000 ____D C:\Documents and Settings\Kopejtice\Local Settings\Temp
2015-08-03 13:45 - 2013-12-01 21:22 - 00000000 ____D C:\Documents and Settings\Kopejtice\Dokumenty\Stažené soubory
2015-08-03 13:45 - 1980-01-04 03:49 - 01640774 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-03 13:40 - 1980-01-04 02:44 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-08-03 13:40 - 1980-01-04 02:44 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2015-08-03 13:31 - 2014-11-08 16:34 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-08-03 13:31 - 2008-04-14 14:00 - 00012598 _____ C:\WINDOWS\system32\wpa.dbl
2015-08-03 13:31 - 1980-01-04 02:47 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-08-03 13:31 - 1980-01-04 02:47 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-08-03 13:30 - 2014-04-21 21:15 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-03 13:30 - 2014-03-27 15:01 - 00000230 _____ C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-08-03 13:30 - 2012-03-07 18:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-02 19:58 - 2013-07-24 14:22 - 00000178 ___SH C:\Documents and Settings\Kopejtice\ntuser.ini
2015-08-02 19:58 - 2012-03-07 18:06 - 00032400 _____ C:\WINDOWS\SchedLgU.Txt
2015-08-02 19:44 - 2014-04-13 19:44 - 00000460 _____ C:\WINDOWS\Tasks\At3.job
2015-08-02 19:30 - 2013-07-24 13:17 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-02 19:08 - 2014-04-21 21:15 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-02 18:06 - 2013-07-24 14:22 - 00000000 ____D C:\Documents and Settings\Kopejtice
2015-08-01 10:11 - 2014-04-13 19:44 - 00000460 _____ C:\WINDOWS\Tasks\At1.job
2015-08-01 09:10 - 2014-04-21 21:17 - 00001813 _____ C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2015-08-01 09:03 - 2015-06-27 20:42 - 00000360 _____ C:\Documents and Settings\Kopejtice\Plocha\Sonet jako talisman.txt
2015-08-01 08:46 - 2013-10-04 21:34 - 00000000 ____D C:\Documents and Settings\Kopejtice\Data aplikací\Media Player Classic
2015-07-19 14:00 - 2014-04-13 19:44 - 00000460 _____ C:\WINDOWS\Tasks\At4.job
2015-07-19 00:53 - 1980-01-04 03:48 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-07-19 00:00 - 2013-07-24 13:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2015-07-18 21:53 - 1980-01-04 02:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-07-18 20:40 - 2014-04-13 19:44 - 00000460 _____ C:\WINDOWS\Tasks\At2.job
2015-07-18 18:18 - 2013-07-24 14:22 - 00000000 __RHD C:\Documents and Settings\Kopejtice\Data aplikací
2015-07-18 18:17 - 1980-01-04 02:44 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2015-07-15 16:26 - 2014-12-14 17:03 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2015-07-15 13:31 - 2013-07-24 13:17 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-07-15 13:31 - 2012-03-08 12:57 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-07-14 13:25 - 1980-01-04 02:45 - 01120816 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-05 12:46 - 2013-07-24 13:15 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-04 15:55 - 2014-07-08 17:09 - 00000000 ___RD C:\Documents and Settings\Kopejtice\Dokumenty\Filmy
2015-07-04 15:51 - 2013-07-24 14:22 - 00000000 ___RD C:\Documents and Settings\Kopejtice\Dokumenty

==================== Files in the root of some directories =======

2015-04-06 17:40 - 2010-07-10 20:01 - 0054272 _____ () C:\Program Files\winbox.exe

