VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu

https://forum.viry.cz:443/viewtopic.php?t=143607

Stránka 2 z 3

Re: Prosím o kontrolu

Napsal: 05 dub 2015 20:16
od Márty84
Pralo se tam to avg a mcafee. K tomu tam bylo a jeste je i nejake to smeti. Chtelo by to docistit.


:arrow: Dejte logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach :)

Re: Prosím o kontrolu

Napsal: 06 dub 2015 12:11
od industrol
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by TRTÍK (administrator) on HP on 06-04-2015 13:12:31
Running from C:\Users\TRTÍK\Desktop
Loaded Profiles: TRTÍK (Available profiles: TRTÍK)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AEstSrv.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(ArcSoft, Inc.) C:\Windows\System32\uArcCapture.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1594664 2010-01-04] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-12-09] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [DTRun] => c:\Program Files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-19] (ArcSoft Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2013-07-10] (IDT, Inc.)
Winlogon\Notify\DeviceNP: C:\windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-04-04] (Microsoft Corporation)
Lsa: [Notification Packages] DPPassFilter scecli
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
URLSearchHook: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
BHO: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll [2009-12-12] (Hewlett-Packard)
BHO: HP ProtectTools Security Manager Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2011-05-02] (DigitalPersona, Inc.)
BHO: Pomocník pro přihlášení ke službě Windows Live -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-28] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2010-09-28] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-06] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4
FF HKLM\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-12-27]

