Velmi pomalý PC

[petrat]

Dobrý den, mám velmi pomalý PC a nevím, jestli je to jeho stářím nebo nějakými viry. Posílám log a děkuji za kontrolu:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by Tomáš (administrator) on PUNTULKA (08-12-2016 10:54:34)
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.1.5.0\WsAppService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-15] (AVAST Software)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04] (SUPERAntiSpyware.com)
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\MountPoints2: {033a91b4-4513-11dd-9706-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\MountPoints2: {bcdf5df0-ff78-11e3-bf21-001e8ce8493a} - G:\setup.exe
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\MountPoints2: {c3c61292-055a-11e0-9d1c-001e8ce8493a} - D:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-401885020-672167872-4106706270-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2016-09-26] (AVAST Software)
GroupPolicy\User: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-19] (Společnost Microsoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 188.122.222.222 188.122.222.223
Tcpip\..\Interfaces\{B6764651-0603-43B3-8D07-CF2D51D602FD}: [DhcpNameServer] 192.168.88.1 188.122.222.222 188.122.222.223

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-401885020-672167872-4106706270-1000 -> {761EB9DB-05AB-4380-B2A1-E0ACEB8957A7} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
Toolbar: HKLM - No Name - {95188727-288F-4581-A48D-EAB3BD027314} - No File
Toolbar: HKU\S-1-5-21-401885020-672167872-4106706270-1000 -> No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\TomTom\HOME\Profiles\p9ln8pt4.default [2012-01-28]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default [2016-09-14]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\u5vszwbm.default -> hxxps://www.google.com/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\u5vszwbm.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\u5vszwbm.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\u5vszwbm.default -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\u5vszwbm.default -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\u5vszwbm.default -> hxxps://www.google.com/search
FF Extension: (Firebug) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\firebug@software.joehewitt.com.xpi [2016-09-13]
FF Extension: (Firefox Hotfix) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-13]
FF Extension: (Vacuum Places Improved) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\VacuumPlacesImproved@lultimouomo-gmail.com.xpi [2016-09-13]
FF Extension: (YSlow) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\yslow@yahoo-inc.com.xpi [2016-09-13]
FF Extension: (Garmin Communicator) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2016-09-13]
FF Extension: (Html Validator) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}(160) [2013-10-20] [not signed]
FF Extension: (Flashblock) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-09-13]
FF Extension: (View Source Chart) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}.xpi [2016-09-13]
FF Extension: (Web Developer) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2016-09-13]
FF Extension: (HackBar) - C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-E04E6DD5E9B4}.xpi [2016-09-13]
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Program na daně\Filler\npfiller.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> http://www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default [2016-12-08]
CHR Extension: (Prezentace Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-10]
CHR Extension: (Dokumenty Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-10]
CHR Extension: (Disk Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-14]
CHR Extension: (YouTube) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Tabulky Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-11]
CHR Extension: (Avast Online Security) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-10-26]
CHR Extension: (FormApps Chrome Extension) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2016-09-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-12-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-11-29]
CHR Extension: (Gmail) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\TOM~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: chrome.exe - C:\Users\Tomáš\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome.DLL6RFUYD4C3RFIIJCCV6JMLOM - C:\Users\Tomáš\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2013-01-02] (SUPERAntiSpyware.com) [File not signed]
S4 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10] (Software602 a.s.)
S4 Apache2.2; E:\Apache\apache\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation) [File not signed]
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST Software)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S3 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
S4 mysql; E:\Apache\mysql\bin\mysqld.exe [6562432 2009-03-16] ()
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581608 2016-06-23] (RealNetworks, Inc.)
S3 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-07-26] (TOSHIBA Corporation) [File not signed]
S3 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not signed]
S3 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08-23] (Ulead Systems, Inc.) [File not signed]
S3 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [465872 2011-05-23] (Cisco Systems, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.1.5.0\WsAppService.exe [382464 2015-12-02] (Wondershare) [File not signed]
S4 XAMPP; E:\Apache\service.exe [60928 2007-12-21] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [36624 2011-05-23] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [46480 2011-05-23] (Cisco Systems, Inc.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-26] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-09-26] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) [File not signed]
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC)
R1 eusk2par; C:\Windows\system32\Drivers\eusk2par.sys [30656 2006-12-13] (Eutron)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
S3 GT680x; C:\Windows\System32\Drivers\gt680x.sys [12416 2006-06-16] ( )
S3 i1display; C:\Windows\System32\Drivers\i1display.sys [44344 2004-10-15] ()
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2014-03-18] (Logitech, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R2 PDIHWCTL; C:\Windows\system32\drivers\pdihwctl.sys [14416 2007-01-25] (Portrait Displays, Inc.) [File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [252416 2007-06-01] (Realtek Semiconductor Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-11] () [File not signed]
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-01-12] (TeamViewer GmbH)
S3 V0420VID; C:\Windows\System32\DRIVERS\V0420Vid.sys [99648 2007-05-31] (Creative Technology Ltd.)
U3 ax8fsyre; C:\Windows\system32\Drivers\ax8fsyre.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-08 10:54 - 2016-12-08 10:55 - 00017873 _____ C:\Users\Tomáš\Desktop\FRST.txt
2016-12-08 10:54 - 2016-12-08 10:54 - 00000000 ____D C:\FRST
2016-12-08 09:18 - 2016-12-08 09:52 - 00000000 ____D C:\AdwCleaner
2016-12-08 09:12 - 2016-12-08 09:13 - 01761792 _____ (Farbar) C:\Users\Tomáš\Desktop\FRST.exe
2016-12-08 09:08 - 2016-12-08 09:09 - 03968464 _____ C:\Users\Tomáš\Desktop\adwcleaner_6.040.exe
2016-12-05 14:27 - 2016-12-05 14:27 - 00680110 _____ C:\Users\Tomáš\Downloads\pojistne_podminky_majetek_a_odpovednost.pdf
2016-12-05 14:27 - 2016-12-05 14:27 - 00030248 _____ C:\Users\Tomáš\Downloads\spoluucast (1).pdf
2016-12-05 14:27 - 2016-12-05 14:27 - 00020917 _____ C:\Users\Tomáš\Downloads\rizika-odpovednost.pdf
2016-12-05 14:27 - 2016-12-05 14:27 - 00017719 _____ C:\Users\Tomáš\Downloads\limity-odpovednost.pdf
2016-12-05 14:26 - 2016-12-05 14:26 - 00030248 _____ C:\Users\Tomáš\Downloads\spoluucast.pdf
2016-12-05 14:26 - 2016-12-05 14:26 - 00023629 _____ C:\Users\Tomáš\Downloads\limity-budovy.pdf
2016-12-05 14:26 - 2016-12-05 14:26 - 00020145 _____ C:\Users\Tomáš\Downloads\rizika-budovy.pdf
2016-12-02 20:29 - 2016-12-02 20:29 - 00039448 _____ C:\Users\Tomáš\Downloads\Lights-Out-2016.srt
2016-12-01 18:51 - 2016-12-01 18:51 - 03023179 _____ C:\Users\Tomáš\Downloads\Český návod - BEKO MOB 20231 BG.pdf
2016-12-01 18:51 - 2016-12-01 18:51 - 00936537 _____ C:\Users\Tomáš\Downloads\Instalační návod - BEKO MOB 20231 BG.pdf
2016-12-01 18:43 - 2016-12-01 18:43 - 00087553 _____ C:\Users\Tomáš\Downloads\La-grande-bellezza(0000232825).srt
2016-12-01 14:25 - 2016-12-01 14:25 - 00089365 _____ C:\Users\Tomáš\Downloads\OznameniZmena_2012_ToFill_3 (1).pdf
2016-12-01 14:09 - 2016-12-01 14:09 - 00026843 _____ C:\Users\Tomáš\Downloads\Oznameni_zmena_5.pdf
2016-12-01 14:06 - 2016-12-01 14:06 - 00089365 _____ C:\Users\Tomáš\Downloads\OznameniZmena_2012_ToFill_3.pdf
2016-11-28 19:37 - 2016-11-28 19:37 - 00003820 _____ C:\Users\Tomáš\AppData\Local\recently-used.xbel
2016-11-17 13:05 - 2016-11-17 13:06 - 00128284 _____ C:\Users\Tomáš\Downloads\objednavka_dopyt_prahov_do_apexu.xltm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-08 10:53 - 2010-03-19 17:45 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-08 10:52 - 2010-03-19 17:45 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-08 10:18 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-08 10:18 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-08 10:17 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-08 10:13 - 2006-11-02 14:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-05 19:27 - 2012-12-08 15:16 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\vlc
2016-12-03 20:01 - 2007-01-08 22:09 - 00648240 _____ C:\Windows\system32\perfh005.dat
2016-12-03 20:01 - 2007-01-08 22:09 - 00138830 _____ C:\Windows\system32\perfc005.dat
2016-12-03 20:01 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-12-03 20:01 - 2006-11-02 11:33 - 01539946 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-01 13:25 - 2008-10-12 17:41 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\uTorrent
2016-11-30 20:14 - 2013-10-10 17:39 - 00000000 ____D C:\Torrents
2016-11-28 19:39 - 2013-10-02 16:56 - 00000000 ____D C:\Users\Tomáš\.gimp-2.8
2016-11-28 19:37 - 2013-11-17 15:53 - 00000000 ____D C:\Users\Tomáš\AppData\Local\gtk-2.0
2016-11-25 16:21 - 2008-08-03 21:55 - 00119808 _____ C:\Users\Tomáš\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-25 12:52 - 2016-07-26 13:00 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-11-25 11:57 - 2016-02-02 11:49 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Seznam.cz
2016-11-25 11:54 - 2007-09-05 08:41 - 00000000 ____D C:\Program Files\Adobe
2016-11-25 11:22 - 2010-11-13 09:52 - 00026249 ____H C:\treeinfo.wc
2016-11-23 12:11 - 2008-08-31 09:31 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Skype
2016-11-23 12:04 - 2016-04-08 13:39 - 00000000 ___RD C:\Program Files\Skype
2016-11-23 12:04 - 2011-03-19 12:39 - 00000000 ____D C:\ProgramData\Skype
2016-11-11 18:23 - 2012-12-08 14:52 - 00054156 ____H C:\Windows\QTFont.qfn