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job


Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Kopejtice\Local Settings\Temp\avcuf32.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\avcuf64.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Kopejtice\Local Settings\Temp\avxdisk.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\bdc.exe
C:\Documents and Settings\Kopejtice\Local Settings\Temp\bdcore.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\bdfltlib2k.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\bdnimbus32.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\bdnimbus64.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\bdupdateservice.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\DEVCON.EXE
C:\Documents and Settings\Kopejtice\Local Settings\Temp\eEmpty.exe
C:\Documents and Settings\Kopejtice\Local Settings\Temp\encdec.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\esupdate.exe
C:\Documents and Settings\Kopejtice\Local Settings\Temp\FSSync.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\Getvlist.exe
C:\Documents and Settings\Kopejtice\Local Settings\Temp\ikave.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\ipc.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\kave.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\kavvlg.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\msvclnt.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\msvcp80.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\msvcr80.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\msvl64.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\msvlclnt.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\mwavdwnl.exe
C:\Documents and Settings\Kopejtice\Local Settings\Temp\MWAVL.exe
C:\Documents and Settings\Kopejtice\Local Settings\Temp\mwavscan.exe
C:\Documents and Settings\Kopejtice\Local Settings\Temp\mwunzip.dll
C:\Documents and Settings\Kopejtice\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Kopejtice\Local Settings\Temp\viewtcp.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-48e98c7d.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-cee3eae8.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-f0aad117.exe


Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\System32\runouce.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:74.53 GB) (Free:40.1 GB) NTFS ==>[drive with boot components (Windows XP)]

Available physical RAM: 906.71 MB
Total physical RAM: 1527.43 MB
Percentage of memory in use: 40%

==================== MBR and Partition Table ==================

Disk: 0 (Size: 74.5 GB) (Disk ID: 9D429D42)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => 0x010501005426345EDBD21F47A8255A195E0E3B4E46005A0100000000F0000100200000000014730F000000000313040050028821000000000000000000000000000000000000380063003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F0066007400200053006500630075007200690074007900200043006C00690065006E0074005C004D00700043006D006400520075006E002E00650078006500000026005300630061006E0020002D005300630068006500640075006C0065004A006F00620020002D0052006500730074007200690063007400500072006900760069006C006500670065007300000000000700530059005300540045004D0000001A00DA006C006F0068006100200070007200610076006900640065006C006E00E90020006B006F006E00740072006F006C0079000000000008000F13048000000000010030000000DE070400140000000000000002000E0000000000000000000000000002000000010001000000000000000000
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Kopejtice\Plocha" je 3463 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Samsung\\AllShare Control\\AllShare Control PC.exe"="C:\\Program Files\\Samsung\\AllShare Control\\AllShare Control PC.exe:*:Enabled:AllShare Control PC"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Program Files\\HP\\HP Deskjet 3050 J610 series\\Bin\\DeviceSetup.exe"="C:\\Program Files\\HP\\HP Deskjet 3050 J610 series\\Bin\\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zazen HP (HP Deskjet 3050 J610 series)"
"C:\\Program Files\\HP\\HP Deskjet 3050 J610 series\\Bin\\HPNetworkCommunicator.exe"="C:\\Program Files\\HP\\HP Deskjet 3050 J610 series\\Bin\\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Sov komunikan program HP (HP Deskjet 3050 J610 series)"
"C:\\Program Files\\HP\\HP Deskjet 3050 J610 series\\Bin\\HPNetworkCommunicatorCom.exe"="C:\\Program Files\\HP\\HP Deskjet 3050 J610 series\\Bin\\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:Sov komunikan program HP COM (HP Deskjet 3050 J610 series)"
"C:\\Documents and Settings\\Kopejtice\\Data aplikac\\uTorrent\\utorrent.exe"="C:\\Documents and Settings\\Kopejtice\\Data aplikac\\uTorrent\\utorrent.exe:*:Enabled:uTorrent"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"7878:TCP"="7878:TCP:*:Enabled:AllShare TCP Port"
"20102:TCP"="20102:TCP:*:Enabled:AllShare UDP Port"
"1900:TCP"="1900:TCP:*:Enabled:AllShare Multicast Port"


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

[Márty84]

Pocitac se po tu dobu pouzival?