Chrome:
=======
CHR HomePage: Default -> https://www.google.cz/
CHR StartupUrls: Default -> "https://www.google.cz/"
CHR Profile: C:\Users\TRTÍK\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\TRTÍK\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-21]
CHR Extension: (YouTube) - C:\Users\TRTÍK\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-21]
CHR Extension: (Google Search) - C:\Users\TRTÍK\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-21]
CHR Extension: (AdBlock) - C:\Users\TRTÍK\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-01]
CHR Extension: (Google Wallet) - C:\Users\TRTÍK\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-21]
CHR Extension: (Gmail) - C:\Users\TRTÍK\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-21]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-11-02] (LSI Corporation)
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [300880 2010-07-16] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\Windows\system32\flcdlock.exe [362040 2009-11-18] (Hewlett-Packard Ltd)
R2 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [102968 2009-12-17] (Hewlett-Packard)
R2 HP ProtectTools Service; C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [102968 2009-12-17] (Hewlett-Packard)
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [81920 2010-01-08] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2009-12-16] (McAfee, Inc.)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-12] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-01-05] (Hewlett-Packard Company)
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-10-23] (PDF Complete Inc)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [254034 2013-07-10] (IDT, Inc.)
R2 uArcCapture; C:\windows\system32\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
S2 vcsFPService; C:\windows\system32\vcsFPService.exe [1664304 2010-02-18] (Validity Sensors, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 602SQL 8 FastCGI Client; C:\Program Files\Software602\602SQL95\602FSVC8.EXE [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 Afc; C:\windows\System32\drivers\Afc.sys [18688 2006-11-11] (Arcsoft, Inc.)
R3 ARCVCAM; C:\windows\System32\DRIVERS\ArcSoftVCapture.sys [29824 2009-12-04] (ArcSoft, Inc.)
R1 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
S3 DAMDrv; C:\windows\System32\DRIVERS\DAMDrv.sys [32312 2009-10-21] (Hewlett-Packard Development Company L.P.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R3 rtsuvc; C:\windows\System32\DRIVERS\rtsuvc.sys [73344 2009-12-22] (Realtek Semiconductor Corp.)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [110520 2009-12-16] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
U5 AppMgmt; C:\windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\TRTK~1\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-05 20:56 - 2015-04-05 20:56 - 01107968 _____ () C:\Users\TRTÍK\Downloads\RSIT (1).exe
2015-04-04 12:14 - 2015-04-04 12:14 - 00000000 ___SD () C:\windows\system32\GWX
2015-03-31 19:48 - 2015-03-31 19:48 - 00056320 _____ () C:\Users\TRTÍK\Downloads\6_rocnik_delitelnost_blug_sb_7.xls
2015-03-31 19:41 - 2015-03-31 19:41 - 00792576 _____ () C:\Users\TRTÍK\Downloads\delitelnost.ppt
2015-03-25 15:31 - 2015-03-11 05:30 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-03-25 15:31 - 2015-03-11 05:30 - 00534528 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-03-25 15:31 - 2015-03-11 05:29 - 00818176 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-03-25 15:31 - 2015-03-11 05:29 - 00327168 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-03-25 15:31 - 2015-03-11 05:29 - 00202752 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-03-25 15:31 - 2015-03-11 05:29 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-03-25 15:31 - 2015-03-11 05:29 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-03-25 15:31 - 2015-03-11 05:26 - 00892928 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-03-22 19:20 - 2015-03-22 19:20 - 00029357 _____ () C:\ComboFix.txt
2015-03-22 19:03 - 2015-03-22 19:03 - 05615380 ____R (Swearware) C:\ComboFix.exe
2015-03-21 12:24 - 2015-03-22 19:20 - 00000000 ____D () C:\Qoobox
2015-03-21 12:24 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2015-03-21 12:24 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2015-03-21 12:24 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2015-03-21 12:24 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2015-03-21 12:24 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2015-03-21 12:24 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2015-03-21 12:24 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2015-03-21 12:24 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2015-03-21 12:23 - 2015-03-22 19:14 - 00000000 ____D () C:\windows\erdnt
2015-03-21 12:22 - 2015-03-21 12:23 - 05615380 ____R (Swearware) C:\Users\TRTÍK\Desktop\ComboFix.exe
2015-03-21 12:19 - 2015-04-06 13:02 - 00002358 _____ () C:\windows\setupact.log
2015-03-21 12:19 - 2015-03-22 19:15 - 00004650 _____ () C:\windows\PFRO.log
2015-03-21 12:19 - 2015-03-21 12:19 - 00000000 _____ () C:\windows\setuperr.log
2015-03-21 12:15 - 2015-03-21 12:15 - 03480040 _____ (McAfee, Inc.) C:\Users\TRTÍK\Downloads\MCPR.exe
2015-03-21 11:35 - 2015-04-05 20:57 - 00000000 ____D () C:\Program Files\trend micro
2015-03-21 11:35 - 2015-03-21 11:36 - 00000000 ____D () C:\rsit
2015-03-21 11:34 - 2015-03-21 11:34 - 01107968 _____ () C:\Users\TRTÍK\Downloads\RSIT.exe
2015-03-21 10:25 - 2015-03-21 10:25 - 00002291 _____ () C:\Users\TRTÍK\Downloads\software_removal_tool.log
2015-03-21 10:22 - 2015-04-03 20:21 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-21 10:22 - 2015-03-21 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-20 22:23 - 2015-03-20 22:23 - 00001071 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-20 22:23 - 2015-03-20 22:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2015-03-20 22:23 - 2013-04-04 15:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-03-20 22:20 - 2015-03-20 22:20 - 00000000 ____D () C:\Users\TRTÍK\AppData\Roaming\Malwarebytes
2015-03-20 22:19 - 2015-03-20 22:23 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-03-20 22:13 - 2015-03-20 22:13 - 00000000 ____D () C:\Users\TRTÍK\AppData\Roaming\InstallShield
2015-03-20 22:05 - 2015-02-24 05:23 - 00246920 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-03-20 21:58 - 2015-03-20 22:19 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-20 21:51 - 2015-03-21 11:57 - 00000000 ____D () C:\windows\pss
2015-03-20 21:43 - 2015-03-20 21:46 - 00000000 ____D () C:\AdwCleaner
2015-03-20 21:43 - 2015-03-20 21:43 - 02171392 _____ () C:\Users\TRTÍK\Desktop\adwcleaner_4.112.exe
2015-03-20 21:40 - 2015-03-20 21:40 - 00000000 ____D () C:\Users\TRTÍK\AppData\Local\Avg2015
2015-03-20 21:33 - 2008-05-22 11:15 - 00000434 _____ () C:\windows\myClean.bat
2015-03-20 21:29 - 2015-03-20 21:29 - 00000000 __SHD () C:\Users\TRTÍK\AppData\Local\EmieBrowserModeList