==================== Files in the root of some directories =======

2009-09-02 17:13 - 2009-09-02 17:13 - 0000600 _____ () C:\Users\Tomáš\AppData\Roaming\PUTTY.RND
2013-04-17 15:40 - 2013-04-18 06:44 - 0000680 _____ () C:\Users\Tomáš\AppData\Local\d3d9caps.dat
2008-08-03 21:55 - 2016-11-25 16:21 - 0119808 _____ () C:\Users\Tomáš\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-13 18:07 - 2013-05-27 20:40 - 0004096 ____H () C:\Users\Tomáš\AppData\Local\keyfile3.drm
2008-12-25 00:45 - 2013-08-31 12:37 - 0000600 _____ () C:\Users\Tomáš\AppData\Local\PUTTY.RND
2016-11-28 19:37 - 2016-11-28 19:37 - 0003820 _____ () C:\Users\Tomáš\AppData\Local\recently-used.xbel
2016-04-01 12:41 - 2016-04-01 12:41 - 0000031 _____ () C:\Users\Tomáš\AppData\Local\SQ.RemoverDelete.bat
2016-02-08 18:52 - 2016-02-08 18:52 - 0032038 _____ () C:\Users\Tomáš\AppData\Local\SquareClock.Production_Home_Siko_WebIcon.ico

Files to move or delete:
====================
C:\Users\Tomáš\xobglu16.dll
C:\Users\Tomáš\xobglu32.dll


Some files in TEMP:
====================
C:\Users\Tomáš\AppData\Local\Temp\libeay32.dll
C:\Users\Tomáš\AppData\Local\Temp\msvcr120.dll
C:\Users\Tomáš\AppData\Local\Temp\sqlite3.dll
C:\Users\Tomáš\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-08 10:33

==================== End of FRST.txt ============================

[Márty84]

Zdravim

Stahnete crystal disk info http://www.slunecnice.cz/sw/crystaldiskinfo/
Nainstalujte (pozor na pripadne doplnky, ty odmitnete zrusenim zatrzitka) a spustte jako spravce. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)

Stahnete AdwCleaner https://toolslib.net/downloads/finish/1/ a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Scan a pockejte, az kontrola dobehne.
Pak kliknete na Cleaning
Program zacne pracovat (muze dojit k restartu pc) a vyplivne log (pripadne bude zde C:\AdwCleaner\AdwCleaner[C?].txt ). Ten mi sem zkopirujte.

