Dobrý den,
prosím o kontrolu poslední dobou velmi zpomaleného NB.
Vkládám log z FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Všichni (administrator) on VERUNKA (14-12-2016 19:01:38)
Running from C:\Users\Všichni\Desktop
Loaded Profiles: Všichni (Available Profiles: Martin & Všichni)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Pokki) C:\Users\Všichni\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
Failed to access process -> OneDrive.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.427\McUICnt.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Pokki) C:\Users\Všichni\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Všichni\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Všichni\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD64.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-12-26] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-07-22] (Cisco Systems, Inc.)
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [Minecraft-1] => wscript.exe //B "C:\Users\Všichni\AppData\Local\Temp\Minecraft-1.7.2-plna-hra-zdarma.rar.vbs" <===== ATTENTION
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2016-12-02] (Electronic Arts)
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\RunOnce: [Application Restart #4] => C:\Users\Všichni\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe [7874024 2016-09-18] (Pokki)
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\MountPoints2: {6cb303f6-95e3-11e6-8373-8cdcd47982ef} - "F:\Autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Všichni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2016-04-06]
ShortcutTarget: IMVU.lnk -> C:\Users\Všichni\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: -> Catalog9 - Broken internet access due to missing entry. <===== ATTENTION
Winsock: -> Catalog9-x64 - Broken internet access due to missing entry. <===== ATTENTION
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.107.4.100 10.107.4.129
Tcpip\..\Interfaces\{48d5d0e3-c971-4ac1-96b1-8b7123247b77}: [DhcpNameServer] 10.107.4.100 10.107.4.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {43CCCD74-648C-496F-B2BE-2DA40FFA2513} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {43CCCD74-648C-496F-B2BE-2DA40FFA2513} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005 -> {43CCCD74-648C-496F-B2BE-2DA40FFA2513} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005 -> {5F26744E-6407-431E-8603-DF48776A0E26} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=Searchmodule_1
SearchScopes: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005 -> {FC35D6A4-69EE-4501-BBE6-4D9EF8E45512} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=501549&p={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005 -> hxxps://www.seznam.cz/
FireFox:
========
FF DefaultProfile: 3j76rsjx.default
FF ProfilePath: C:\Users\Všichni\AppData\Roaming\Mozilla\Firefox\Profiles\3j76rsjx.default [2016-12-14]
FF Extension: (Firefox Hotfix) - C:\Users\Všichni\AppData\Roaming\Mozilla\Firefox\Profiles\3j76rsjx.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-05]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\Všichni\AppData\Roaming\Mozilla\Firefox\Profiles\3j76rsjx.default\features\{49b92219-fc9f-406c-9f03-04a4f642badb}\malware-remediation@mozilla.org.xpi [2016-09-30]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2016-02-01] [not signed]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3063416917-3957878483-2118656444-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Všichni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-03-24] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default [2016-12-11]
CHR Extension: (Prezentace Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-21]
CHR Extension: (Dokumenty Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Disk Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
CHR Extension: (YouTube) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Tabulky Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-14]
CHR Extension: (Norton Safe) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Gmail) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-13]
CHR Profile: C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-11]
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2015-09-18] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2118664 2016-12-02] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180112 2016-12-02] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-12-26] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-19] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-19] (Disc Soft Ltd)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [602352 2015-08-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [67680 2016-09-02] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-22] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-07-22] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-14 19:01 - 2016-12-14 19:02 - 00017931 _____ C:\Users\Všichni\Desktop\FRST.txt
2016-12-14 18:57 - 2016-12-14 19:01 - 00000000 ____D C:\FRST
