Dobré ráno, v poslední době mám pomalý pc a ihned po nastartování se v prohlížeči otevře okno s reklamou. Prosím o kontrolu přiloženého logu, děkuji.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-01-2017 01
Ran by Zak (administrator) on ZAK-PC (28-01-2017 09:56:04)
Running from C:\Users\Zak\Desktop
Loaded Profiles: Zak (Available Profiles: Zak)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Zak\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Gramblr\gramblr.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
(Maxthon) C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Maxthon International ltd.) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(forum.viry.cz) C:\Users\Zak\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803496 2011-06-24] (Synaptics Incorporated)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [764544 2012-09-14] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-09-14] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [5565960 2016-11-11] (LogMeIn Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-11] (Piriform Ltd)
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\Run: [Spotify Web Helper] => C:\Users\Zak\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1523312 2016-08-24] (Spotify Ltd)
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\Run: [Zak] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: G - G:\INSTALL.EXE
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: J - J:\setup.exe
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: {b9277d45-d550-11e5-8b06-68a3c493976f} - H:\Autoplay.exe -auto
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2013-08-07] (Acronis)
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: 127.0.0.1 activation.acronis.com
Tcpip\..\Interfaces\{B3EB88BE-9250-4E88-B4D3-1214630FB960}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-12-13] (Microsoft Corporation)
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-09-14] (Qualcomm Atheros Commnucations)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2016-07-20] (Oracle Corporation)
BHO-x32: Pomocná služba pro přihlášení k účtu Microsoft -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-11-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2016-07-20] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2016-07-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)
Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Zak\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-01-19]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-09-14] (Qualcomm Atheros Commnucations) [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1369464 2016-01-15] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2771848 2016-12-27] (ESET)
R2 gramblrclient; C:\Program Files\Gramblr\gramblr.exe [10186832 2016-11-19] () [File not signed]
R2 Hamachi2Svc; C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe [2627080 2016-11-11] (LogMeIn Inc.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe [419248 2016-11-11] (LogMeIn, Inc.)
R2 MaxthonUpdateSvc; C:\Program Files (x86)\Maxthon\Modules\Service\Update\MaxthonUpdateSvc.exe [2385832 2016-02-09] (Maxthon)
R2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-02-21] (Nalpeiron Ltd.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [730304 2016-01-11] (Wacom Technology, Corp.)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-14] (Atheros) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2012-09-14] (Qualcomm Atheros)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-02-09] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-02-09] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262792 2016-12-27] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [197248 2016-12-27] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [181384 2016-12-27] (ESET)
S3 L6PODX3LV; C:\Windows\System32\Drivers\L6PODX3LV64.sys [772224 2012-03-26] (Line 6)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [12464 2016-06-30] (Macrovision Europe Ltd) [File not signed]
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [2621128 2015-07-16] (Sonix Tech. Co., Ltd.)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2016-02-03] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2016-02-03] (Acronis)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2016-02-03] (Acronis International GmbH)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-28 09:56 - 2017-01-28 09:56 - 00014843 _____ C:\Users\Zak\Desktop\FRST.txt
2017-01-28 09:55 - 2017-01-28 09:56 - 00000000 ____D C:\FRST
2017-01-28 09:54 - 2017-01-28 09:54 - 00112640 _____ (forum.viry.cz) C:\Users\Zak\Desktop\FRSTLauncher.exe
2017-01-28 09:53 - 2017-01-28 09:53 - 02420736 _____ (Farbar) C:\Users\Zak\Desktop\FRST64.exe
2017-01-27 10:56 - 2017-01-27 10:56 - 00000469 _____ C:\Users\Zak\Desktop\oQXVcMdLFlip1lEV0qlb.txt
2017-01-26 13:41 - 2017-01-26 13:41 - 00004862 _____ C:\Users\Zak\Documents\cc_20170126_134114.reg
2017-01-14 03:22 - 2017-01-05 19:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-14 03:22 - 2017-01-05 19:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-14 03:22 - 2017-01-05 19:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-14 03:22 - 2017-01-05 19:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-14 03:22 - 2017-01-05 18:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-14 03:22 - 2017-01-05 18:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-14 03:22 - 2017-01-05 18:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-14 03:22 - 2017-01-05 18:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-14 03:22 - 2017-01-05 18:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-14 03:22 - 2017-01-05 18:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-14 03:22 - 2017-01-05 18:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-14 03:22 - 2017-01-05 18:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-14 03:22 - 2017-01-05 18:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-14 03:21 - 2017-01-05 19:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-14 03:21 - 2017-01-05 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-14 03:21 - 2017-01-05 18:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-14 03:21 - 2017-01-05 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 00:26 - 1998-10-29 16:45 - 00306688 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-28 09:56 - 2016-07-11 13:24 - 00000000 ____D C:\ProgramData\Gramblr