[petrat]

crystal disk info:

----------------------------------------------------------------------------
CrystalDiskInfo 7.0.4 (C) 2008-2016 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows Vista Home Premium SP2 [6.0 Build 6002] (x86)
Date : 2016/12/08 20:30:54

-- Controller Map ----------------------------------------------------------
+ Intel(R) ICH8M Ultra ATA Storage Controllers - 2850 [ATA]
+ Kanál IDE (0)
- PIONEER DVD-RW DVR-K17A ATA Device
+ Intel(R) 82801HEM/HBM SATA AHCI Controller [ATA]
- FUJITSU MHY2200BH
+ A0LSU29I IDE Controller [SCSI]
- DCR D6BGDYBC SCSI CdRom Device
- Iniciátor iSCSI společnosti Microsoft [SCSI]

-- Disk List ---------------------------------------------------------------
(1) FUJITSU MHY2200BH : 200,0 GB [0/1/0, pd1]

----------------------------------------------------------------------------
(1) FUJITSU MHY2200BH
----------------------------------------------------------------------------
Model : FUJITSU MHY2200BH
Firmware : 0040020B
Serial Number : K429T812978G
Disk Size : 200,0 GB (8,4/137,4/200,0/200,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 390721968
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 3c
Transfer Mode : ---- | SATA/150
Power On Hours : 26568 hod.
Power On Count : 4907 krát
Temperature : 42 C (107 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 4080h [ON]
AAM Level : FEFEh [ON]
Drive Letter : C: E:

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _46 00000003D51F Počet chyb čtení
02 100 100 _30 000002CC02CC Průchodnost disku
03 100 100 _25 000000000001 Čas na roztočení ploten
04 _98 _98 __0 00000000219F Počet spuštění/zastavení
05 100 100 _24 07D000000000 Počet přemapovaných sektorů
07 100 100 _47 000000000AB2 Počet chybných hledání
08 100 100 _19 000000000004 Čas potřebný na vyhledání
09 _47 _47 __0 0000000067C8 Hodin v činnosti
0A 100 100 _20 000000000000 Počet opakovaných pokusů o roztočení ploten
0C 100 100 __0 00000000132B Počet cyklů zapnutí zařízení
C0 100 100 __0 00000000003A Počet vypnutí disku
C1 _94 _94 __0 000000021158 Počet cyklů načítání/vymazání
C2 100 _90 __0 003E000D002A Teplota
C3 100 100 __0 000000000018 Počet oprav chybného čtení
C4 100 100 __0 00001B080000 Počet udalostí s číslem realokování sektorů
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 253 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 _60 000000002297 Počet chyb při zápisu sektorů
CB 100 100 __0 016404480042 Počet chyb v kódech na opravu chyb
F0 200 200 __0 000000000000 Čas nastavování hlaviček - v hodinách

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 045A 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 2020 2020 2020 2020 4B34 3239 5438 3132 3937 3847
020: 0003 4000 0000 3030 3430 3032 3042 4655 4A49 5453
030: 5520 4D48 5932 3230 3042 4820 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 0702 0000 004C 004C
080: 01F8 0027 346B 7F09 6163 3469 BE09 6163 203F 0064
090: 0000 4080 FFFE 0000 FEFE 0000 0000 0000 0000 0000
100: F1B0 1749 0000 0000 0000 0000 4000 0000 5000 00E0
110: 4189 589E 0000 0000 0000 0000 0000 0000 0000 401D
120: 401C 0000 0000 0000 0000 0000 0000 0000 0009 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 03D5 0000 0000 0000 4004 4000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003D 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 100F 0021 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0B00 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 7CA5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 0F 00 64 64 1F D5 03 00 00 00 00 02 05
010: 00 64 64 CC 02 CC 02 00 00 00 03 03 00 64 64 01
020: 00 00 00 00 00 00 04 32 00 62 62 9F 21 00 00 00
030: 00 00 05 33 00 64 64 00 00 00 00 D0 07 00 07 0F
040: 00 64 64 B2 0A 00 00 00 00 00 08 05 00 64 64 04
050: 00 00 00 00 00 00 09 32 00 2F 2F C8 67 00 00 00
060: 00 00 0A 13 00 64 64 00 00 00 00 00 00 00 0C 32
070: 00 64 64 2B 13 00 00 00 00 00 C0 32 00 64 64 3A
080: 00 00 00 00 00 00 C1 32 00 5E 5E 58 11 02 00 00
090: 00 00 C2 22 00 64 5A 2A 00 0D 00 3E 00 00 C3 1A
0A0: 00 64 64 18 00 00 00 00 00 00 C4 32 00 64 64 00
0B0: 00 08 1B 00 00 00 C5 12 00 64 64 00 00 00 00 00
0C0: 00 00 C6 10 00 64 64 00 00 00 00 00 00 00 C7 3E
0D0: 00 C8 FD 00 00 00 00 00 00 00 C8 0F 00 64 64 97
0E0: 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CB 02
100: 00 64 64 42 00 48 04 64 01 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F0 3E
130: 00 C8 C8 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 2B 03 00 7B
170: 03 00 01 00 02 73 02 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 0E
1D0: 00 00 39 06 61 10 1C 00 1C 00 B0 14 1D 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00
1F0: 00 00 00 00 00 00 FF FF FF FF FF FF 3C 30 00 E6

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2E 00 00 00 00 00 00 00 00 00 00 02 1E
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 18 00 00 00 00 00 00 00 00 00 00 07 2F
040: 00 00 00 00 00 00 00 00 00 00 08 13 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 14 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 C0 00 00 00 00 00
080: 00 00 00 00 00 00 C1 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0A0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0B0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0C0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
0D0: 00 00 00 00 00 00 00 00 00 00 C8 3C 00 00 00 00
0E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 CB 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 F0 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05

AdwCleaner:
# AdwCleaner v6.040 - Log vytvořen 08/12/2016 v 20:22:58
# Aktualizováno dne 02/12/2016 z Malwarebytes
# Databáze : 2016-12-07.1 [Server]
# Operační systém : Windows Vista (TM) Home Premium Service Pack 2 (X86)
# Uživatelské jméno : Tomáš - PUNTULKA
# Spuštěno z : C:\Users\Tomáš\Desktop\adwcleaner_6.040.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support



***** [ Služby ] *****



***** [ Složky ] *****

[-] Složka smazána: C:\Users\Tomáš\AppData\Local\DriverToolkit
[-] Složka smazána: C:\Users\Tomáš\AppData\Local\SearchProtect
[-] Složka smazána: C:\Users\Tomáš\AppData\Local\Video Converter
[-] Složka smazána: E:\Documents\Video Converter
[-] Složka smazána: C:\ProgramData\Trymedia
[-] Složka smazána: C:\ProgramData\VideoConverter
[-] Složka smazána: C:\Program Files\DriverToolkit
[-] Složka smazána: C:\Program Files\SearchProtect


