Počítač mojí mámy...

Zpráva

viktor1771 · #1 Příspěvek od **viktor1771** » 11 dub 2016 18:34

Dobrý den, velmi prosím o kontrolu, máma normálně otvírá všechno, co jí přijde mailem i z neznámých adres a jak jsem dnes šel okolo, zdálo se mi, že je komp dost pomalý a před restartem bránil ve vypnutí nějaký Microsoft Broadcasting...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016 01
Ran by RS (administrator) on HP (11-04-2016 19:27:24)
Running from C:\Users\RS\Desktop
Loaded Profiles: RS (Available Profiles: RS)
Platform: Windows 8 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.17516_none_6276a5b950d43361\TiWorker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-19] ()
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-22] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-04-04] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2469910178-886939283-416769698-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-2469910178-886939283-416769698-1001\...\MountPoints2: {c12455be-4f3a-11e2-be73-20689d349b74} - "F:\AutoRun.exe"
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-04-04] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.98.231.66 10.98.0.249
Tcpip\..\Interfaces\{1FC80090-4C83-4356-BE2C-879289D1F166}: [DhcpNameServer] 10.98.231.66 10.98.0.249
Tcpip\..\Interfaces\{FB09DE6A-43D1-4162-9682-40CA25997290}: [DhcpNameServer] 40.22.1.201 40.22.1.202

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-2469910178-886939283-416769698-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.seznam.cz/
HKU\S-1-5-21-2469910178-886939283-416769698-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {693FA693-C64F-4BDD-8C29-2A3395CC502E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {693FA693-C64F-4BDD-8C29-2A3395CC502E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-2469910178-886939283-416769698-1001 -> {693FA693-C64F-4BDD-8C29-2A3395CC502E} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-04-04] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-04-04] (AVAST Software)

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-04-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-04-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-04-04]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [217088 2012-09-20] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-04-04] (AVAST Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [321536 2012-07-22] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-19] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-04-04] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-04-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-04-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-04-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-04-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-04-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-04-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-04-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-04-04] (AVAST Software)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-19] (Qualcomm Atheros)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [117632 2013-06-01] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2012-09-20] (Broadcom Corporation)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-19] (Atheros)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-10-12] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 Huawei; \SystemRoot\system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; \SystemRoot\system32\DRIVERS\ewusbdev.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 19:27 - 2016-04-11 19:28 - 00012640 _____ C:\Users\RS\Desktop\FRST.txt
2016-04-11 19:27 - 2016-04-11 19:27 - 00000000 ____D C:\FRST
2016-04-11 19:26 - 2016-04-11 19:26 - 02375168 _____ (Farbar) C:\Users\RS\Desktop\FRST64.exe
2016-04-11 19:18 - 2016-04-11 19:18 - 00000000 ___RD C:\Users\RS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-04-11 18:35 - 2016-04-11 18:35 - 00000000 ____D C:\Users\RS\AppData\Local\{BC9BCDC2-A969-4989-8E30-E7862D3C7CD3}
2016-04-07 20:59 - 2016-04-07 20:59 - 00000000 ____D C:\Users\RS\AppData\Local\{E4959C76-2030-49EA-8041-1481C15B2B32}
2016-04-04 14:23 - 2016-02-21 07:23 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-04 14:23 - 2016-02-21 05:43 - 01373184 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-04 14:23 - 2016-02-21 05:43 - 00696832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-04 14:23 - 2016-02-21 05:43 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-04 14:23 - 2016-02-21 05:43 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-04 14:23 - 2016-02-21 05:43 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-04 14:23 - 2016-02-05 16:09 - 01168896 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-04 14:22 - 2016-04-04 14:22 - 00003036 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1459772526
2016-04-04 14:22 - 2016-04-04 14:22 - 00000997 _____ C:\Users\Public\Desktop\Avast SafeZone Browser.lnk
2016-04-04 14:22 - 2016-04-04 14:22 - 00000997 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-04-04 14:17 - 2016-04-04 14:17 - 00398152 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-04-04 14:17 - 2016-04-04 14:17 - 00052184 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-04-04 13:54 - 2016-04-04 13:54 - 00000000 ____D C:\Users\RS\AppData\Local\{BFEBFB7F-CCA0-484B-98D0-0F63E618771B}
2016-03-28 22:11 - 2016-03-28 22:11 - 00000000 ____D C:\Users\RS\AppData\Local\{95185BBA-E2BA-4559-A839-708AC4759B70}
2016-03-20 21:29 - 2016-03-20 21:29 - 00000000 ____D C:\Users\RS\AppData\Local\{23445472-6839-4E1E-BB97-6C226075B6F5}
2016-03-20 11:42 - 2016-04-11 19:02 - 00000782 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-20 11:42 - 2016-03-20 11:42 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-03-20 11:42 - 2016-03-20 11:42 - 00000000 ____D C:\Program Files\CCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 19:24 - 2012-09-03 02:44 - 00755956 _____ C:\Windows\system32\perfh005.dat
2016-04-11 19:24 - 2012-09-03 02:44 - 00162886 _____ C:\Windows\system32\perfc005.dat
2016-04-11 19:24 - 2012-07-26 09:28 - 01851486 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-11 19:24 - 2012-07-26 07:37 - 00000000 ____D C:\Windows\Inf
2016-04-11 19:16 - 2012-07-26 09:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-11 19:15 - 2012-07-26 07:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-04-11 19:12 - 2012-07-26 09:59 - 00000000 ____D C:\Windows\CbsTemp
2016-04-11 18:41 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\rescache
2016-04-11 18:32 - 2014-01-13 20:29 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F01B379C-C201-43BE-8210-241473EF74DF}
2016-04-04 14:40 - 2013-07-18 13:21 - 00000000 ____D C:\Windows\system32\MRT
2016-04-04 14:35 - 2013-01-27 19:46 - 143659408 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-04 14:34 - 2015-05-18 22:07 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-04 14:33 - 2012-12-26 11:17 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2469910178-886939283-416769698-1001
2016-04-04 14:24 - 2012-07-26 10:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-04 14:24 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\AUInstallAgent
2016-04-04 14:22 - 2014-07-01 11:27 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-04-04 14:18 - 2014-07-01 11:26 - 01070904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2016-04-04 14:18 - 2014-07-01 11:26 - 00463744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-04-04 14:18 - 2014-07-01 11:26 - 00287016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswvmm.sys
2016-04-04 14:18 - 2014-07-01 11:26 - 00107792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-04-04 14:17 - 2015-03-17 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2016-04-04 14:17 - 2014-07-01 11:26 - 00165344 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-04-04 14:17 - 2014-07-01 11:26 - 00103064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-04-04 14:17 - 2014-07-01 11:26 - 00074544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-04-04 14:17 - 2014-07-01 11:26 - 00037656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-04-04 14:17 - 2013-03-06 11:16 - 00000000 ____D C:\ProgramData\AVAST Software
2016-04-04 14:16 - 2014-07-01 11:26 - 00037144 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2016-04-04 14:16 - 2013-03-06 11:17 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-20 11:45 - 2013-04-11 21:52 - 00000000 ____D C:\Users\RS\AppData\Local\CrashDumps
2016-03-20 11:45 - 2012-08-04 01:21 - 00000000 ____D C:\Windows\Panther
2016-03-20 11:45 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\ModemLogs
2016-03-16 22:54 - 2012-07-26 10:12 - 00000000 ____D C:\Windows\system32\NDF