2016-12-14 18:56 - 2016-12-11 20:14 - 02420224 _____ (Farbar) C:\Users\Všichni\Desktop\FRST64.exe
2016-12-11 20:16 - 2016-12-11 20:16 - 00002858 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-11 20:16 - 2016-12-11 20:16 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-11 20:16 - 2016-12-11 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-11 20:16 - 2016-12-11 20:16 - 00000000 ____D C:\Program Files\CCleaner
2016-11-14 18:47 - 2016-11-14 18:47 - 00130560 _____ C:\Users\Všichni\Downloads\autobaterie.xls
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-14 17:41 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-14 17:02 - 2016-09-12 03:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-14 17:01 - 2014-10-31 16:01 - 00000000 ____D C:\Users\Všichni\AppData\Local\SweetLabs App Platform
2016-12-11 20:47 - 2015-12-25 08:45 - 00000000 ____D C:\ProgramData\Origin
2016-12-11 20:44 - 2016-10-19 14:19 - 00000000 ____D C:\Users\Všichni\AppData\Roaming\DAEMON Tools Lite
2016-12-11 20:43 - 2016-09-12 16:31 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-11 20:43 - 2016-09-12 04:06 - 00000000 ___DC C:\WINDOWS\Panther
2016-12-11 20:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-11 20:43 - 2015-01-05 19:57 - 00000000 ____D C:\Users\Všichni\AppData\Local\CrashDumps
2016-12-10 17:11 - 2016-09-12 03:14 - 00000000 ____D C:\Users\Všichni
2016-12-10 17:00 - 2016-09-12 03:13 - 03984432 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-10 17:00 - 2016-07-16 23:25 - 01723542 _____ C:\WINDOWS\system32\perfh005.dat
2016-12-10 17:00 - 2016-07-16 23:25 - 00476472 _____ C:\WINDOWS\system32\perfc005.dat
2016-12-10 16:56 - 2016-09-12 03:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-09 21:53 - 2015-12-25 08:52 - 00000000 ____D C:\Users\Všichni\AppData\Roaming\Origin
2016-12-09 20:51 - 2016-06-11 19:02 - 00000000 ____D C:\Users\Všichni\Desktop\filmy
2016-12-09 20:29 - 2014-08-19 03:44 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-12-09 20:18 - 2016-07-16 07:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-12-02 18:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-02 18:07 - 2014-10-31 16:03 - 00000000 ____D C:\Users\Všichni\Documents\Youcam
2016-12-02 17:08 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-02 17:08 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-02 17:08 - 2016-04-10 10:33 - 00000000 ____D C:\Program Files (x86)\Origin
2016-12-02 11:08 - 2016-08-15 08:03 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForVšichni.job
2016-12-01 18:39 - 2016-09-12 03:30 - 00003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForVšichni
2016-11-27 16:14 - 2016-10-17 19:45 - 01945600 _____ C:\Users\Všichni\Desktop\Vanoce 2016.ppt
2016-11-24 23:08 - 2015-02-21 11:14 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-24 23:08 - 2015-02-21 11:14 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-16 22:37 - 2015-02-21 11:11 - 00000000 ____D C:\Users\Všichni\AppData\Local\Google
==================== Files in the root of some directories =======
2016-02-27 22:35 - 2016-12-14 18:49 - 0682658 _____ () C:\Users\Všichni\AppData\Local\BTServer.log
2016-09-23 17:38 - 2016-09-23 17:38 - 0000017 _____ () C:\Users\Všichni\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-09 14:01
==================== End of FRST.txt ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalý notebook
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý notebook
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý notebook
# AdwCleaner v6.040 - Log vytvořen 15/12/2016 v 17:55:18
# Aktualizováno dne 02/12/2016 z Malwarebytes
# Databáze : 2016-12-02.1 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Všichni - VERUNKA
# Spuštěno z : C:\Users\Všichni\Desktop\adwcleaner_6.040.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Martin\AppData\Local\pokki
[#] Složka smazána po restartu: C:\Users\Martin\AppData\Local\Pokki
[#] Složka smazána po restartu: C:\Users\Všichni\AppData\Local\SweetLabs App Platform
[-] Složka smazána: C:\Users\Default User\AppData\Local\Pokki
[#] Složka smazána po restartu: C:\Users\Default\AppData\Local\Pokki
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\Všichni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] Soubor smazán: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: SweetLabs App Platform
***** [ Registry ] *****
[-] Klíč smazán: HKCU\Software\ac3f08b39549bcf9d81c2d271faa3dca
[-] Klíč smazán: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Classes\pokki
[#] Klíč smazán po restartu: HKCU\Software\Classes\pokki
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\pokki
[-] Klíč smazán: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\SweetLabs App Platform
[-] Klíč smazán: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Klíč smazán: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Klíč smazán: HKCU\Software\SweetLabs App Platform
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Klíč smazán po restartu: [x64] HKCU\Software\SweetLabs App Platform