***** [ Soubory ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Zástupci ] *****



***** [ Naplánované úlohy ] *****



***** [ Registry ] *****

[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}
[-] Klíč smazán: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
[-] Hodnota smazána: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-] Klíč smazán: HKU\S-1-5-21-401885020-672167872-4106706270-1000\Software\DriverToolkit
[-] Klíč smazán: HKU\S-1-5-21-401885020-672167872-4106706270-1000\Software\powerpack
[-] Klíč smazán: HKU\S-1-5-21-401885020-672167872-4106706270-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
[#] Klíč smazán po restartu: HKU\S-1-5-21-401885020-672167872-4106706270-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SEARCHPROTECT
[#] Klíč smazán po restartu: HKCU\Software\DriverToolkit
[#] Klíč smazán po restartu: HKCU\Software\powerpack
[-] Klíč smazán: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolbar
[-] Klíč smazán: HKLM\SOFTWARE\dt soft\daemon tools toolbar
[-] Klíč smazán: HKLM\SOFTWARE\ICQ\ICQToolbar
[-] Klíč smazán: HKLM\SOFTWARE\Solvusoft
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SEARCHPROTECT
[-] Klíč smazán: HKU\S-1-5-21-401885020-672167872-4106706270-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
[-] Data obnovena: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]


***** [ Prohlížeče ] *****

[-] [C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Smazáno: slunecnice.cz


*************************

:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3369 Bajty] - [08/12/2016 09:52:28]
C:\AdwCleaner\AdwCleaner[S0].txt - [3650 Bajty] - [08/12/2016 09:21:24]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3515 Bajty] ##########

[Márty84]

Disk hlasi spoustu chyb. I to muze byt pricina problemu. Uvidime, az to poradne procistime

Udelejte kontrolu s MBAM. Test nastavte podle tohoto navodu (cili Vlastni sken vsech disku) http://forum.viry.cz/viewtopic.php?f=29&t=144868 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

[petrat]

Tak se mi to nepovedlo:(. Běželo to celý den a ještě když jsem šla spát. Pak jsem se šla podívat ve 3 ráno, když mě vzbudil synek a běželo to znova, tak jsem to vypnula. Tak nevím co s tím:(. Mám to pustit znova nebo není něco rychlejšího?

Dodatek: Žádnou hrozbu to neukazovalo, ale log nemám.

[Márty84]

Zkuste tedy v MBAM spustit aspon Sken hrozeb. Je o dost rychlejsi, akorat neprohlizi cely pocitac. Ale hlavni veci kontroluje.

[petrat]

Udelala jsem to nakonec podle puvodniho navodu, akorat jen disk se systemem:

Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 10.12.16
Čas skenování: 13:50
Logovací soubor:
Správce: Ano

-Informace o softwaru-
Verze: 3.0.4.1269
Verze komponentů: 1.0.39
Aktualizovat verzi balíku komponent: 1.0.683
Licence: Zkušební

-Systémová informace-
OS: Windows Vista Service Pack 2
CPU: x86
Systém souborů: NTFS
Uživatel: PUNTULKA\Tom\u00c3\u00a1\u00c5\u00a1

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Výsledek: Dokončeno
Skenované objekty: 239470
Uplynulý čas: 7 hod, 38 min, 28 sek

-Možnosti skenování-
Paměť: Zakázáno
Start: Zakázáno
Systém souborů: Povoleno
Archivy: Povoleno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Povoleno
Potenciálně nežádoucí modifikace: Povoleno

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 1
Heuristics.Shuriken, C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\PRNXX001.INF_87A0607D\I386\XM3_0SMU.DLL, Žádná uživatelská akce, [2108], [167],1.0.683

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Márty84]

Nalez nechte odstranit, pak MBAM odinstalujte.

Dejte nove logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach
(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

[petrat]

Ten MBAM odinstalovat nejde (hodinu se nic neděje). Stejně tak nejde odinstalovat plno dalších programů. Nejdou stáhnout ani aktualizace windows.

Log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by Tomáš (administrator) on PUNTULKA (11-12-2016 11:17:59)
Running from C:\Users\Tomáš\Desktop
Loaded Profiles: Tomáš (Available Profiles: Tomáš)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: Čeština

(Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... -tutorial-

how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\ASLDRSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
(Wondershare) C:\Program Files\Wondershare\WAF\2.1.5.0\WsAppService.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(C. Ghisler & Co.) C:\Program Files\Totalcmd\TOTALCMD.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(forum.viry.cz) C:\Users\Tomáš\Downloads\FRSTLauncher.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.

The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2016-11-

15] (AVAST Software)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe

[2786768 2016-11-29] (Malwarebytes)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-04]

(SUPERAntiSpyware.com)
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\Policies\system:

[DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\MountPoints2: {033a91b4-4513-11dd-9706-

806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\index.html
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\MountPoints2: {bcdf5df0-ff78-11e3-bf21-

001e8ce8493a} - G:\setup.exe
HKU\S-1-5-21-401885020-672167872-4106706270-1000\...\MountPoints2: {c3c61292-055a-11e0-9d1c-

001e8ce8493a} - D:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-401885020-672167872-4106706270-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->

C:\Windows\system32\PhotoScreensaver.scr [704512 2009-04-11] (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program

Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-19] (SuperAdBlocker.com)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program

Files\AVAST Software\Avast\ashShell.dll [2016-09-26] (AVAST Software)
GroupPolicy\User: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to

default.)

Winsock: Catalog5 02 C:\Windows\system32\napinsp.dll [50176 2008-01-19] (SpoleÄŤnost Microsoft)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.88.1 188.122.222.222 188.122.222.223
Tcpip\..\Interfaces\{B6764651-0603-43B3-8D07-CF2D51D602FD}: [DhcpNameServer] 192.168.88.1

188.122.222.222 188.122.222.223

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-401885020-672167872-4106706270-1000\SOFTWARE\Policies\Microsoft\Internet Explorer:

Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-401885020-672167872-4106706270-1000 -> {761EB9DB-05AB-4380-B2A1-

E0ACEB8957A7} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
BHO: No Name -> {451C804F-C205-4F03-B48E-537EC94937BF} -> No File
Toolbar: HKLM - No Name - {95188727-288F-4581-A48D-EAB3BD027314} - No File
Toolbar: HKU\S-1-5-21-401885020-672167872-4106706270-1000 -> No Name - {724D43A0-0D85-11D4-9908-

00400523E39A} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-

windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-

windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_40-

windows-i586.cab
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File

FireFox:
========
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\TomTom\HOME\Profiles\p9ln8pt4.default [2012-01-28]
FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com

[not found]
FF ProfilePath: C:\Users\Tomáš\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default [2016-

09-14]
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\u5vszwbm.default -> hxxps://www.google.com/search
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\u5vszwbm.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\u5vszwbm.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\u5vszwbm.default -> about:home
FF Session Restore: Mozilla\Firefox\Profiles\u5vszwbm.default -> is enabled.
FF Keyword.URL: Mozilla\Firefox\Profiles\u5vszwbm.default -> hxxps://www.google.com/search
FF Extension: (Firebug) - C:\Users\Tomáš