2015-03-20 20:28 - 2015-04-06 13:12 - 00015379 _____ () C:\Users\TRTÍK\Desktop\FRST.txt
2015-03-20 20:27 - 2015-04-06 13:12 - 00000000 ____D () C:\FRST
2015-03-20 20:27 - 2015-03-20 20:27 - 01135104 _____ (Farbar) C:\Users\TRTÍK\Desktop\FRST.exe
2015-03-11 15:40 - 2015-02-26 05:11 - 02381312 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-03-11 15:40 - 2015-02-24 04:32 - 00342696 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-03-11 15:40 - 2015-02-21 02:41 - 12827648 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-03-11 15:40 - 2015-02-21 02:27 - 00418304 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-03-11 15:40 - 2015-02-21 02:27 - 00285696 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-03-11 15:40 - 2015-02-21 02:25 - 19720192 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-03-11 15:40 - 2015-02-21 01:32 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-03-11 15:40 - 2015-02-20 04:22 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-03-11 15:40 - 2015-02-20 04:22 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-03-11 15:40 - 2015-02-20 04:09 - 00503296 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-03-11 15:40 - 2015-02-20 04:08 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-03-11 15:40 - 2015-02-20 04:08 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-03-11 15:40 - 2015-02-20 04:06 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-03-11 15:40 - 2015-02-20 04:03 - 02278400 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-03-11 15:40 - 2015-02-20 04:01 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-03-11 15:40 - 2015-02-20 04:00 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-03-11 15:40 - 2015-02-20 03:58 - 00478208 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-03-11 15:40 - 2015-02-20 03:56 - 00620032 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-03-11 15:40 - 2015-02-20 03:56 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-03-11 15:40 - 2015-02-20 03:56 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-03-11 15:40 - 2015-02-20 03:50 - 00667648 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-03-11 15:40 - 2015-02-20 03:41 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 15:40 - 2015-02-20 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-03-11 15:40 - 2015-02-20 03:30 - 04300288 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-03-11 15:40 - 2015-02-20 03:24 - 02052608 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-03-11 15:40 - 2015-02-20 03:24 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-03-11 15:40 - 2015-02-20 03:24 - 00684544 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-03-11 15:40 - 2015-02-20 03:23 - 01155072 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-03-11 15:40 - 2015-02-20 03:01 - 01888256 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-03-11 15:40 - 2015-02-20 02:57 - 01311232 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-03-11 15:40 - 2015-02-20 02:55 - 00710144 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-03-11 15:40 - 2015-02-13 07:26 - 12875264 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-03-11 15:40 - 2015-02-03 05:12 - 01230848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-03-11 15:40 - 2015-01-17 04:30 - 00828928 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-03-11 15:39 - 2015-03-06 07:15 - 00137656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-03-11 15:39 - 2015-03-06 07:15 - 00067512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-03-11 15:39 - 2015-03-06 07:10 - 01061376 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-03-11 15:39 - 2015-03-06 07:10 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-03-11 15:39 - 2015-03-06 07:10 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-03-11 15:39 - 2015-03-06 07:10 - 00248832 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-03-11 15:39 - 2015-03-06 07:10 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-03-11 15:39 - 2015-03-06 07:10 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-03-11 15:39 - 2015-03-06 07:10 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-03-11 15:39 - 2015-03-06 07:10 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-03-11 15:39 - 2015-03-06 07:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-03-11 15:39 - 2015-03-06 07:10 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-03-11 15:39 - 2015-03-06 07:10 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-03-11 15:39 - 2015-03-06 07:09 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-03-11 15:39 - 2015-03-06 07:09 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-03-11 15:39 - 2015-03-06 07:07 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-03-11 15:39 - 2015-03-06 07:07 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-03-11 15:39 - 2015-03-06 07:06 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-03-11 15:39 - 2015-02-20 06:13 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-03-11 15:39 - 2015-02-20 06:13 - 00034304 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-03-11 15:39 - 2015-02-20 06:13 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-03-11 15:39 - 2015-02-20 06:13 - 00010240 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-03-11 15:39 - 2015-02-20 05:09 - 00299008 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-03-11 15:39 - 2015-02-04 04:54 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-03-11 15:39 - 2015-02-03 05:16 - 03973048 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2015-03-11 15:39 - 2015-02-03 05:16 - 03917760 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-03-11 15:39 - 2015-02-03 05:16 - 00078784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-03-11 15:39 - 2015-02-03 05:12 - 11411968 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 03209728 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 01329664 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 01174528 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 01005056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00988160 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00744960 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00617984 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00519680 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00442880 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00400896 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00354816 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00179200 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00157184 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00103424 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-03-11 15:39 - 2015-02-03 05:12 - 00050688 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-03-11 15:39 - 2015-02-03 05:12 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-03-11 15:39 - 2015-02-03 05:11 - 00262656 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-03-11 15:39 - 2015-02-03 05:11 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-03-11 