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Klíč smazán: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Internet Explorer\SearchScopes\{FC35D6A4-69EE-4501-BBE6-4D9EF8E45512}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FC35D6A4-69EE-4501-BBE6-4D9EF8E45512}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FC35D6A4-69EE-4501-BBE6-4D9EF8E45512}
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bambule.akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\sjidelnicek.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bambule.akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\sjidelnicek.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bambule.akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\sjidelnicek.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bambule.akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\sjidelnicek.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.akcniceny.cz
[-] Hodnota smazána: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Klíč smazán: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Klíč smazán: HKCU\Software\Classes\Directory\shell\pokki
[-] Klíč smazán: HKCU\Software\Classes\Drive\shell\pokki
[-] Klíč smazán: HKCU\Software\Classes\lnkfile\shell\pokki
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [7088 Bajty] - [15/12/2016 17:55:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [7104 Bajty] - [15/12/2016 17:20:25]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7234 Bajty] ##########
# Aktualizováno dne 02/12/2016 z Malwarebytes
# Databáze : 2016-12-02.1 [Místní]
# Operační systém : Windows 10 Home (X64)
# Uživatelské jméno : Všichni - VERUNKA
# Spuštěno z : C:\Users\Všichni\Desktop\adwcleaner_6.040.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
[-] Složka smazána: C:\Users\Martin\AppData\Local\pokki
[#] Složka smazána po restartu: C:\Users\Martin\AppData\Local\Pokki
[#] Složka smazána po restartu: C:\Users\Všichni\AppData\Local\SweetLabs App Platform
[-] Složka smazána: C:\Users\Default User\AppData\Local\Pokki
[#] Složka smazána po restartu: C:\Users\Default\AppData\Local\Pokki
***** [ Soubory ] *****
[-] Soubor smazán: C:\Users\Všichni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
[-] Soubor smazán: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
[-] Úloha smazána: SweetLabs App Platform
***** [ Registry ] *****
[-] Klíč smazán: HKCU\Software\ac3f08b39549bcf9d81c2d271faa3dca
[-] Klíč smazán: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Classes\pokki
[#] Klíč smazán po restartu: HKCU\Software\Classes\pokki
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\pokki
[-] Klíč smazán: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\SweetLabs App Platform
[-] Klíč smazán: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Klíč smazán: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Klíč smazán: HKCU\Software\SweetLabs App Platform
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[#] Klíč smazán po restartu: [x64] HKCU\Software\SweetLabs App Platform
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Klíč smazán: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Internet Explorer\SearchScopes\{FC35D6A4-69EE-4501-BBE6-4D9EF8E45512}
[#] Klíč smazán po restartu: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FC35D6A4-69EE-4501-BBE6-4D9EF8E45512}
[#] Klíč smazán po restartu: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{FC35D6A4-69EE-4501-BBE6-4D9EF8E45512}
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bambule.akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\sjidelnicek.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bambule.akcniceny.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\sjidelnicek.cz
[-] Klíč smazán: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\bambule.akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\sjidelnicek.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\bambule.akcniceny.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\sjidelnicek.cz
[#] Klíč smazán po restartu: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.akcniceny.cz
[-] Hodnota smazána: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Klíč smazán: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Klíč smazán: HKCU\Software\Classes\Directory\shell\pokki
[-] Klíč smazán: HKCU\Software\Classes\Drive\shell\pokki
[-] Klíč smazán: HKCU\Software\Classes\lnkfile\shell\pokki
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [7088 Bajty] - [15/12/2016 17:55:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [7104 Bajty] - [15/12/2016 17:20:25]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [7234 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý notebook
Dejte nový log FRST.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý notebook
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Všichni (administrator) on VERUNKA (15-12-2016 19:12:54)
Running from C:\Users\Všichni\Desktop
Loaded Profiles: Všichni (Available Profiles: Martin & Všichni)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-12-26] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-07-22] (Cisco Systems, Inc.)