***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Kopejtice\Plocha" je 3463 MB.

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku




Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1934121800-541894680-2237922073-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [343456 2014-04-19] (BitDefender S.R.L.)
R2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]
S3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21 116648]

C:\WINDOWS\System32\drivers\trufos.sys
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\System32\runouce.exe

2015-07-18 18:18 - 2015-07-18 18:18 - 00000000 ____D C:\Documents and Settings\Kopejtice\Data aplikací\Malwarebytes
2015-07-18 18:17 - 2015-07-18 18:17 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => 0x010501005426345EDBD21F47A8255A195E0E3B4E46005A0100000000F0000100200000000014730F000000000313040050028821000000000000000000000000000000000000380063003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F0066007400200053006500630075007200690074007900200043006C00690065006E0074005C004D00700043006D006400520075006E002E00650078006500000026005300630061006E0020002D005300630068006500640075006C0065004A006F00620020002D0052006500730074007200690063007400500072006900760069006C006500670065007300000000000700530059005300540045004D0000001A00DA006C006F0068006100200070007200610076006900640065006C006E00E90020006B006F006E00740072006F006C0079000000000008000F13048000000000010030000000DE070400140000000000000002000E0000000000000000000000000002000000010001000000000000000000
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

Hosts:
EmptyTemp:
Reboot:
End

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

[John Hoof]

Opět se omlouvám za zpozdění.

Během scanu jsem počítač nepouzíval.

Odstranil jsem z plochy cca. 1 gb souborů.

Spustil jsem FRST podle vašeho návodu. Po chvíli scanu vyskočilo oznámení, ze program neodpovídá a bude ukončen. Nicméně soubor fixlog.txt byl vytvoren, zde je:

Fix result of Farbar Recovery Scan Tool (x86) Version:25-08-2015 02
Ran by Kopejtice (2015-08-27 18:33:10) Run:1
Running from C:\Documents and Settings\Kopejtice\Plocha
Loaded Profiles: Kopejtice (Available Profiles: Kopejtice & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1934121800-541894680-2237922073-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [343456 2014-04-19] (BitDefender S.R.L.)
R2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]
S3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21 116648]

C:\WINDOWS\System32\drivers\trufos.sys
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\System32\runouce.exe

2015-07-18 18:18 - 2015-07-18 18:18 - 00000000 ____D C:\Documents and Settings\Kopejtice\Data aplikací\Malwarebytes
2015-07-18 18:17 - 2015-07-18 18:17 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => 0x010501005426345EDBD21F47A8255A195E0E3B4E46005A0100000000F0000100200000000014730F000000000313040050028821000000000000000000000000000000000000380063003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F0066007400200053006500630075007200690074007900200043006C00690065006E0074005C004D00700043006D006400520075006E002E00650078006500000026005300630061006E0020002D005300630068006500640075006C0065004A006F00620020002D0052006500730074007200690063007400500072006900760069006C006500670065007300000000000700530059005300540045004D0000001A00DA006C006F0068006100200070007200610076006900640065006C006E00E90020006B006F006E00740072006F006C0079000000000008000F13048000000000010030000000DE070400140000000000000002000E0000000000000000000000000002000000010001000000000000000000
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully.
HKU\S-1-5-21-1934121800-541894680-2237922073-1006\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully.


Tak co ted ?

[Márty84]

Během scanu jsem počítač nepouzíval.

Nemyslel jsem behem skenu, ale behem tech x dnu, co jste se neozval

Odstranil jsem z plochy cca. 1 gb souborů.

To je porad malo, bylo tam 3,5 GB

Spustil jsem FRST podle vašeho návodu. Po chvíli scanu vyskočilo oznámení, ze program neodpovídá a bude ukončen.

Neprovedlo se to jak melo. Zkuste to jeste jednou, ale v nouzovem rezimu.

[John Hoof]

Počítač byl pouzíván, ačkoliv někým jiným, tak byl.

Na ploše je nyní cca 20 MB.

Jdu na ten fix v nouzovém.