15:39 - 2015-02-03 05:11 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-03-11 15:39 - 2015-02-03 05:11 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-03-11 15:39 - 2015-02-03 05:00 - 00593920 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-03-11 15:39 - 2015-02-03 04:26 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-03-11 15:39 - 2015-01-31 01:56 - 00370488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-03-11 15:39 - 2014-11-01 00:22 - 00521384 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-03-11 15:39 - 2014-06-28 02:21 - 00455752 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-03-11 15:39 - 2014-06-28 02:21 - 00409272 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-03-11 15:38 - 2015-02-03 05:12 - 00275968 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-03-11 15:38 - 2015-02-03 05:12 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-03-11 15:38 - 2015-02-03 05:12 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-03-11 15:38 - 2015-02-03 05:12 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-03-11 15:38 - 2015-02-03 05:12 - 00038912 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-03-11 15:38 - 2015-02-03 05:12 - 00010752 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-03-11 15:38 - 2015-02-03 05:12 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-03-11 15:38 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-03-11 15:38 - 2015-02-03 05:12 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-03-11 15:38 - 2015-02-03 05:11 - 12625408 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-03-11 15:38 - 2015-02-03 05:11 - 00023040 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-03-11 15:38 - 2015-02-03 05:11 - 00016896 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-03-11 15:38 - 2015-02-03 05:11 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-03-11 15:38 - 2015-02-03 05:11 - 00008192 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-03-11 15:38 - 2015-02-03 05:10 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-03-11 15:38 - 2015-02-03 05:09 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-03-11 15:38 - 2015-02-03 05:08 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 13:09 - 2009-07-14 06:34 - 00022688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-06 13:09 - 2009-07-14 06:34 - 00022688 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-06 13:07 - 2010-03-24 15:51 - 01448487 _____ () C:\windows\WindowsUpdate.log
2015-04-06 13:07 - 2010-02-02 06:26 - 01584626 _____ () C:\windows\system32\PerfStringBackup.INI
2015-04-06 13:03 - 2012-04-29 11:02 - 00000914 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-04-06 13:02 - 2010-09-28 15:19 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-06 13:02 - 2010-02-02 06:40 - 00000000 ____D () C:\ProgramData\HPQLOG
2015-04-06 13:02 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-04-05 20:41 - 2014-11-12 16:22 - 00000320 _____ () C:\windows\Tasks\HPCeeScheduleForTRTÍK.job
2015-04-05 20:20 - 2010-09-28 15:19 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-03 09:50 - 2010-02-02 06:41 - 00000000 ____D () C:\ProgramData\PDFC
2015-04-01 14:41 - 2010-05-06 18:03 - 00000052 _____ () C:\windows\system32\DOErrors.log
2015-03-29 20:21 - 2011-01-06 19:11 - 00000000 ____D () C:\Users\TRTÍK\AppData\Roaming\OpenOffice.org2
2015-03-29 17:26 - 2014-02-10 17:09 - 00000000 ___RD () C:\Users\TRTÍK\Desktop\vše potřebné
2015-03-26 17:19 - 2014-05-06 19:42 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-03-26 17:18 - 2014-12-11 19:26 - 00000000 ____D () C:\windows\system32\appraiser
2015-03-24 21:14 - 2012-01-20 22:05 - 00000000 ____D () C:\Users\TRTÍK\AppData\Roaming\ICQ
2015-03-23 21:04 - 2014-04-19 14:05 - 00000000 ____D () C:\Users\TRTÍK\Desktop\vyprávěj extra
2015-03-22 19:16 - 2009-07-14 04:04 - 00000215 _____ () C:\windows\system.ini
2015-03-22 19:14 - 2009-07-14 04:03 - 60293120 _____ () C:\windows\system32\config\software.bak
2015-03-22 19:14 - 2009-07-14 04:03 - 17825792 _____ () C:\windows\system32\config\system.bak
2015-03-22 19:14 - 2009-07-14 04:03 - 00524288 _____ () C:\windows\system32\config\default.bak
2015-03-22 19:14 - 2009-07-14 04:03 - 00262144 _____ () C:\windows\system32\config\security.bak
2015-03-22 19:14 - 2009-07-14 04:03 - 00262144 _____ () C:\windows\system32\config\sam.bak
2015-03-21 12:36 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2015-03-21 12:36 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2015-03-21 12:19 - 2010-09-28 15:18 - 00000000 ____D () C:\Program Files\Google
2015-03-21 12:17 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\config\Journal
2015-03-21 11:55 - 2010-02-02 06:19 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-21 10:27 - 2010-04-16 07:33 - 00000000 ____D () C:\Users\TRTÍK
2015-03-21 10:22 - 2010-09-28 15:19 - 00000000 ____D () C:\Users\TRTÍK\AppData\Local\Google
2015-03-21 10:21 - 2010-09-28 15:18 - 00000000 ____D () C:\ProgramData\Google
2015-03-21 10:19 - 2010-04-16 07:34 - 00109240 _____ () C:\Users\TRTÍK\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-21 10:15 - 2009-07-14 06:33 - 00420376 _____ () C:\windows\system32\FNTCACHE.DAT
2015-03-20 22:17 - 2010-02-02 07:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-03-20 22:17 - 2010-02-02 06:59 - 00000000 ____D () C:\Program Files\Microsoft.NET
2015-03-20 22:17 - 2010-02-02 06:54 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-20 22:17 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-20 22:11 - 2010-02-02 06:54 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-20 22:10 - 2009-07-27 13:08 - 00000000 ____D () C:\windows\ShellNew
2015-03-20 22:07 - 2009-07-14 04:04 - 00000387 _____ () C:\windows\win.ini
2015-03-20 21:46 - 2010-12-27 01:34 - 00000000 ____D () C:\ProgramData\ICQ
2015-03-20 21:34 - 2011-11-24 22:05 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-20 21:22 - 2011-11-24 22:07 - 00000000 ____D () C:\ProgramData\AVG2012
2015-03-16 18:17 - 2012-04-29 12:39 - 00000000 ___RD () C:\Users\TRTÍK\Desktop\Film
2015-03-16 18:15 - 2014-10-18 11:31 - 00000000 ____D () C:\Users\TRTÍK\Desktop\jára cimrman
2015-03-13 22:08 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2015-03-12 17:51 - 2014-05-04 11:21 - 00000000 ____D () C:\windows\system32\MRT
2015-03-12 17:35 - 2014-05-04 11:21 - 119837696 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-03-10 17:10 - 2009-07-14 06:53 - 00032584 _____ () C:\windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2011-05-04 16:59 - 2011-05-04 16:59 - 0001849 _____ () C:\Users\TRTÍK\AppData\Roaming\GhostObjGAFix.xml
2011-07-27 20:30 - 2011-07-27 20:30 - 0000000 _____ () C:\Users\TRTÍK\AppData\Local\{B3415A81-A95A-499C-A9D2-AD58DD1F0A67}
2011-07-27 11:24 - 2011-07-27 11:24 - 0000000 _____ () C:\Users\TRTÍK\AppData\Local\{FB1D9927-F123-4BCC-8E1F-41EDE0FDCFC6}
2010-08-07 09:32 - 2010-08-07 09:32 - 0000056 ____H () C:\ProgramData\ezsidmv.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-05 19:18