\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\firebug@software.joehewitt.co

m.xpi [2016-09-13]
FF Extension: (Firefox Hotfix) - C:\Users\Tomáš

\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\firefox-

hotfix@mozilla.org.xpi [2016-09-13]
FF Extension: (Vacuum Places Improved) - C:\Users\Tomáš

\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\VacuumPlacesImproved@lultimou

omo-gmail.com.xpi [2016-09-13]
FF Extension: (YSlow) - C:\Users\Tomáš

\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\yslow@yahoo-inc.com.xpi

[2016-09-13]
FF Extension: (Garmin Communicator) - C:\Users\Tomáš

\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{195A3098-0BD5-4e90-AE22-

BA1C540AFD1E} [2016-09-13]
FF Extension: (Html Validator) - C:\Users\Tomáš

\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{3b56bcc7-54e5-44a2-9b44-

66c3ef58c13e}(160) [2013-10-20] [not signed]
FF Extension: (Flashblock) - C:\Users\Tomáš

\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{3d7eb24f-2740-49df-8937-

200b1cc08f8a} [2016-09-13]
FF Extension: (View Source Chart) - C:\Users\Tomáš

\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{68836a21-fc7d-4ea1-a065-

7efabd99d414}.xpi [2016-09-13]
FF Extension: (Web Developer) - C:\Users\Tomáš

\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{c45c406e-ab73-11d8-be73-

000a95be3b12}.xpi [2016-09-13]
FF Extension: (HackBar) - C:\Users\Tomáš

\AppData\Roaming\Mozilla\Firefox\Profiles\u5vszwbm.default\Extensions\{F5DDF39C-9293-4d5e-9AA8-

E04E6DD5E9B4}.xpi [2016-09-13]
FF HKLM\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video

Converter Ultimate\WSVCU@Wondershare.com => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_19_0_0_226.dll

[2015-11-10] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll

[2013-09-05] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0

\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows

Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @software602.cz/602XML Filler -> C:\Program Files\Program na danÄ›\Filler\npfiller.dll

[No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5

\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5

\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13]

(VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13]

(VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24]

(Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> www.google.com
CHR StartupUrls: Default -> "www.google.com"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Tomáš\AppData\Local\Google\Chrome\User Data\Default [2016-12-11]
CHR Extension: (Prezentace Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User

Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-10]
CHR Extension: (Dokumenty Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User

Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-10]
CHR Extension: (Disk Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User

Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (Seznam Lištička - Email) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User

Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig [2016-11-14]
CHR Extension: (YouTube) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User

Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User

Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-10]
CHR Extension: (Tabulky Google) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User

Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-11]
CHR Extension: (Dokumenty Google offline) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User

Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-11]
CHR Extension: (Avast Online Security) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User

Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-12-08]
CHR Extension: (FormApps Chrome Extension) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User

Data\Default\Extensions\ilfoopambfaclfjmpiaijnccgcmbeigi [2016-09-12]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Tomáš

\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-

12-19]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Tomáš

\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-

04-04]
CHR Extension: (Seznam Lištička - Rychlá volba) - C:\Users\Tomáš

\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak [2016-

11-29]
CHR Extension: (Gmail) - C:\Users\Tomáš\AppData\Local\Google\Chrome\User

Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] -

hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-401885020-672167872-4106706270-1000

\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] -

C:\Users\TOM~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx <not found>
CHR HKU\S-1-5-21-401885020-672167872-4106706270-1000

\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] -

hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: chrome.exe - C:\Users\Tomáš\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome.DLL6RFUYD4C3RFIIJCCV6JMLOM - C:\Users\Tomáš

\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be

moved unless listed separately.)

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2013-01-02]

(SUPERAntiSpyware.com) [File not signed]
S4 602XML Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [85344 2011-10-10]

(Software602 a.s.)
S4 Apache2.2; E:\Apache\apache\bin\httpd.exe [24636 2008-12-10] (Apache Software Foundation) [File

not signed]
R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-02-05] () [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-09-26] (AVAST

Software)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
S3 CFSvcs; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2006-11-14] (TOSHIBA CORPORATION)

[File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3381200 2016-11-29]

(Malwarebytes)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015

-12-02] (McAfee, Inc.)
S4 mysql; E:\Apache\mysql\bin\mysqld.exe [6562432 2009-03-16] ()
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [581608 2016-06-23]

(RealNetworks, Inc.)
S3 TNaviSrv; C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [77824 2007-07-26] (TOSHIBA

Corporation) [File not signed]
S3 TODDSrv; C:\Windows\system32\TODDSrv.exe [114688 2006-05-25] (TOSHIBA Corporation) [File not

signed]
S3 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2006-08

-23] (Ulead Systems, Inc.) [File not signed]
S3 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [465872

2011-05-23] (Cisco Systems, Inc.)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft

Corporation)
R2 WsAppService; C:\Program Files\Wondershare\WAF\2.1.5.0\WsAppService.exe [382464 2015-12-02]

(Wondershare) [File not signed]
S4 XAMPP; E:\Apache\service.exe [60928 2007-12-21] () [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be

moved unless listed separately.)

S3 acsint; C:\Windows\System32\DRIVERS\acsint.sys [36624 2011-05-23] (Cisco Systems, Inc.)
S3 acsmux; C:\Windows\System32\DRIVERS\acsmux.sys [46480 2011-05-23] (Cisco Systems, Inc.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) [File not signed]
R1 ASPI32; C:\Windows\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34008 2016-09-26] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [35096 2016-09-26] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [92256 2016-09-26] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64272 2016-09-26] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [60424 2016-09-26] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [735488 2016-09-26] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [433768 2016-09-26] (AVAST Software)
R3 aswStmXP; C:\Windows\system32\drivers\aswStmXP.sys [184592 2016-09-26] (AVAST Software)
S3 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [66688 2016-09-26] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [224752 2016-10-13] (AVAST Software)
R1 cdrbsdrv; C:\Windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) [File

not signed]
R3 dfmirage; C:\Windows\System32\DRIVERS\dfmirage.sys [34128 2008-03-26] (DemoForge, LLC)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59968 2016-11-29] ()
R1 eusk2par; C:\Windows\system32\Drivers\eusk2par.sys [30656 2006-12-13] (Eutron)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (SpoleÄŤnost Microsoft)
S3 GT680x; C:\Windows\System32\Drivers\gt680x.sys [12416 2006-06-16] ( )
S3 i1display; C:\Windows\System32\Drivers\i1display.sys [44344 2004-10-15] ()
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28312 2014-03-18] (Logitech, Inc.)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [153024 2016-12-11] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [219072 2016-12-11] (Malwarebytes)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (SpoleÄŤnost Microsoft)
R2 PDIHWCTL; C:\Windows\system32\drivers\pdihwctl.sys [14416 2007-01-25] (Portrait Displays, Inc.)