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [Minecraft-1] => wscript.exe //B "C:\Users\Všichni\AppData\Local\Temp\Minecraft-1.7.2-plna-hra-zdarma.rar.vbs" <===== ATTENTION
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2016-12-02] (Electronic Arts)
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\RunOnce: [Application Restart #4] => C:\Users\Všichni\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-reso (the data entry has 587 more characters).
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\RunOnce: [Uninstall 17.3.6517.0809_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Všichni\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64"
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\RunOnce: [Uninstall 17.3.6517.0809_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Všichni\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1"
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\MountPoints2: {6cb303f6-95e3-11e6-8373-8cdcd47982ef} - "F:\Autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Všichni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2016-04-06]
ShortcutTarget: IMVU.lnk -> C:\Users\Všichni\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.107.4.100 10.107.4.129
Tcpip\..\Interfaces\{48d5d0e3-c971-4ac1-96b1-8b7123247b77}: [DhcpNameServer] 10.107.4.100 10.107.4.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {43CCCD74-648C-496F-B2BE-2DA40FFA2513} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {43CCCD74-648C-496F-B2BE-2DA40FFA2513} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005 -> {43CCCD74-648C-496F-B2BE-2DA40FFA2513} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005 -> {5F26744E-6407-431E-8603-DF48776A0E26} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=Searchmodule_1
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005 -> hxxps://www.seznam.cz/
FireFox:
========
FF DefaultProfile: 3j76rsjx.default
FF ProfilePath: C:\Users\Všichni\AppData\Roaming\Mozilla\Firefox\Profiles\3j76rsjx.default [2016-12-15]
FF Extension: (Firefox Hotfix) - C:\Users\Všichni\AppData\Roaming\Mozilla\Firefox\Profiles\3j76rsjx.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-05]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\Všichni\AppData\Roaming\Mozilla\Firefox\Profiles\3j76rsjx.default\features\{49b92219-fc9f-406c-9f03-04a4f642badb}\malware-remediation@mozilla.org.xpi [2016-09-30]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2016-02-01] [not signed]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3063416917-3957878483-2118656444-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Všichni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-03-24] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default [2016-12-15]
CHR Extension: (Prezentace Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-21]
CHR Extension: (Dokumenty Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Disk Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
CHR Extension: (YouTube) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Tabulky Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-14]
CHR Extension: (Norton Safe) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Gmail) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-13]
CHR Profile: C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-11]
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2015-09-18] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2118664 2016-12-02] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180112 2016-12-02] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-12-26] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-19] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-19] (Disc Soft Ltd)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [602352 2015-08-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [67680 2016-09-02] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-22] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-07-22] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-15 18:04 - 2016-12-15 18:04 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-15 17:16 - 2016-12-15 17:55 - 00000000 ____D C:\AdwCleaner
2016-12-15 17:16 - 2016-12-15 17:10 - 03968464 _____ C:\Users\Všichni\Desktop\adwcleaner_6.040.exe
2016-12-14 19:03 - 2016-12-14 19:05 - 00028780 _____ C:\Users\Všichni\Desktop\Addition.txt
2016-12-14 19:01 - 2016-12-15 19:13 - 00017471 _____ C:\Users\Všichni\Desktop\FRST.txt
2016-12-14 18:57 - 2016-12-15 19:12 - 00000000 ____D C:\FRST
2016-12-14 18:56 - 2016-12-11 20:14 - 02420224 _____ (Farbar) C:\Users\Všichni\Desktop\FRST64.exe
