ZŘEJMĚ VIR

[PP1983]

snad to mam dobre :-O

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Policies\Explorer: [NoControlPanel] 0
  HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
  HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
  HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe [1009288 2012-09-13] ()
  HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92296 2012-12-19] ()
  HKCU\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE [945856 2013-03-06] (Microsoft Corporation)
  HKCU\...\RunOnce: [Application Restart #3] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --apps-gallery-install-auto-confirm-for-tests=accept --incognito --flag-switches-begin --sync-keystore-encryption --flag-switches-end --restore-last-session http://software.seznam.cz/listicka?browser=chrome#auto [844752 2013-10-09] (Google Inc.)
  HKCU\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-sync-favicons --sync-keystore-encryption --flag-switches-end --restore-last-session http://www.qvo6.com/?utm_source=b&utm_m ... 1373836758 [844752 2013-10-09] (Google Inc.)
  MountPoints2: {2be27db8-8669-11e2-be78-b888e38e3b66} - "F:\Autorun.exe"
  MountPoints2: {2be27dd8-8669-11e2-be78-b888e38e3b66} - "F:\Autorun.exe"
  MountPoints2: {c38ad6bb-b0d0-11e2-be84-b888e38e3b66} - "F:\Autorun.exe"
  HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
  HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
  HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
  HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
  HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [seznam-listicka-distribuce] - "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
  HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-22] (AVAST Software)
  HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
  HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-08-08] (Lenovo)
  HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-08-08] (Lenovo)
  AppInit_DLLs: [0 ] ()
  Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
  Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
  HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
  StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
  SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
  SearchScopes: HKLM - {7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
  SearchScopes: HKLM-x32 - {7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
  SearchScopes: HKCU - {7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} URL = 
  BHO: Zula Games - {2A836234-186C-41A0-9863-40BECDEDED9F} - C:\Program Files (x86)\Zula Games\ScriptHost64.dll (ZulaGames.com)
  BHO-x32: Zula Games - {2A836234-186C-41A0-9863-40BECDEDED9F} - C:\Program Files (x86)\Zula Games\ScriptHost.dll (ZulaGames.com)
  
  FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
  
  CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
  CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
  CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  
  DisableService: NMIndexingService
  
  2013-10-30 21:41 - 2013-10-30 21:41 - 01956614 _____ (Farbar) C:\Users\Petra\Downloads\FRST64 (2).e2013-10-30 21:16 - 2013-10-30 21:16 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Petra\Downloads\sc-cleaner (1).exe
  2013-10-30 21:12 - 2013-10-30 21:17 - 00001742 _____ C:\sc-cleaner.txt
  2013-10-30 21:12 - 2013-10-30 21:12 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Petra\Downloads\sc-cleaner.exe
  2013-10-30 21:03 - 2013-10-30 21:03 - 00016613 _____ C:\Users\Petra\Desktop\AdwCleaner[S0].txt
  2013-10-30 20:50 - 2013-10-30 20:52 - 00000000 ____D C:\AdwCleaner
  2013-10-30 20:49 - 2013-10-30 20:49 - 01060070 _____ C:\Users\Petra\Downloads\adwcleaner.exe
  2013-10-30 20:42 - 2013-10-30 20:42 - 00023796 _____ C:\Users\Petra\Desktop\JRT 1.txt
  2013-10-30 20:38 - 2013-10-30 20:38 - 00023796 _____ C:\Users\Petra\Desktop\JRT.txt
  2013-10-30 20:27 - 2013-10-30 20:27 - 01033335 _____ (Thisisu) C:\Users\Petra\Downloads\JRT.exe
  2013-10-29 22:48 - 2013-10-29 22:48 - 00000000 ____D C:\Users\Petra\AppData\Roaming\AVG
  2013-10-29 22:46 - 2013-10-29 22:51 - 00000000 ____D C:\ProgramData\AVG
  2013-10-29 22:45 - 2013-10-29 23:02 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
  2013-10-29 22:43 - 2013-10-29 22:44 - 78388136 _____ (AVG) C:\Users\Petra\Downloads\avg_tuh_stf_all_2014_204_24c4.exe
  2013-10-29 20:56 - 2013-10-29 20:56 - 00000000 ____D C:\Users\Petra\AppData\Roaming\AVG2014
  2013-10-29 20:51 - 2013-10-30 19:52 - 00000000 ___HD C:\$AVG
  2013-10-29 20:51 - 2013-10-30 19:52 - 00000000 ____D C:\ProgramData\AVG2014
  2013-10-29 20:45 - 2013-10-30 19:59 - 00000000 ____D C:\Users\Petra\AppData\Local\Avg2014
  2013-10-29 20:44 - 2013-10-30 20:16 - 00000000 ____D C:\ProgramData\MFAData
  2013-10-29 20:44 - 2013-10-29 20:44 - 00000000 ____D C:\Users\Petra\AppData\Local\MFAData
  2013-10-29 20:43 - 2013-10-29 20:44 - 10806456 _____ C:\Users\Petra\Downloads\avg_free.exe
  C:\Users\Petra\AppData\Local\Temp\GotClipDownloader_Setup.exe
  C:\Users\Petra\AppData\Local\Temp\oi_{6332BD75-F5C7-4225-8354-3CCFAB423D82}.exe
  C:\Users\Petra\AppData\Local\Temp\Quarantine.exe
  