[File not signed]
R3 RTL8187B; C:\Windows\System32\DRIVERS\RTL8187B.sys [252416 2007-06-01] (Realtek Semiconductor

Corporation )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com

and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com

and SUPERAntiSpyware.com)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-11] () [File not signed]
S3 teamviewervpn; C:\Windows\System32\DRIVERS\teamviewervpn.sys [25088 2011-01-12] (TeamViewer

GmbH)
S3 V0420VID; C:\Windows\System32\DRIVERS\V0420Vid.sys [99648 2007-05-31] (Creative Technology Ltd.)
U3 a255ip5x; C:\Windows\system32\Drivers\a255ip5x.sys [0 ] (Microsoft Corporation) <==== ATTENTION

(zero byte File/Folder)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be

moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 11:17 - 2016-12-11 11:19 - 00019336 _____ C:\Users\Tomáš\Desktop\FRST.txt
2016-12-11 11:13 - 2016-12-11 11:14 - 00112640 _____ (forum.viry.cz) C:\Users\Tomáš

\Downloads\FRSTLauncher.exe
2016-12-09 12:50 - 2016-12-11 11:09 - 00153024 _____ (Malwarebytes) C:\Windows\system32

\Drivers\MBAMChameleon.sys
2016-12-09 12:50 - 2016-12-11 11:09 - 00063264 _____ (Malwarebytes) C:\Windows\system32

\Drivers\mwac.sys
2016-12-09 12:49 - 2016-12-11 11:09 - 00219072 _____ (Malwarebytes) C:\Windows\system32

\Drivers\MBAMSwissArmy.sys
2016-12-09 12:49 - 2016-12-09 12:49 - 00001828 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-09 12:49 - 2016-11-29 06:27 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2016-12-09 12:48 - 2016-12-09 12:48 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-09 12:46 - 2016-12-09 12:47 - 51969976 _____ (Malwarebytes ) C:\Users\Tomáš

\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-08 20:17 - 2016-12-08 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\CrystalDiskInfo
2016-12-08 20:17 - 2016-12-08 20:17 - 00000000 ____D C:\Program Files\CrystalDiskInfo
2016-12-08 20:14 - 2016-12-08 20:14 - 11413488 _____ C:\Users\Tomáš

\Downloads\CrystalDiskInfo7_0_4-en.exe
2016-12-08 19:19 - 2016-12-08 19:19 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\QCAD
2016-12-08 19:03 - 2016-12-08 19:05 - 00000000 ____D C:\Program Files\QCAD
2016-12-08 19:03 - 2016-12-08 19:03 - 00000713 _____ C:\Users\Tomáš\Desktop\QCAD.lnk
2016-12-08 19:03 - 2016-12-08 19:03 - 00000000 ____D C:\Users\Tomáš

\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QCAD
2016-12-08 19:03 - 2016-12-08 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start

Menu\Programs\QCAD
2016-12-08 17:15 - 2016-12-08 17:17 - 44677590 _____ C:\Users\Tomáš\Downloads\qcad-3.15.3-win32-

installer.exe
2016-12-08 11:18 - 2016-12-08 11:18 - 00010309 _____ C:\Users\Tomáš\Desktop\Addition.zip
2016-12-08 10:54 - 2016-12-11 11:17 - 00000000 ____D C:\FRST
2016-12-08 09:18 - 2016-12-08 20:22 - 00000000 ____D C:\AdwCleaner
2016-12-08 09:12 - 2016-12-08 09:13 - 01761792 _____ (Farbar) C:\Users\Tomáš\Desktop\FRST.exe
2016-12-08 09:08 - 2016-12-08 09:09 - 03968464 _____ C:\Users\Tomáš\Desktop\adwcleaner_6.040.exe
2016-12-05 14:27 - 2016-12-05 14:27 - 00680110 _____ C:\Users\Tomáš

\Downloads\pojistne_podminky_majetek_a_odpovednost.pdf
2016-12-05 14:27 - 2016-12-05 14:27 - 00030248 _____ C:\Users\Tomáš\Downloads\spoluucast (1).pdf
2016-12-05 14:27 - 2016-12-05 14:27 - 00020917 _____ C:\Users\Tomáš\Downloads\rizika-

odpovednost.pdf
2016-12-05 14:27 - 2016-12-05 14:27 - 00017719 _____ C:\Users\Tomáš\Downloads\limity-

odpovednost.pdf
2016-12-05 14:26 - 2016-12-05 14:26 - 00030248 _____ C:\Users\Tomáš\Downloads\spoluucast.pdf
2016-12-05 14:26 - 2016-12-05 14:26 - 00023629 _____ C:\Users\Tomáš\Downloads\limity-budovy.pdf
2016-12-05 14:26 - 2016-12-05 14:26 - 00020145 _____ C:\Users\Tomáš\Downloads\rizika-budovy.pdf
2016-12-02 20:29 - 2016-12-02 20:29 - 00039448 _____ C:\Users\Tomáš\Downloads\Lights-Out-2016.srt
2016-12-01 18:51 - 2016-12-01 18:51 - 03023179 _____ C:\Users\Tomáš\Downloads\Český návod -

BEKO MOB 20231 BG.pdf
2016-12-01 18:51 - 2016-12-01 18:51 - 00936537 _____ C:\Users\Tomáš\Downloads\Instalační návod

- BEKO MOB 20231 BG.pdf
2016-12-01 18:43 - 2016-12-01 18:43 - 00087553 _____ C:\Users\Tomáš\Downloads\La-grande-bellezza

(0000232825).srt
2016-12-01 14:25 - 2016-12-01 14:25 - 00089365 _____ C:\Users\Tomáš

\Downloads\OznameniZmena_2012_ToFill_3 (1).pdf
2016-12-01 14:09 - 2016-12-01 14:09 - 00026843 _____ C:\Users\Tomáš

\Downloads\Oznameni_zmena_5.pdf
2016-12-01 14:06 - 2016-12-01 14:06 - 00089365 _____ C:\Users\Tomáš

\Downloads\OznameniZmena_2012_ToFill_3.pdf
2016-11-28 19:37 - 2016-11-28 19:37 - 00003820 _____ C:\Users\Tomáš\AppData\Local\recently-

used.xbel
2016-11-17 13:05 - 2016-11-17 13:06 - 00128284 _____ C:\Users\Tomáš

\Downloads\objednavka_dopyt_prahov_do_apexu.xltm

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-11 11:09 - 2013-04-19 07:18 - 00039360 _____ (Malwarebytes) C:\Windows\system32

\Drivers\mbam.sys
2016-12-11 11:07 - 2010-03-19 17:45 - 00000936 _____

C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-11 11:03 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-11 11:03 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-

9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-11 11:03 - 2006-11-02 13:47 - 00003568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-