2017-01-28 09:47 - 2016-08-26 15:11 - 00000000 ____D C:\Users\Zak\Documents\Addictive Drums
2017-01-28 09:47 - 2016-08-26 07:39 - 00000000 ____D C:\Program Files (x86)\Anki
2017-01-28 09:46 - 2016-02-23 22:34 - 00000000 ____D C:\Users\Zak\AppData\Local\LogMeIn Hamachi
2017-01-28 09:26 - 2009-07-14 05:45 - 00020528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-28 09:26 - 2009-07-14 05:45 - 00020528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-28 09:25 - 2016-02-10 12:35 - 00003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1455104105
2017-01-28 09:25 - 2016-02-10 12:34 - 00000000 ____D C:\Program Files (x86)\Opera
2017-01-28 09:25 - 2011-04-12 09:34 - 00668792 _____ C:\Windows\system32\perfh005.dat
2017-01-28 09:25 - 2011-04-12 09:34 - 00141420 _____ C:\Windows\system32\perfc005.dat
2017-01-28 09:25 - 2009-07-14 06:13 - 01583226 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-28 09:25 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-28 09:23 - 2016-02-26 13:07 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2017-01-28 09:18 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-27 23:59 - 2016-02-09 14:27 - 00000000 ____D C:\Users\Zak\AppData\Roaming\Skype
2017-01-27 09:39 - 2016-02-09 13:10 - 00000000 ____D C:\Users\Zak\AppData\Roaming\KeePass
2017-01-26 13:40 - 2016-02-19 02:22 - 00000000 ____D C:\Windows\Minidump
2017-01-26 13:40 - 2016-02-15 12:25 - 00000000 ____D C:\Users\Zak\AppData\Local\CrashDumps
2017-01-26 13:40 - 2016-02-11 22:11 - 00000000 ____D C:\Users\Zak\AppData\Roaming\MPC-HC
2017-01-26 13:40 - 2016-02-11 21:26 - 00000000 ____D C:\Users\Zak\AppData\Roaming\TS3Client
2017-01-26 13:40 - 2016-02-09 13:46 - 00000000 ____D C:\Users\Zak\AppData\Roaming\DAEMON Tools Lite
2017-01-26 13:40 - 2016-02-02 13:03 - 00000000 ____D C:\Windows\Panther
2017-01-19 21:08 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2017-01-14 04:18 - 2016-02-03 00:33 - 00000000 ____D C:\Windows\system32\MRT
2017-01-14 04:15 - 2016-02-03 00:33 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-14 03:58 - 2016-02-26 13:07 - 00000958 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-01-11 00:23 - 2016-02-26 13:07 - 00003944 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-11 00:23 - 2016-02-26 13:07 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-11 00:09 - 2016-02-26 13:07 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-11 00:09 - 2016-02-26 13:07 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-11 00:09 - 2016-02-11 14:41 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-11 00:08 - 2016-02-11 14:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-05 19:54 - 2016-02-09 13:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2017-01-05 19:54 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
==================== Files in the root of some directories =======
2016-09-01 11:32 - 2016-09-16 12:34 - 0000034 _____ () C:\Users\Zak\AppData\Roaming\AdobeWLCMCache.dat
2016-03-09 18:35 - 2016-03-09 18:35 - 238722213 _____ () C:\Users\Zak\AppData\Local\ACCCx3_5_1_209.zip.aamdownload
2016-03-09 18:35 - 2016-03-09 18:35 - 0002741 _____ () C:\Users\Zak\AppData\Local\ACCCx3_5_1_209.zip.aamdownload.aamd
2016-05-31 22:50 - 2016-05-31 22:50 - 0007605 _____ () C:\Users\Zak\AppData\Local\Resmon.ResmonCfg
Some files in TEMP:
====================
2017-01-28 00:35 - 2016-06-15 09:02 - 0070656 _____ () C:\Users\Zak\AppData\Local\Temp\ShellHook.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_194_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Alternate Data Streams (whitelisted) ==================
AlternateDataStreams: C:\Windows:nlsPreferences [0]
==================== Security Center ==================
AV: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.407.0 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Zak\Desktop" je 4 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTibMounterMonitor
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager
"C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring
"C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite Automount
"C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
"C:\Program Files\iTunes\iTunesHelper.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad
"C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Download Assistant
C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify
"C:\Users\Zak\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper
"C:\Users\Zak\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalý pc, havěť
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pomalý pc, havěť
- Přílohy
-
- Addition.rar
- (6.02 KiB) Staženo 72 x
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý pc, havěť
Zdravím!
Spusťte tuto utilitu:
Spusťte tuto utilitu:
Stáhněte AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan<(hledání) a pak na >Clean< (mazání).
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý pc, havěť
Zde je log z AdwCleaner. Po startu pc se i nadále v prohlížeči otevře okno s reklamou.