==================== End Of Log ============================

Re: Prosím o kontrolu

Napsal: 06 dub 2015 12:16
od industrol
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by TRTÍK at 2015-04-06 13:12:58
Running from C:\Users\TRTÍK\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.65 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
ArcSoft TotalMedia (HKLM\...\ArcSoft TotalMedia) (Version: 1.0.23.17 - ArcSoft)
ArcSoft TotalMedia (Version: 1.0.33.17 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 1.0.0.26 - ArcSoft)
Asistent pro přihlášení ke službě Windows Live (HKLM\...\{3E62B27C-342F-4B44-9331-CA4BC59A586F}) (Version: 5.000.818.5 - Microsoft Corporation)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{A788EAC0-E8F6-C07E-DD10-2E86CF8229A1}) (Version: 3.0.750.0 - ATI Technologies, Inc.)
ccc-core-static (Version: 2009.1208.2236.40549 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 2.32 - Piriform)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.5 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (HKLM\...\Drive Encryption) (Version: 5.0.4.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.4.0 - Hewlett-Packard) Hidden
Face Recognition for HP ProtectTools (HKLM\...\InstallShield_{CB65A1C3-533D-4EA6-82B5-FBA926F19079}) (Version: 2.01.651 - Hewlett-Packard)
Face Recognition for HP ProtectTools (Version: 2.01.651 - Hewlett-Packard) Hidden
File Sanitizer For HP ProtectTools (HKLM\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.2 - Hewlett-Packard)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{67C090D6-109A-47D7-8DED-4160C4D96F32}) (Version: 4.0.4.1 - Hewlett-Packard)
HP Advisor (HKLM\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM\...\{871732B3-1EE5-4C54-8462-8BFF516880B7}) (Version: 1.0.5.1 - Hewlett-Packard Company)
HP HotKey Support (HKLM\...\{0497B553-0E3F-4CCD-BE13-E28F1A54B318}) (Version: 3.5.13.1 - Hewlett-Packard Company)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
HP Power Assistant (HKLM\...\{EEB023B5-8EBE-4BEB-90C8-BDA16ABEDBB4}) (Version: 1.0.3.2 - Hewlett-Packard)
HP Power Data (HKLM\...\{E366F338-BF6E-4165-BDDB-3DCCB3388F9F}) (Version: 1.0.7.77 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.12.754 - Hewlett-Packard Company)
HP QuickLook (HKLM\...\{8B49BD5E-C896-4F65-95DC-3F84424226E8}) (Version: 3.2.0.14 - Hewlett-Packard)
HP QuickWeb (HKLM\...\{7861911B-4270-498A-8F7A-FCF0570F485D}) (Version: 1.0.1.53 - DeviceVM, Inc.)
HP Setup (HKLM\...\{1E6219D4-027E-47EE-AB83-DD2F26E31A32}) (Version: 1.2.3557.3169 - Hewlett-Packard)
HP SoftPaq Download Manager (HKLM\...\{2DA697D7-FED3-4DE2-A174-92A2A12F9688}) (Version: 3.0.5.0 - Hewlett-Packard Company)
HP Software Framework (HKLM\...\{2712DAD6-C1F7-4295-B06E-17D6DC62EC20}) (Version: 3.5.13.1 - Hewlett-Packard Company)
HP Software Setup (HKLM\...\{04801E42-B1A6-4C52-9F3D-CADB5A050433}) (Version: 7.0.1.5 - Hewlett-Packard Company)
HP User Guides 0189 (HKLM\...\{3BDB9B89-56B5-4953-B052-AEB75FCBFC93}) (Version: 1.01.0000 - Hewlett-Packard)
HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.3 - Hewlett-Packard Company)
HP Webcam Driver (HKLM\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.1.7600.0024 - Realtek Semiconductor Corp.)
HP Wireless Assistant (HKLM\...\{0279C882-B150-44B6-A769-A7C8A2F31CE3}) (Version: 4.0.3.2 - Hewlett-Packard)
ICQ7.7 (HKLM\...\{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}) (Version: 7.7 - ICQ)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java(TM) 6 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
Landi 2003 - jazykový kurz (HKLM\...\Landi 2003 - jazykový kurz) (Version: - )
Landi Diktáty (HKLM\...\Landi Diktáty) (Version: - )
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Malwarebytes Anti-Malware verze 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Thunderbird (1.0.7) (HKLM\...\Mozilla Thunderbird (1.0.7)) (Version: 1.0.7 (cs) - Mozilla)
Nástroj pro odesílání služby Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
OpenOffice.org 2.0 (HKLM\...\{F6B0E67F-598C-4318-AE93-420E93CAA47C}) (Version: 2.0.8968 - OpenOffice.org)
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.112 - PDF Complete, Inc)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{142D2DFA-1FB7-41B9-8509-DAB5F3978CE4}) (Version: 5.01.734 - Hewlett-Packard)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0007 - Realtek)
Realtek USB 2.0 Card Reader (HKLM\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.1 - Synaptics Incorporated)
Theft Recovery (HKLM\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (Version: 5.1.0.18 - Hewlett-Packard) Hidden
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.50a - Ghisler Software GmbH)
Validity Fingerprint Driver (HKLM\...\{78365FC6-09CA-4AC3-BC01-70FB46596047}) (Version: 4.0.15.0 - Validity Sensors, Inc.)
VLC media player 1.0.5 (HKLM\...\VLC media player) (Version: 1.0.5 - VideoLAN Team)
Windows 7 Default Setting (HKLM\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.4 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) (HKLM\...\B7541EC5F72AA713F557569278EB6273725F5607) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (HKLM\...\A6A8668C0A13640CA28FE2A7D9654BE4AE478B13) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\BF20603967CFDCB2BBF91950E8A56DFBC5C833FE) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
ZAV 4.48 (HKLM\...\ZAV_DOMA_is1) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002_Classes\CLSID\{395610AE-C624-4f58-B89E-23733EA00F9A}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> No File Path