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-11 19:04

==================== End of FRST.txt ============================

#2 Příspěvek od **Rudy** » 12 dub 2016 18:06

Zdravím!
Spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

viktor1771 · #3 Příspěvek od **viktor1771** » 12 dub 2016 22:01

Dobrý den, škodlivé programy to prý nenašlo a ten log je jenom tohle?
# AdwCleaner v5.110 - Log soubor vytvořen 12/04/2016 o 22:56:09
# Aktualizováno 10/04/2016 by Xplode
# Databáze : 2016-04-11.4 [Server]
# Operační systém : Windows 8 (X64)
# Jméno uživatele : RS - HP
# Spuštěno z : C:\Users\RS\Desktop\adwcleaner_5.110.exe
# Volba : Čištění
# Podpora : http://toolslib.net/forum

***** [ Služby ] *****

***** [ Složky ] *****

***** [ Soubory ] *****

***** [ DLLs ] *****

***** [ Zástupci ] *****

***** [ Naplánované úkoly ] *****

***** [ Registr ] *****

***** [ Webové prohlížeče ] *****

*************************

:: "Tracing" odstraněných kláves
:: Nastavení Winsock odstraněno

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [727 bytes] - [12/04/2016 22:56:09]
C:\AdwCleaner\AdwCleaner[S1].txt - [770 bytes] - [12/04/2016 22:54:22]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [871 bytes] ##########

#4 Příspěvek od **Rudy** » 13 dub 2016 17:28

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-2469910178-886939283-416769698-1001\...\MountPoints2: {c12455be-4f3a-11e2-be73-20689d349b74} - "F:\AutoRun.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-2469910178-886939283-416769698-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

viktor1771 · #5 Příspěvek od **viktor1771** » 13 dub 2016 19:11

Fix result of Farbar Recovery Scan Tool (x64) Version:10-04-2016 01
Ran by RS (2016-04-13 20:07:43) Run:1
Running from C:\Users\RS\Desktop
Loaded Profiles: RS (Available Profiles: RS)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKU\S-1-5-21-2469910178-886939283-416769698-1001\...\MountPoints2: {c12455be-4f3a-11e2-be73-20689d349b74} - "F:\AutoRun.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-2469910178-886939283-416769698-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
End
*****************

"HKU\S-1-5-21-2469910178-886939283-416769698-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c12455be-4f3a-11e2-be73-20689d349b74}" => key removed successfully
HKCR\CLSID\{c12455be-4f3a-11e2-be73-20689d349b74} => key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-2469910178-886939283-416769698-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully

==== End of Fixlog 20:07:43 ====

#6 Příspěvek od **Rudy** » 13 dub 2016 20:11

Smazáno, log by již měl být OK.

viktor1771 · #7 Příspěvek od **viktor1771** » 13 dub 2016 20:33

Děkujeme.

#8 Příspěvek od **Rudy** » 13 dub 2016 21:17

Rádo se stalo!

VIRY.CZ

Počítač mojí mámy...

Počítač mojí mámy...

Re: Počítač mojí mámy...

Re: Počítač mojí mámy...

Re: Počítač mojí mámy...

Re: Počítač mojí mámy...

Re: Počítač mojí mámy...

Re: Počítač mojí mámy...

Re: Počítač mojí mámy...