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  
  Hosts:
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[PP1983]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2013
Ran by Petra at 2013-10-30 22:31:07 Run:1
Running from C:\Users\Petra\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [153136 2007-05-16] (Nero AG)
HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Petra\AppData\Roaming\Seznam.cz\szninstall.exe [1009288 2012-09-13] ()
HKCU\...\Run: [cz.seznam.software.szndesktop] - C:\Users\Petra\AppData\Roaming\Seznam.cz\bin\wszndesktop.exe [92296 2012-12-19] ()
HKCU\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEMN.EXE [945856 2013-03-06] (Microsoft Corporation)
HKCU\...\RunOnce: [Application Restart #3] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --apps-gallery-install-auto-confirm-for-tests=accept --incognito --flag-switches-begin --sync-keystore-encryption --flag-switches-end --restore-last-session http://software.seznam.cz/listicka?browser=chrome#auto [844752 2013-10-09] (Google Inc.)
HKCU\...\RunOnce: [Application Restart #1] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --enable-sync-favicons --sync-keystore-encryption --flag-switches-end --restore-last-session http://www.qvo6.com/?utm_source=b&utm_m ... 1373836758 [844752 2013-10-09] (Google Inc.)
MountPoints2: {2be27db8-8669-11e2-be78-b888e38e3b66} - "F:\Autorun.exe"
MountPoints2: {2be27dd8-8669-11e2-be78-b888e38e3b66} - "F:\Autorun.exe"
MountPoints2: {c38ad6bb-b0d0-11e2-be84-b888e38e3b66} - "F:\Autorun.exe"
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [508656 2012-07-26] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [seznam-listicka-distribuce] - "C:\Program Files (x86)\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-22] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-08-08] (Lenovo)
HKU\Default User\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-08-08] (Lenovo)
AppInit_DLLs: [0 ] ()
Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
Startup: C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKLM-x32 - {7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} URL = http://www.bing.com/search?q={searchTer ... &pc=MALNJS
SearchScopes: HKCU - {7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} URL =
BHO: Zula Games - {2A836234-186C-41A0-9863-40BECDEDED9F} - C:\Program Files (x86)\Zula Games\ScriptHost64.dll (ZulaGames.com)
BHO-x32: Zula Games - {2A836234-186C-41A0-9863-40BECDEDED9F} - C:\Program Files (x86)\Zula Games\ScriptHost.dll (ZulaGames.com)

FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=

CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

DisableService: NMIndexingService

2013-10-30 21:41 - 2013-10-30 21:41 - 01956614 _____ (Farbar) C:\Users\Petra\Downloads\FRST64 (2).e2013-10-30 21:16 - 2013-10-30 21:16 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Petra\Downloads\sc-cleaner (1).exe
2013-10-30 21:12 - 2013-10-30 21:17 - 00001742 _____ C:\sc-cleaner.txt
2013-10-30 21:12 - 2013-10-30 21:12 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Petra\Downloads\sc-cleaner.exe
2013-10-30 21:03 - 2013-10-30 21:03 - 00016613 _____ C:\Users\Petra\Desktop\AdwCleaner[S0].txt
2013-10-30 20:50 - 2013-10-30 20:52 - 00000000 ____D C:\AdwCleaner
2013-10-30 20:49 - 2013-10-30 20:49 - 01060070 _____ C:\Users\Petra\Downloads\adwcleaner.exe
2013-10-30 20:42 - 2013-10-30 20:42 - 00023796 _____ C:\Users\Petra\Desktop\JRT 1.txt
2013-10-30 20:38 - 2013-10-30 20:38 - 00023796 _____ C:\Users\Petra\Desktop\JRT.txt
2013-10-30 20:27 - 2013-10-30 20:27 - 01033335 _____ (Thisisu) C:\Users\Petra\Downloads\JRT.exe
2013-10-29 22:48 - 2013-10-29 22:48 - 00000000 ____D C:\Users\Petra\AppData\Roaming\AVG
2013-10-29 22:46 - 2013-10-29 22:51 - 00000000 ____D C:\ProgramData\AVG
2013-10-29 22:45 - 2013-10-29 23:02 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2013-10-29 22:43 - 2013-10-29 22:44 - 78388136 _____ (AVG) C:\Users\Petra\Downloads\avg_tuh_stf_all_2014_204_24c4.exe
2013-10-29 20:56 - 2013-10-29 20:56 - 00000000 ____D C:\Users\Petra\AppData\Roaming\AVG2014
2013-10-29 20:51 - 2013-10-30 19:52 - 00000000 ___HD C:\$AVG
2013-10-29 20:51 - 2013-10-30 19:52 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-29 20:45 - 2013-10-30 19:59 - 00000000 ____D C:\Users\Petra\AppData\Local\Avg2014
2013-10-29 20:44 - 2013-10-30 20:16 - 00000000 ____D C:\ProgramData\MFAData
2013-10-29 20:44 - 2013-10-29 20:44 - 00000000 ____D C:\Users\Petra\AppData\Local\MFAData
2013-10-29 20:43 - 2013-10-29 20:44 - 10806456 _____ C:\Users\Petra\Downloads\avg_free.exe
C:\Users\Petra\AppData\Local\Temp\GotClipDownloader_Setup.exe
C:\Users\Petra\AppData\Local\Temp\oi_{6332BD75-F5C7-4225-8354-3CCFAB423D82}.exe
C:\Users\Petra\AppData\Local\Temp\Quarantine.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\OfficeSyncProcess => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #3 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1 => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2be27db8-8669-11e2-be78-b888e38e3b66} => Key deleted successfully.
HKCR\CLSID\{2be27db8-8669-11e2-be78-b888e38e3b66} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2be27dd8-8669-11e2-be78-b888e38e3b66} => Key deleted successfully.
HKCR\CLSID\{2be27dd8-8669-11e2-be78-b888e38e3b66} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c38ad6bb-b0d0-11e2-be84-b888e38e3b66} => Key deleted successfully.
HKCR\CLSID\{c38ad6bb-b0d0-11e2-be84-b888e38e3b66} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Dolby Advanced Audio v2 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdateP2GShortCut => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\RemoteControl10 => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BCSSync => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AvastUI.exe => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Lenovo.ShowBand => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Lenovo.ShowBand => Value not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk => Moved successfully.
C:\Users\Petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2010.lnk => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} => Key deleted successfully.
HKCR\CLSID\{7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} => Key deleted successfully.
HKCR\CLSID\{7CFD6E81-09D8-48D8-B3BA-5435AE27AE24} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A836234-186C-41A0-9863-40BECDEDED9F} => Key deleted successfully.
HKCR\CLSID\{2A836234-186C-41A0-9863-40BECDEDED9F} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A836234-186C-41A0-9863-40BECDEDED9F} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{2A836234-186C-41A0-9863-40BECDEDED9F} => Key deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\windows\system32\Macromed\Flash\NPSWF32.dll not found.
c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
NMIndexingService service was disabled
C:\Users\Petra\Downloads\sc-cleaner (1).exe => Moved successfully.
C:\sc-cleaner.txt => Moved successfully.
C:\Users\Petra\Downloads\sc-cleaner.exe => Moved successfully.
C:\Users\Petra\Desktop\AdwCleaner[S0].txt => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Petra\Downloads\adwcleaner.exe => Moved successfully.
C:\Users\Petra\Desktop\JRT 1.txt => Moved successfully.
C:\Users\Petra\Desktop\JRT.txt => Moved successfully.
C:\Users\Petra\Downloads\JRT.exe => Moved successfully.
C:\Users\Petra\AppData\Roaming\AVG => Moved successfully.
C:\ProgramData\AVG => Moved successfully.
C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} => Moved successfully.
C:\Users\Petra\Downloads\avg_tuh_stf_all_2014_204_24c4.exe => Moved successfully.
C:\Users\Petra\AppData\Roaming\AVG2014 => Moved successfully.
C:\$AVG => Moved successfully.
C:\ProgramData\AVG2014 => Moved successfully.
C:\Users\Petra\AppData\Local\Avg2014 => Moved successfully.
C:\ProgramData\MFAData => Moved successfully.
C:\Users\Petra\AppData\Local\MFAData => Moved successfully.
C:\Users\Petra\Downloads\avg_free.exe => Moved successfully.
C:\Users\Petra\AppData\Local\Temp\GotClipDownloader_Setup.exe => Moved successfully.
C:\Users\Petra\AppData\Local\Temp\oi_{6332BD75-F5C7-4225-8354-3CCFAB423D82}.exe => Moved successfully.
C:\Users\Petra\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