==================== Restore Points =========================

24-03-2015 17:19:58 Windows Update
25-03-2015 20:00:13 Windows Update
31-03-2015 13:40:06 Windows Update
04-04-2015 12:14:09 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2015-03-22 19:16 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00DFAFAB-37CA-41EA-B722-15101B2AE0F6} - System32\Tasks\{5AEEC262-A346-4688-ACEE-4C98206D4184} => pcalua.exe -a G:\AUTORUN.EXE -d G:\
Task: {12783150-FFD9-4353-B78C-E7B288CE3DA7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {140E4CC8-B264-409C-8CD6-9D1104AF9906} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {3C92B879-E31D-4E5F-AB62-A3D3A15C5BB8} - System32\Tasks\{2A5C7660-DB4A-4213-9500-0177894DD50D} => Iexplore.exe http://ui.skype.com/ui/0/4.2.0.169/cs/a ... adyoffered
Task: {4D14E0E1-D5EC-4531-837E-AC8129C954BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {619296C8-BA6B-4C0F-B925-02A1BA34924E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {7C13F03F-C7B8-46DD-BCC5-F0BC202A10EA} - System32\Tasks\{75EA8FE0-738D-46EB-8778-1AE6583F215B} => Iexplore.exe http://www.skype.com/go/downloading?sou ... tError=404
Task: {873890BB-0BDD-4988-AFA6-CA5727BE6ADE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\NetworkCheck => c:\program files\hewlett-packard\hp health check\activecheck\product_line\Detection_NetworkCheck.exe [2014-04-22] (Hewlett-Packard)
Task: {94BC78B7-53EB-46BA-A6CE-5F7860C358C4} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {9F68D794-DF38-4C17-A12A-EC827E27C058} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {A450DA49-CFB7-4AF1-AC1A-58499277D94A} - System32\Tasks\{E83E2380-5288-41B9-9ADC-BC08FEB5AB59} => Chrome.exe http://ui.skype.com/ui/0/6.7.0.102/cs/a ... =tsInstall
Task: {B6CFBD1C-5A78-44D2-8FAB-1E7BF4CE9450} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B8BCBAF6-60EC-4192-8DC5-7A420E8DDBD6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B95D7734-E069-42C5-A29A-28DF354F6455} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C314CD19-4878-4390-B041-537ACC3A9B4C} - System32\Tasks\HPCeeScheduleForTRTÍK => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C4C00EB1-ADC0-4538-82D5-1A29BEC0AB65} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {C6E6C585-39B8-44EC-94F8-BA85982F8D89} - System32\Tasks\{3FD7A9DA-FDF5-41D7-BCEC-F700D6397D80} => Chrome.exe http://ui.skype.com/ui/0/6.11.0.102/cs/ ... rogressBar
Task: {D42B317D-249A-49B7-B83C-AB0635BA5E10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {DE131447-5C86-45E2-ADA5-A416A5BE0C71} - System32\Tasks\{3985A037-2145-4A88-B22D-43600BE68973} => Iexplore.exe http://www.skype.com/go/downloading?sou ... tError=404
Task: {ED6592F8-957D-4CFC-B112-FA92B8AB8439} - System32\Tasks\{C7EFDAF1-83B6-4BE6-80FF-EC712939EB9C} => Iexplore.exe http://www.skype.com/go/downloading?sou ... tError=404