2016-12-11 20:16 - 2016-12-11 20:16 - 00002858 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-11 20:16 - 2016-12-11 20:16 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-11 20:16 - 2016-12-11 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-11 20:16 - 2016-12-11 20:16 - 00000000 ____D C:\Program Files\CCleaner
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-15 19:12 - 2016-09-12 03:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-15 19:01 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-15 19:01 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-15 18:27 - 2014-10-31 16:02 - 00000000 ____D C:\Users\Všichni\AppData\Local\Packages
2016-12-15 18:18 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-15 18:07 - 2016-09-12 03:30 - 00003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForVšichni
2016-12-15 18:07 - 2016-08-15 08:03 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForVšichni.job
2016-12-15 18:04 - 2016-09-12 03:13 - 04184982 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-15 18:04 - 2016-07-16 23:25 - 01827128 _____ C:\WINDOWS\system32\perfh005.dat
2016-12-15 18:04 - 2016-07-16 23:25 - 00507272 _____ C:\WINDOWS\system32\perfc005.dat
2016-12-15 18:04 - 2015-11-16 22:25 - 00002442 _____ C:\Users\Všichni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-15 18:04 - 2015-11-16 22:25 - 00000000 ___RD C:\Users\Všichni\OneDrive
2016-12-15 18:02 - 2014-10-31 16:03 - 00000000 ____D C:\Users\Všichni\Documents\Youcam
2016-12-15 17:58 - 2016-09-12 03:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-15 17:57 - 2016-07-16 07:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-12-15 17:57 - 2014-08-19 03:44 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-12-15 17:52 - 2014-10-31 16:01 - 00000000 ____D C:\Users\Všichni\AppData\Local\SweetLabs App Platform
2016-12-14 17:41 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-11 20:47 - 2015-12-25 08:45 - 00000000 ____D C:\ProgramData\Origin
2016-12-11 20:44 - 2016-10-19 14:19 - 00000000 ____D C:\Users\Všichni\AppData\Roaming\DAEMON Tools Lite
2016-12-11 20:43 - 2016-09-12 16:31 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-11 20:43 - 2016-09-12 04:06 - 00000000 ___DC C:\WINDOWS\Panther
2016-12-11 20:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-11 20:43 - 2015-01-05 19:57 - 00000000 ____D C:\Users\Všichni\AppData\Local\CrashDumps
2016-12-10 17:11 - 2016-09-12 03:14 - 00000000 ____D C:\Users\Všichni
2016-12-09 21:53 - 2015-12-25 08:52 - 00000000 ____D C:\Users\Všichni\AppData\Roaming\Origin
2016-12-09 20:51 - 2016-06-11 19:02 - 00000000 ____D C:\Users\Všichni\Desktop\filmy
2016-12-02 18:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-02 17:08 - 2016-04-10 10:33 - 00000000 ____D C:\Program Files (x86)\Origin
2016-11-27 16:14 - 2016-10-17 19:45 - 01945600 _____ C:\Users\Všichni\Desktop\Vanoce 2016.ppt
2016-11-24 23:08 - 2015-02-21 11:14 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-24 23:08 - 2015-02-21 11:14 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-16 22:37 - 2015-02-21 11:11 - 00000000 ____D C:\Users\Všichni\AppData\Local\Google
==================== Files in the root of some directories =======
2016-02-27 22:35 - 2016-12-15 18:01 - 0684724 _____ () C:\Users\Všichni\AppData\Local\BTServer.log
2016-09-23 17:38 - 2016-09-23 17:38 - 0000017 _____ () C:\Users\Všichni\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\Všichni\AppData\Local\Temp\libeay32.dll
C:\Users\Všichni\AppData\Local\Temp\msvcr120.dll
C:\Users\Všichni\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-09 14:01
==================== End of FRST.txt ============================
Ran by Všichni (administrator) on VERUNKA (15-12-2016 19:12:54)
Running from C:\Users\Všichni\Desktop
Loaded Profiles: Všichni (Available Profiles: Martin & Všichni)
Platform: Windows 10 Home Version 1607 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(%CFullName%) C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8496344 2015-12-26] (Realtek Semiconductor)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [229592 2015-07-09] (Realtek Semiconductor Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-04-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [657424 2015-09-03] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-07-22] (Cisco Systems, Inc.)
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [Minecraft-1] => wscript.exe //B "C:\Users\Všichni\AppData\Local\Temp\Minecraft-1.7.2-plna-hra-zdarma.rar.vbs" <===== ATTENTION
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3044848 2016-12-02] (Electronic Arts)
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\RunOnce: [Application Restart #4] => C:\Users\Všichni\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe --disable-internal-flash --noerrdialogs --no-message-box --disable-extensions --disable-web-security --disable-web-reso (the data entry has 587 more characters).