[vyosek]

Fajn, jak se chova PC

[PP1983]

Aloha,

PC se chova porad stejne kdyz jej zapinam, spusteni trva relativne dlouho a navic,
kdyz jsem zkousela testovat pc avastem, tak se to opet seklo na 91%, test se nedokoncil
a pc se restartoval....

[PP1983]

Halo, halo :-O

nainstalovala jsem si misto avastu antivir COMODO a ten mi napsal, ze mam v pc nejakej malware...
co ted? babo rad prosim

Peťula

[PP1983]

je tu nekdo??? :-O hilfe

[vyosek]

Hele, nase forum je na bazi dobrovolnosti = vsichni jsme tu ZDARMA a ve svem VOLNEM case...Ja byl od sesti az do deviti v praci, takze bud si na odpoved pockate, ebo mate holt smulu. Nikdo Vas tu nedrzi, tlacitko odhlasit mate vlevo nahore. Pokud chcete urgentni pomoc, zaplattte si servis...

Poprosim o sken pomoci HitmanPro http://forum.viry.cz/viewtopic.php?f=29&t=101984

[PP1983]

ja to nemyslela nijak zle preci :-O jen jsem se ptala (jsem tu nova a nevim jeste, jak vam to
tu presne funguje), tak neni treba silnych slov
samozrejme chapu, ze to delate for free a taky proto, ze vas to bavi.

opravdu se omlouvam, jestli jsem vzbudila jiny dojem...

sken udelam rano plus mam dalsi info

dekuju za dosavadni pomoc, jsem vdecna za to, ze i v dnesni dobe je nekdo schopen pomoct,
aniz by za to neco pozadoval naoplatku

P.

[PP1983]

problem by měl být s touto knihovnou wpfgfx_v0400.dll

scanuju....

[PP1983]

a pry je to na hlubsi analyzu...

[PP1983]

tedy pokud je to relevantni info, ktere by mohlo nejak pomoci

[PP1983]

Kód: Vybrat vše

HitmanPro 3.7.8.208
www.hitmanpro.com

   Computer name . . . . : G780-LAPTOP
   Windows . . . . . . . : 6.2.0.9200.X64/4
   User name . . . . . . : G780-LAPTOP\Petra
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-10-31 23:31:44
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 6s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 19

   Objects scanned . . . : 1 954 765
   Files scanned . . . . : 32 759
   Remnants scanned  . . : 365 718 files / 1 556 288 keys

Suspicious files ____________________________________________________________

   C:\Users\Petra\AppData\Local\Packages\Microsoft.ZuneVideo_8wekyb3d8bbwe\AC\Temp\dat974F.tmp
      Size . . . . . . . : 23 382 bytes
      Age  . . . . . . . : 235.2 days (2013-03-10 18:07:16)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 0681CE86A89596FF58CD67DC13F3D28CD01212F0DDEE098F2F28E85A012EAD56
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Performance Counters for Windows Native DLL
      Version  . . . . . : 6.2.9200.16384
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
      Fuzzy  . . . . . . : 44.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file name extension of this program is not common.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.


Cookies _____________________________________________________________________

   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertstream.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\Petra\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com

[vyosek]

Odinstalujte Avast, pripadne pouzijte tento remover http://files.avast.com/files/eng/aswclear.exe

Nainstalujte Avast znovu http://www.avast.com/get/gWR5mo92

Co presneji trva dlouho pri spusteni - zobrazeni loga windows, nacteni plochy atd??