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForTRTÍK.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) ==============

2009-12-11 21:20 - 2009-12-11 21:20 - 00648464 _____ () C:\windows\system32\SUPSDK.dll
2010-04-20 09:10 - 2010-04-20 09:10 - 00079360 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2009-06-11 01:30 - 2009-06-11 01:30 - 00098304 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-03-24 15:51 - 2010-03-24 15:51 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-12-17 00:48 - 2009-12-17 00:48 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\HPCommon.XmlSerializers.dll
2015-04-03 20:21 - 2015-03-30 23:07 - 01174856 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 20:21 - 2015-03-30 23:07 - 00080200 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 20:21 - 2015-03-30 23:07 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.118\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\TRTÍK\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.0.138

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^TRTÍK^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk => C:\windows\pss\OpenOffice.org 2.0.lnk.Startup
MSCONFIG\startupreg: File Sanitizer => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: HPPowerAssistant => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
MSCONFIG\startupreg: HPWirelessAssistant => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
MSCONFIG\startupreg: QLBController => C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start

==================== Accounts: =============================

Administrator (S-1-5-21-2018833422-2900327754-1930971165-500 - Administrator - Disabled)
Guest (S-1-5-21-2018833422-2900327754-1930971165-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2018833422-2900327754-1930971165-1004 - Limited - Enabled)
TRTÍK (S-1-5-21-2018833422-2900327754-1930971165-1002 - Administrator - Enabled) => C:\Users\TRTÍK

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2015 01:10:33 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota 1, 2, 0, 17 atributu version v prvku assemblyIdentity je neplatná.

Error: (03/22/2015 06:50:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: handle.3XE, verze: 3.42.0.0, časové razítko: 0x492312a9
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.18247, časové razítko: 0x521ea91c
Kód výjimky: 0xc0000005
Posun chyby: 0x000728a0
ID chybujícího procesu: 0x9a4
Čas spuštění chybující aplikace: 0xhandle.3XE0
Cesta k chybující aplikaci: handle.3XE1
Cesta k chybujícímu modulu: handle.3XE2
ID zprávy: handle.3XE3

Error: (03/21/2015 11:51:57 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Chyba služby Stínová kopie svazků: Při dotazu na rozhraní IVssWriterCallback došlo k neočekávané chybě. hr = 0x80070005, Přístup byl odepřen.
.
To je často způsobeno nesprávným nastavením zabezpečení v modulu pro zápis nebo žadateli.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {05d127c3-19b8-41e4-9d31-ef1254df6eb2}

Error: (03/15/2015 10:44:22 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Správce oken plochy zjistil závažnou chybu (0x0).

Error: (03/03/2015 08:04:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: ICQ.exe, verze: 7.7.0.6547, časové razítko: 0x4f0bf762
Název chybujícího modulu: MUIUtils.dll, verze: 7.7.0.6547, časové razítko: 0x4f0bf629
Kód výjimky: 0xc0000005
Posun chyby: 0x00131e58
ID chybujícího procesu: 0xdc0
Čas spuštění chybující aplikace: 0xICQ.exe0
Cesta k chybující aplikaci: ICQ.exe1
Cesta k chybujícímu modulu: ICQ.exe2
ID zprávy: ICQ.exe3

Error: (03/01/2015 10:53:12 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota 1, 2, 0, 17 atributu version v prvku assemblyIdentity je neplatná.

Error: (02/28/2015 09:42:58 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota 1, 2, 0, 17 atributu version v prvku assemblyIdentity je neplatná.

Error: (02/28/2015 08:57:52 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota 1, 2, 0, 17 atributu version v prvku assemblyIdentity je neplatná.

Error: (02/26/2015 06:18:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota 1, 2, 0, 17 atributu version v prvku assemblyIdentity je neplatná.

Error: (02/25/2015 08:31:48 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota 1, 2, 0, 17 atributu version v prvku assemblyIdentity je neplatná.


System errors:
=============
Error: (04/02/2015 09:28:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (21:26:38, ‎2.‎4.‎2015) bylo neočekávané.

Error: (03/31/2015 03:50:52 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (14:13:49, ‎31.‎3.‎2015) bylo neočekávané.

Error: (03/22/2015 07:15:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Předchozí vypnutí systému (18:14:07, ‎22.‎3.‎2015) bylo neočekávané.