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\RunOnce: [Uninstall 17.3.6517.0809_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Všichni\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64"
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\RunOnce: [Uninstall 17.3.6517.0809_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Všichni\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1"
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\MountPoints2: {6cb303f6-95e3-11e6-8373-8cdcd47982ef} - "F:\Autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Všichni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk [2016-04-06]
ShortcutTarget: IMVU.lnk -> C:\Users\Všichni\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.107.4.100 10.107.4.129
Tcpip\..\Interfaces\{48d5d0e3-c971-4ac1-96b1-8b7123247b77}: [DhcpNameServer] 10.107.4.100 10.107.4.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM -> {43CCCD74-648C-496F-B2BE-2DA40FFA2513} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKLM-x32 -> {43CCCD74-648C-496F-B2BE-2DA40FFA2513} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005 -> {43CCCD74-648C-496F-B2BE-2DA40FFA2513} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005 -> {5F26744E-6407-431E-8603-DF48776A0E26} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=Searchmodule_1
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-3063416917-3957878483-2118656444-1005 -> hxxps://www.seznam.cz/
FireFox:
========
FF DefaultProfile: 3j76rsjx.default
FF ProfilePath: C:\Users\Všichni\AppData\Roaming\Mozilla\Firefox\Profiles\3j76rsjx.default [2016-12-15]
FF Extension: (Firefox Hotfix) - C:\Users\Všichni\AppData\Roaming\Mozilla\Firefox\Profiles\3j76rsjx.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-05]
FF Extension: (Youtube Unblocker Remediation) - C:\Users\Všichni\AppData\Roaming\Mozilla\Firefox\Profiles\3j76rsjx.default\features\{49b92219-fc9f-406c-9f03-04a4f642badb}\malware-remediation@mozilla.org.xpi [2016-09-30]
FF HKLM-x32\...\Firefox\Extensions: [firefox@bho.com] - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt
FF Extension: (HP SimplePass) - C:\Program Files\Hewlett-Packard\SimplePass\FFBHOExt [2016-02-01] [not signed]
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3063416917-3957878483-2118656444-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Všichni\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-03-24] (Unity Technologies ApS)
Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff
CHR Profile: C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default [2016-12-15]
CHR Extension: (Prezentace Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-21]
CHR Extension: (Dokumenty Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Disk Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-16]
CHR Extension: (YouTube) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-28]
CHR Extension: (Vyhledávání Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-16]
CHR Extension: (Tabulky Google) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-21]
CHR Extension: (Dokumenty Google offline) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-14]
CHR Extension: (Norton Safe) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-11]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-14]
CHR Extension: (Gmail) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR Extension: (Chrome Media Router) - C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-13]
CHR Profile: C:\Users\Všichni\AppData\Local\Google\Chrome\User Data\System Profile [2016-12-11]
CHR HKLM-x32\...\Chrome\Extension: [fidikogfgleiaefnjbmnjaplmgknppkg] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-06-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2015-09-18] ()
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [606224 2015-09-03] (Hewlett-Packard Development Company, L.P.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.427\McCHSvc.exe [329480 2016-10-13] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [124928 2015-07-02] (Softex Inc.) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2118664 2016-12-02] (Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2180112 2016-12-02] (Electronic Arts)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [294616 2015-12-26] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260704 2016-09-02] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [36608 2013-12-14] (Advanced Micro Devices, Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [129152 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-19] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-19] (Disc Soft Ltd)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek )
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [602352 2015-08-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [5144064 2016-07-16] (Realtek Semiconductor Corporation )
R3 SmbDrv; C:\WINDOWS\system32\DRIVERS\Smb_driver_AMDASF.sys [67680 2016-09-02] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-22] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [221824 2016-04-24] (Samsung Electronics Co., Ltd.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-07-22] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-23] (HP Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-15 18:04 - 2016-12-15 18:04 - 00003278 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-15 17:16 - 2016-12-15 17:55 - 00000000 ____D C:\AdwCleaner
2016-12-15 17:16 - 2016-12-15 17:10 - 03968464 _____ C:\Users\Všichni\Desktop\adwcleaner_6.040.exe
2016-12-14 19:03 - 2016-12-14 19:05 - 00028780 _____ C:\Users\Všichni\Desktop\Addition.txt
2016-12-14 19:01 - 2016-12-15 19:13 - 00017471 _____ C:\Users\Všichni\Desktop\FRST.txt
2016-12-14 18:57 - 2016-12-15 19:12 - 00000000 ____D C:\FRST
2016-12-14 18:56 - 2016-12-11 20:14 - 02420224 _____ (Farbar) C:\Users\Všichni\Desktop\FRST64.exe
2016-12-11 20:16 - 2016-12-11 20:16 - 00002858 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-12-11 20:16 - 2016-12-11 20:16 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-12-11 20:16 - 2016-12-11 20:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-12-11 20:16 - 2016-12-11 20:16 - 00000000 ____D C:\Program Files\CCleaner
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-12-15 19:12 - 2016-09-12 03:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-15 19:01 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-15 19:01 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-15 18:27 - 2014-10-31 16:02 - 00000000 ____D C:\Users\Všichni\AppData\Local\Packages
2016-12-15 18:18 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-15 18:07 - 2016-09-12 03:30 - 00003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForVšichni
2016-12-15 18:07 - 2016-08-15 08:03 - 00000356 _____ C:\WINDOWS\Tasks\HPCeeScheduleForVšichni.job
2016-12-15 18:04 - 2016-09-12 03:13 - 04184982 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-15 18:04 - 2016-07-16 23:25 - 01827128 _____ C:\WINDOWS\system32\perfh005.dat
2016-12-15 18:04 - 2016-07-16 23:25 - 00507272 _____ C:\WINDOWS\system32\perfc005.dat
2016-12-15 18:04 - 2015-11-16 22:25 - 00002442 _____ C:\Users\Všichni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-15 18:04 - 2015-11-16 22:25 - 00000000 ___RD C:\Users\Všichni\OneDrive
2016-12-15 18:02 - 2014-10-31 16:03 - 00000000 ____D C:\Users\Všichni\Documents\Youcam
2016-12-15 17:58 - 2016-09-12 03:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-15 17:57 - 2016-07-16 07:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2016-12-15 17:57 - 2014-08-19 03:44 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-12-15 17:52 - 2014-10-31 16:01 - 00000000 ____D C:\Users\Všichni\AppData\Local\SweetLabs App Platform
2016-12-14 17:41 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-11 20:47 - 2015-12-25 08:45 - 00000000 ____D C:\ProgramData\Origin
2016-12-11 20:44 - 2016-10-19 14:19 - 00000000 ____D C:\Users\Všichni\AppData\Roaming\DAEMON Tools Lite
2016-12-11 20:43 - 2016-09-12 16:31 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-11 20:43 - 2016-09-12 04:06 - 00000000 ___DC C:\WINDOWS\Panther
2016-12-11 20:43 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-11 20:43 - 2015-01-05 19:57 - 00000000 ____D C:\Users\Všichni\AppData\Local\CrashDumps
2016-12-10 17:11 - 2016-09-12 03:14 - 00000000 ____D C:\Users\Všichni
2016-12-09 21:53 - 2015-12-25 08:52 - 00000000 ____D C:\Users\Všichni\AppData\Roaming\Origin
2016-12-09 20:51 - 2016-06-11 19:02 - 00000000 ____D C:\Users\Všichni\Desktop\filmy
2016-12-02 18:52 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-02 17:08 - 2016-04-10 10:33 - 00000000 ____D C:\Program Files (x86)\Origin
2016-11-27 16:14 - 2016-10-17 19:45 - 01945600 _____ C:\Users\Všichni\Desktop\Vanoce 2016.ppt
2016-11-24 23:08 - 2015-02-21 11:14 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-24 23:08 - 2015-02-21 11:14 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-16 22:37 - 2015-02-21 11:11 - 00000000 ____D C:\Users\Všichni\AppData\Local\Google
==================== Files in the root of some directories =======