# AdwCleaner v6.043 - Log vytvořen 28/01/2017 v 14:28:35
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-01-28.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Zak - ZAK-PC
# Spuštěno z : C:\Users\Zak\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [807 Bajty] - [28/01/2017 14:28:35]
C:\AdwCleaner\AdwCleaner[S0].txt - [1378 Bajty] - [28/01/2017 14:28:16]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [952 Bajty] ##########
# AdwCleaner v6.043 - Log vytvořen 28/01/2017 v 14:28:35
# Aktualizováno dne 27/01/2017 z Malwarebytes
# Databáze : 2017-01-28.1 [Server]
# Operační systém : Windows 7 Professional Service Pack 1 (X64)
# Uživatelské jméno : Zak - ZAK-PC
# Spuštěno z : C:\Users\Zak\Desktop\adwcleaner_6.043.exe
# Mod: Čištění
# Podpora : https://www.malwarebytes.com/support
***** [ Služby ] *****
***** [ Složky ] *****
***** [ Soubory ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Zástupci ] *****
***** [ Naplánované úlohy ] *****
***** [ Registry ] *****
***** [ Prohlížeče ] *****
*************************
:: "Tracing" klíče smazány
:: Winsock nastavení vyčištěno
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [807 Bajty] - [28/01/2017 14:28:35]
C:\AdwCleaner\AdwCleaner[S0].txt - [1378 Bajty] - [28/01/2017 14:28:16]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [952 Bajty] ##########
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý pc, havěť
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\Run: [Zak] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: G - G:\INSTALL.EXE
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: J - J:\setup.exe
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: {b9277d45-d550-11e5-8b06-68a3c493976f} - H:\Autoplay.exe -auto
GroupPolicy: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Zak\AppData\Local\Temp
AlternateDataStreams: C:\Windows:nlsPreferences [0]
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý pc, havěť
Fix proveden a zde přikládám log. Reklamy se už neobjevují.
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-01-2017 01
Ran by Zak (29-01-2017 13:29:35) Run:1
Running from C:\Users\Zak\Desktop
Loaded Profiles: Zak (Available Profiles: Zak)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\Run: [Zak] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: G - G:\INSTALL.EXE
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: J - J:\setup.exe
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: {b9277d45-d550-11e5-8b06-68a3c493976f} - H:\Autoplay.exe -auto
GroupPolicy: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Zak\AppData\Local\Temp
AlternateDataStreams: C:\Windows:nlsPreferences [0]
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zak => value removed successfully
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => key removed successfully
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => key removed successfully
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J => key removed successfully
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9277d45-d550-11e5-8b06-68a3c493976f} => key removed successfully
HKCR\CLSID\{b9277d45-d550-11e5-8b06-68a3c493976f} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
"C:\Users\Zak\AppData\Local\Temp" folder move:
Could not move "C:\Users\Zak\AppData\Local\Temp" => Scheduled to move on reboot.
C:\Windows => ":nlsPreferences" ADS removed successfully.
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) => Error: No automatic fix found for this entry.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5577101 B
Java, Flash, Steam htmlcache => 1317 B
Windows/system/drivers => 43948689 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 336980308 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 76466550 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 70750 B
Zak => 413059917 B
RecycleBin => 71884674 B
EmptyTemp: => 912.1 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 29-01-2017 13:32:44)
C:\Users\Zak\AppData\Local\Temp => moved successfully
==== End of Fixlog 13:32:51 ====
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-01-2017 01
Ran by Zak (29-01-2017 13:29:35) Run:1
Running from C:\Users\Zak\Desktop
Loaded Profiles: Zak (Available Profiles: Zak)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\Run: [Zak] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: G - G:\INSTALL.EXE
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: H - H:\autorun.exe
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: J - J:\setup.exe
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\...\MountPoints2: {b9277d45-d550-11e5-8b06-68a3c493976f} - H:\Autoplay.exe -auto
GroupPolicy: Restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
C:\Users\Zak\AppData\Local\Temp
AlternateDataStreams: C:\Windows:nlsPreferences [0]
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
EmptyTemp:
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Zak => value removed successfully
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G => key removed successfully
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H => key removed successfully
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J => key removed successfully
HKU\S-1-5-21-2115643721-1916210878-667311706-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9277d45-d550-11e5-8b06-68a3c493976f} => key removed successfully
HKCR\CLSID\{b9277d45-d550-11e5-8b06-68a3c493976f} => key not found.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
"C:\Users\Zak\AppData\Local\Temp" folder move:
Could not move "C:\Users\Zak\AppData\Local\Temp" => Scheduled to move on reboot.
C:\Windows => ":nlsPreferences" ADS removed successfully.
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) => Error: No automatic fix found for this entry.
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5577101 B
Java, Flash, Steam htmlcache => 1317 B
Windows/system/drivers => 43948689 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 336980308 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 76466550 B
systemprofile32 => 66228 B
LocalService => 0 B
NetworkService => 70750 B
Zak => 413059917 B
RecycleBin => 71884674 B
EmptyTemp: => 912.1 MB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 29-01-2017 13:32:44)
C:\Users\Zak\AppData\Local\Temp => moved successfully
==== End of Fixlog 13:32:51 ====
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý pc, havěť
Smazáno. Vše v pořádku?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý pc, havěť
PC běží v pohodě a reklamy jsou pryč. Děkuju a přeju hezký zbytek neděle!
-
Rudy
- Site Admin
- Příspěvky: 119672
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý pc, havěť
Hezký den i vám a nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?