9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-11 10:58 - 2006-11-02 14:01 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-11 10:52 - 2010-03-19 17:45 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-11 08:31 - 2007-01-08 22:09 - 00648240 _____ C:\Windows\system32\perfh005.dat
2016-12-11 08:31 - 2007-01-08 22:09 - 00138830 _____ C:\Windows\system32\perfc005.dat
2016-12-11 08:31 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-12-11 08:31 - 2006-11-02 11:33 - 01539946 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-09 12:48 - 2013-04-19 07:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-05 19:27 - 2012-12-08 15:16 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\vlc
2016-12-01 13:25 - 2008-10-12 17:41 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\uTorrent
2016-11-30 20:14 - 2013-10-10 17:39 - 00000000 ____D C:\Torrents
2016-11-28 19:39 - 2013-10-02 16:56 - 00000000 ____D C:\Users\Tomáš\.gimp-2.8
2016-11-28 19:37 - 2013-11-17 15:53 - 00000000 ____D C:\Users\Tomáš\AppData\Local\gtk-2.0
2016-11-25 16:21 - 2008-08-03 21:55 - 00119808 _____ C:\Users\Tomáš\AppData\Local\DCBC2A71-70D8-

4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-25 12:52 - 2016-07-26 13:00 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-11-25 11:57 - 2016-02-02 11:49 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Seznam.cz
2016-11-25 11:54 - 2007-09-05 08:41 - 00000000 ____D C:\Program Files\Adobe
2016-11-25 11:22 - 2010-11-13 09:52 - 00026249 ____H C:\treeinfo.wc
2016-11-23 12:11 - 2008-08-31 09:31 - 00000000 ____D C:\Users\Tomáš\AppData\Roaming\Skype
2016-11-23 12:04 - 2016-04-08 13:39 - 00000000 ___RD C:\Program Files\Skype
2016-11-23 12:04 - 2011-03-19 12:39 - 00000000 ____D C:\ProgramData\Skype
2016-11-11 18:23 - 2012-12-08 14:52 - 00054156 ____H C:\Windows\QTFont.qfn

==================== Files in the root of some directories =======

2009-09-02 17:13 - 2009-09-02 17:13 - 0000600 _____ () C:\Users\Tomáš\AppData\Roaming\PUTTY.RND
2013-04-17 15:40 - 2013-04-18 06:44 - 0000680 _____ () C:\Users\Tomáš\AppData\Local\d3d9caps.dat
2008-08-03 21:55 - 2016-11-25 16:21 - 0119808 _____ () C:\Users\Tomáš\AppData\Local\DCBC2A71-

70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-09-13 18:07 - 2013-05-27 20:40 - 0004096 ____H () C:\Users\Tomáš\AppData\Local\keyfile3.drm
2008-12-25 00:45 - 2013-08-31 12:37 - 0000600 _____ () C:\Users\Tomáš\AppData\Local\PUTTY.RND
2016-11-28 19:37 - 2016-11-28 19:37 - 0003820 _____ () C:\Users\Tomáš\AppData\Local\recently-

used.xbel
2016-04-01 12:41 - 2016-04-01 12:41 - 0000031 _____ () C:\Users\Tomáš

\AppData\Local\SQ.RemoverDelete.bat
2016-02-08 18:52 - 2016-02-08 18:52 - 0032038 _____ () C:\Users\Tomáš

\AppData\Local\SquareClock.Production_Home_Siko_WebIcon.ico

Files to move or delete:
====================
C:\Users\Tomáš\xobglu16.dll
C:\Users\Tomáš\xobglu32.dll


Some files in TEMP:
====================
C:\Users\Tomáš\AppData\Local\Temp\libeay32.dll
C:\Users\Tomáš\AppData\Local\Temp\msvcr120.dll
C:\Users\Tomáš\AppData\Local\Temp\sqlite3.dll
C:\Users\Tomáš\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool

===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is

running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program

Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program

Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files\Spybot -

Search & Destroy\SpybotSD.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Avast Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Malwarebytes (Disabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Disabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Tom ç\Desktop" je 88 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl
C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\cz.seznam.software.autoupdate
"C:\Users\Tom ç\AppData\Roaming\Seznam.cz\szninstall.exe" -c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared

tools\msconfig\startupreg\cz.seznam.software.szndesktop
"C:\Users\Tom ç\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe" -q [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emsisoft anti-malware
"c:\program files\emsisoft anti-malware\a2guard.exe" /d=60 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
"C:\Users\Tom ç\AppData\Local\Google\Update\GoogleUpdate.exe" /c [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl
"C:\Program Files\BatteryBar\ShowBatteryBar.exe" show [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowBatteryBar
"C:\Program Files\Common Files\Java\Java Update\jusched.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel
C:\Program Files\The Bat\thebat.exe /minimize [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
"C:\Users\Tom ç\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\thebat_startup
Re§im ECHO je vypnut.

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent
Re§im ECHO je vypnut.


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Domain

Profile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standa

rdProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domain

profile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standa

rdprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Domain

Profile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Standa

rdProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

[Márty84]

No na to, ze je log v preventivkach, ma ten pocitac nejak moc problemu

Pritrvrdime


Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[petrat]