[John Hoof]

Fix result of Farbar Recovery Scan Tool (x86) Version:25-08-2015 02
Ran by Kopejtice (2015-08-27 21:05:02) Run:2
Running from C:\Documents and Settings\Kopejtice\Plocha
Loaded Profiles: Kopejtice (Available Profiles: Kopejtice & Administrator)
Boot Mode: Safe Mode (minimal)

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-1934121800-541894680-2237922073-1006\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-29] (Piriform Ltd)

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-09-26] (Oracle Corporation)
S3 trufos; C:\WINDOWS\System32\drivers\trufos.sys [343456 2014-04-19] (BitDefender S.R.L.)
R2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.355.0\BBSvc.exe [2012-01-25 192792]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15 268976]
S3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe [2012-01-25 240408]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-21 116648]

C:\WINDOWS\System32\drivers\trufos.sys
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\System32\runouce.exe

2015-07-18 18:18 - 2015-07-18 18:18 - 00000000 ____D C:\Documents and Settings\Kopejtice\Data aplikací\Malwarebytes
2015-07-18 18:17 - 2015-07-18 18:17 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => 0x010501005426345EDBD21F47A8255A195E0E3B4E46005A0100000000F0000100200000000014730F000000000313040050028821000000000000000000000000000000000000380063003A005C00500072006F006700720061006D002000460069006C00650073005C004D006900630072006F0073006F0066007400200053006500630075007200690074007900200043006C00690065006E0074005C004D00700043006D006400520075006E002E00650078006500000026005300630061006E0020002D005300630068006500640075006C0065004A006F00620020002D0052006500730074007200690063007400500072006900760069006C006500670065007300000000000700530059005300540045004D0000001A00DA006C006F0068006100200070007200610076006900640065006C006E00E90020006B006F006E00740072006F006C0079000000000008000F13048000000000010030000000DE070400140000000000000002000E0000000000000000000000000002000000010001000000000000000000
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Error: Restore point can only be created in normal mode.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKU\S-1-5-21-1934121800-541894680-2237922073-1006\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found.
"HKCR\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value removed successfully.
"HKCR\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}" => key removed successfully.
JavaQuickStarterService => service removed successfully.
trufos => service removed successfully.
BBSvc => service removed successfully.
gupdate => service removed successfully.
SkypeUpdate => service removed successfully.
AdobeFlashPlayerUpdateSvc => service removed successfully.
BBUpdate => service removed successfully.
gupdatem => service removed successfully.
C:\WINDOWS\System32\drivers\trufos.sys => moved successfully
C:\Windows\logo_1.exe => moved successfully
C:\Windows\RUNDL132.EXE => moved successfully
C:\Windows\VDLL.DLL => moved successfully
C:\Windows\System32\runouce.exe => moved successfully
C:\Documents and Settings\Kopejtice\Data aplikací\Malwarebytes => moved successfully
C:\Documents and Settings\All Users\Data aplikací\Malwarebytes => moved successfully
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\WINDOWS\Tasks\At1.job => moved successfully
C:\WINDOWS\Tasks\At2.job => moved successfully
C:\WINDOWS\Tasks\At3.job => moved successfully
C:\WINDOWS\Tasks\At4.job => moved successfully
C:\WINDOWS\Tasks\avast! Emergency Update.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => moved successfully
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => moved successfully
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.8 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:06:34 ====

[Márty84]

Počítač byl pouzíván, ačkoliv někým jiným, tak byl.

Takova kontrola pak nema moc vyznam, protoze za tu dobu se tam mohla spousta veci zmenit.

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.

[John Hoof]

Ok!

Jdu na to.

[Márty84]

[John Hoof]

Vše proběhlo v pořádku, udělal jsem, přesně jak jste řekl

Mně osobně přijde, že to PC jede tak dvojnásobně rychleji, po startu už nenabíhá tak dlouho a když otevřu např. mozzilu, vše naběhne rychle, takže super

Díky moc

[Márty84]

To jsem rad, ze se to zlepsilo

Nemate zac!

Mejte se a treba zase nekdy