2016-02-27 22:35 - 2016-12-15 18:01 - 0684724 _____ () C:\Users\Všichni\AppData\Local\BTServer.log
2016-09-23 17:38 - 2016-09-23 17:38 - 0000017 _____ () C:\Users\Všichni\AppData\Local\resmon.resmoncfg
Some files in TEMP:
====================
C:\Users\Všichni\AppData\Local\Temp\libeay32.dll
C:\Users\Všichni\AppData\Local\Temp\msvcr120.dll
C:\Users\Všichni\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-12-09 14:01
==================== End of FRST.txt ============================
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý notebook
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [Minecraft-1] => wscript.exe //B "C:\Users\Všichni\AppData\Local\Temp\Minecraft-1.7.2-plna-hra-zdarma.rar.vbs" <===== ATTENTION
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\MountPoints2: {6cb303f6-95e3-11e6-8373-8cdcd47982ef} - "F:\Autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
ShortcutTarget: IMVU.lnk -> C:\Users\Všichni\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
C:\Users\Všichni\AppData\Local\Temp
EmptyTemp
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý notebook
Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Všichni (15-12-2016 20:34:42) Run:1
Running from C:\Users\Všichni\Desktop
Loaded Profiles: Všichni (Available Profiles: Martin & Všichni)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [Minecraft-1] => wscript.exe //B "C:\Users\Všichni\AppData\Local\Temp\Minecraft-1.7.2-plna-hra-zdarma.rar.vbs" <===== ATTENTION
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\MountPoints2: {6cb303f6-95e3-11e6-8373-8cdcd47982ef} - "F:\Autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
ShortcutTarget: IMVU.lnk -> C:\Users\Všichni\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
C:\Users\Všichni\AppData\Local\Temp
EmptyTemp
End
*****************
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Minecraft-1 => value removed successfully
"HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cb303f6-95e3-11e6-8373-8cdcd47982ef}" => key removed successfully
HKCR\CLSID\{6cb303f6-95e3-11e6-8373-8cdcd47982ef} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe => moved successfully
C:\Program Files\McAfee Security Scan => moved successfully
C:\Users\Všichni\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe => not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
C:\Users\Všichni\AppData\Local\Temp => moved successfully
EmptyTemp => Error: No automatic fix found for this entry.
==== End of Fixlog 20:34:44 ====
Ran by Všichni (15-12-2016 20:34:42) Run:1
Running from C:\Users\Všichni\Desktop
Loaded Profiles: Všichni (Available Profiles: Martin & Všichni)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\Run: [Minecraft-1] => wscript.exe //B "C:\Users\Všichni\AppData\Local\Temp\Minecraft-1.7.2-plna-hra-zdarma.rar.vbs" <===== ATTENTION
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\...\MountPoints2: {6cb303f6-95e3-11e6-8373-8cdcd47982ef} - "F:\Autorun.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-11-05]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe (McAfee, Inc.)
C:\Program Files\McAfee Security Scan
ShortcutTarget: IMVU.lnk -> C:\Users\Všichni\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe (No File)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
C:\Users\Všichni\AppData\Local\Temp
EmptyTemp
End
*****************
HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Minecraft-1 => value removed successfully
"HKU\S-1-5-21-3063416917-3957878483-2118656444-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6cb303f6-95e3-11e6-8373-8cdcd47982ef}" => key removed successfully
HKCR\CLSID\{6cb303f6-95e3-11e6-8373-8cdcd47982ef} => key not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk => moved successfully
C:\Program Files\McAfee Security Scan\3.11.427\SSScheduler.exe => moved successfully
C:\Program Files\McAfee Security Scan => moved successfully
C:\Users\Všichni\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe => not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully
C:\Users\Všichni\AppData\Local\Temp => moved successfully
EmptyTemp => Error: No automatic fix found for this entry.
==== End of Fixlog 20:34:44 ====
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý notebook
OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý notebook
Změna nastala ohromná. PC reaguje naprosto standardně a dokonce i Wi-Fi jde zapnout 
Mnohokrát děkuji za pomoc
Mnohokrát děkuji za pomoc
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý notebook
Tak to jsem rád. Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?