ComboFix 16-12-06.01 - Tomáš 11.12.2016 16:47:45.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2038.820 [GMT 1:00]
Spuštěný z: c:\users\Tomáš\Desktop\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
SP: Avast Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
c:\windows\system32\~GLH00c6.TMP
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2016-11-11 do 2016-12-11 )))))))))))))))))))))))))))))))
.
.
2016-12-11 16:12 . 2016-12-11 16:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-12-09 11:50 . 2016-12-11 10:09 153024 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2016-12-09 11:50 . 2016-12-11 10:40 63264 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-12-09 11:49 . 2016-12-11 10:40 219072 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-12-09 11:49 . 2016-11-29 05:27 59968 ----a-w- c:\windows\system32\drivers\mbae.sys
2016-12-09 11:48 . 2016-12-09 11:48 -------- d-----w- c:\program files\Malwarebytes
2016-12-08 19:17 . 2016-12-08 19:17 -------- d-----w- c:\program files\CrystalDiskInfo
2016-12-08 18:19 . 2016-12-08 18:19 -------- d-----w- c:\users\Tomáš\AppData\Roaming\QCAD
2016-12-08 18:03 . 2016-12-08 18:05 -------- d-----w- c:\program files\QCAD
2016-12-08 09:54 . 2016-12-11 10:17 -------- d-----w- C:\FRST
2016-12-08 08:18 . 2016-12-08 19:22 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-11 10:40 . 2013-04-19 06:18 39360 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-10-13 11:24 . 2013-05-17 07:23 224752 ----a-w- c:\windows\system32\drivers\aswvmm.sys
2016-09-26 11:25 . 2008-08-25 16:26 433768 ----a-w- c:\windows\system32\drivers\aswsp.sys
2016-09-26 11:24 . 2011-08-19 11:40 735488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2016-09-26 11:21 . 2015-11-10 12:31 184592 ----a-w- c:\windows\system32\drivers\aswStmXP.sys
2016-09-26 11:21 . 2008-08-25 16:26 66688 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2016-09-26 11:21 . 2014-04-26 15:40 34008 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2016-09-26 11:21 . 2013-05-17 07:23 60424 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2016-09-26 11:21 . 2008-08-25 16:26 64272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2016-09-26 11:21 . 2008-08-25 16:26 92256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2016-09-26 11:21 . 2016-09-26 11:22 921280 ----a-w- c:\windows\ucrtbase.dll
2016-09-26 11:20 . 2016-09-26 11:22 319760 ----a-w- c:\windows\system32\aswBoot.exe
2016-09-26 11:20 . 2016-09-26 11:20 53208 ----a-w- c:\windows\avastSS.scr
2016-09-26 11:20 . 2016-04-15 11:08 35096 ----a-w- c:\windows\system32\drivers\aswKbd.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2016-09-26 11:20 832488 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2016-11-15 9080768]
"Malwarebytes TrayApp"="c:\program files\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe" [2016-11-29 2786768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActivControl]
2010-12-17 13:37 1094000 ----a-w- c:\program files\Activ Software\ActivDriver\ActivControl2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2015-09-14 07:25 1045720 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
c:\users\Tomáš\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-07-06 09:06 4669440 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowBatteryBar]
2009-05-28 21:02 90624 ----a-w- c:\program files\BatteryBar\ShowBatteryBar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-15 14:45 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2016-11-27 07:26 2145984 ----a-w- c:\users\Tomáš\AppData\Roaming\uTorrent\uTorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Skytel"=Skytel.exe
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-401885020-672167872-4106706270-1000]
"EnableNotificationsRef"=dword:00000001
.
R3 acsint;acsint;c:\windows\system32\DRIVERS\acsint.sys [2011-05-23 36624]
R3 acsmux;acsmux;c:\windows\system32\DRIVERS\acsmux.sys [2011-05-23 46480]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-01-02 116608]
R4 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-04-12 08:07 1106072 ----a-w- c:\program files\Google\Chrome\Application\49.0.2623.112\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2016-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-21 07:34]
.
2016-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-07-21 07:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Zend Studio - Debug current page - c:\program files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html
TCP: DhcpNameServer = 192.168.88.1 188.122.222.222 188.122.222.223
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-cz.seznam.software - c:\users\Tomáš\AppData\Roaming\Seznam.cz\szninstall.exe
MSConfigStartUp-emsisoft anti-malware - c:\program files\emsisoft anti-malware\a2guard.exe
MSConfigStartUp-Google Update - c:\users\Tomáš\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-thebat_startup - c:\program files\The Bat!\thebat.exe
AddRemove-FileZilla Client - c:\program files\FileZilla FTP Client\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2016-12-11 17:27
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-401885020-672167872-4106706270-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0C2E2EB-7BF0-E2F4-99EC-181019D03EE8}*]
"haadgcicaloappcj"=hex:6b,61,66,62,67,70,69,69,65,66,62,6f,70,6d,64,6d,6a,63,
67,6e,66,68,00,00
"iakcadnfhcdbkmpdim"=hex:6b,61,66,62,67,70,69,69,65,66,62,6f,70,6d,64,6d,6a,63,
67,6e,66,68,00,00
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_22_0_0_210_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Online Games Manager\ogmservice.exe
c:\program files\Wondershare\WAF\2.1.5.0\WsAppService.exe
c:\program files\AVAST Software\Avast\wsc_proxy.exe
c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\windows\system32\conime.exe
c:\program files\Google\Update\1.3.31.5\GoogleCrashHandler.exe
.
**************************************************************************
.
Celkový čas: 2016-12-11 17:30:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2016-12-11 16:30
.
Před spuštěním: Volných bajtů: 14 499 577 856
Po spuštění: Volných bajtů: 14 653 923 328
.
- - End Of File - - 0E5FEF86DF257DFF6E0892F3F399BEC2
5C616939100B85E558DA92B899A0FC36

[Márty84]

Na odinstalovani tech programu, co nejsou, zkuste pouzit Revo http://www.stahuj.centrum.cz/utility_a_ ... installer/
Pri jeho instalaci pozorne ctete, at si do pc nenatahnete nejaky nechteny pridavek.



Presunte ComboFix primo na disk C (takze cesta k nemu bude c:\ComboFix.exe )!
Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes TrayApp"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cz.seznam.software.szndesktop]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=-
"WMPNSCFG"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Regnull::
[HKEY_USERS\S-1-5-21-401885020-672167872-4106706270-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0C2E2EB-7BF0-E2F4-99EC-181019D03EE8}*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

DDS::
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Zend Studio - Debug current page - c:\program files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files\Zend\ZendStudio-5.5.0\bin\ZendIEToolbar.dll/DebugNext.html

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte take primo na C (takze cesta k nemu bude c:\CFScript.txt ).
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

[petrat]

Tak bohužel ten Revo uninstaller nepomohl, zasekává se to v prvním kroku (tvorba bodu obnovení) a ani po hodině žádný posun.

Ten combofix běží asi 10 hodin, ikdyž to píše že to může trvat až 20 minut. V noci se to navíc uspalo a tak nevím jestli to ještě běží nebo se to kouslo. Je to normální, takový dlouhý běh?

[petrat]

Nevím si s tím rady, mohl by jste mi poradit?

[Márty84]

Nevím si s tím rady, mohl by jste mi poradit?

Az ted jsem prisel z prace a tam nemam moznost byt u pc.

Tak bohužel ten Revo uninstaller nepomohl, zasekává se to v prvním kroku (tvorba bodu obnovení)

Mate povolene vytvareni bodu obnovy?

Ten combofix běží asi 10 hodin, ikdyž to píše že to může trvat až 20 minut. V noci se to navíc uspalo a tak nevím jestli to ještě běží nebo se to kouslo. Je to normální, takový dlouhý běh?

V pripade hodne nakazeneho, nebo poskozeneho systemu, muze trvat i nekolik hodin, ale jestli je to porad stejne, tak to ukoncete a zkuste to zopakovat v nouzovem rezimu...

Do nouzoveho rezimu se dostanete takto:
restartujte pc, mackejte klavesu F8 - pripadne jinou, zalezi na typu stroje - a zvolte moznost nouzovy rezim.
Kdyby to neslo, zde je jiny postup http://forum.viry.cz/viewtopic.php?f=46&t=7554