Error: (03/22/2015 07:13:29 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/22/2015 07:10:53 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/22/2015 07:08:15 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/22/2015 06:57:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/22/2015 06:53:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/22/2015 06:50:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (03/21/2015 00:34:26 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.


Microsoft Office Sessions:
=========================
Error: (04/06/2015 01:10:33 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion1, 2, 0, 17c:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Studio MV\CaptureModule.exe.Manifestc:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Studio MV\CaptureModule.exe.Manifest3

Error: (03/22/2015 06:50:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: handle.3XE3.42.0.0492312a9ntdll.dll6.1.7601.18247521ea91cc0000005000728a09a401d064c048505e99C:\ComboFix\handle.3XEC:\windows\SYSTEM32\ntdll.dll86459bf2-d0b3-11e4-ae86-d8d385e928c1

Error: (03/21/2015 11:51:57 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Přístup byl odepřen.


Operace:
Shromažďování dat modulu pro zápis

Kontext:
ID třídy modulu pro zápis: {e8132975-6f93-4464-a53e-1050253ae220}
Název modulu pro zápis: System Writer
ID instance modulu pro zápis: {05d127c3-19b8-41e4-9d31-ef1254df6eb2}

Error: (03/15/2015 10:44:22 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x0

Error: (03/03/2015 08:04:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ICQ.exe7.7.0.65474f0bf762MUIUtils.dll7.7.0.65474f0bf629c000000500131e58dc001d055d6332d316dC:\Program Files\ICQ7.7\ICQ.exeC:\Program Files\ICQ7.7\MUIUtils.dllca782e2e-c1cf-11e4-aac7-d8d385e928c1

Error: (03/01/2015 10:53:12 AM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion1, 2, 0, 17c:\program files\Arcsoft\totalmedia suite\totalmedia studio mv\CaptureModule.exe.Manifestc:\program files\Arcsoft\totalmedia suite\totalmedia studio mv\CaptureModule.exe.Manifest3

Error: (02/28/2015 09:42:58 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion1, 2, 0, 17c:\program files\Arcsoft\totalmedia suite\totalmedia studio mv\CaptureModule.exe.Manifestc:\program files\Arcsoft\totalmedia suite\totalmedia studio mv\CaptureModule.exe.Manifest3

Error: (02/28/2015 08:57:52 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion1, 2, 0, 17c:\program files\Arcsoft\totalmedia suite\totalmedia studio mv\CaptureModule.exe.Manifestc:\program files\Arcsoft\totalmedia suite\totalmedia studio mv\CaptureModule.exe.Manifest3

Error: (02/26/2015 06:18:27 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion1, 2, 0, 17c:\program files\Arcsoft\totalmedia suite\totalmedia studio mv\CaptureModule.exe.Manifestc:\program files\Arcsoft\totalmedia suite\totalmedia studio mv\CaptureModule.exe.Manifest3

Error: (02/25/2015 08:31:48 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: assemblyIdentityversion1, 2, 0, 17c:\program files\Arcsoft\totalmedia suite\totalmedia studio mv\CaptureModule.exe.Manifestc:\program files\Arcsoft\totalmedia suite\totalmedia studio mv\CaptureModule.exe.Manifest3


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 29%
Total physical RAM: 2991.43 MB
Available physical RAM: 2111.38 MB
Total Pagefile: 5981.15 MB
Available Pagefile: 4556.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:280.8 GB) (Free:101.09 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.48 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 58054A99)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=280.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

Re: Prosím o kontrolu

Napsal: 06 dub 2015 13:29
od Márty84
:!: Stale tam nemate antivir!


:arrow: Napiste mi velikost adresare plochy (C:\Users\TRTÍK\Plocha)


:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-04-04] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []

FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4

R1 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 602SQL 8 FastCGI Client; C:\Program Files\Software602\602SQL95\602FSVC8.EXE [X]

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForTRTÍK.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

2015-03-20 21:22 - 2011-11-24 22:07 - 00000000 ____D () C:\ProgramData\AVG2012

C:\Program Files\AVG
C:\windows\System32\DRIVERS\avgmfx86.sys
C:\windows\System32\drivers\mfetdik.sys
C:\windows\system32\Drivers\RsvLock.sys
C:\windows\system32\Drivers\SbAlg.sys
C:\windows\system32\Drivers\SbFsLock.sys

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Re: Prosím o kontrolu

Napsal: 06 dub 2015 14:22
od industrol
Ani po půlhodině proces neodpovídal, takže jsem to natvrdo vypnout. Fixlog to ale vytvořilo. Co mám nainstalovat jako antivir? Je avast nejschůdnější cesta?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by TRTÍK at 2015-04-06 14:35:14 Run:1
Running from C:\Users\TRTÍK\Desktop
Loaded Profiles: TRTÍK (Available profiles: TRTÍK)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-04-04] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []

FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4

R1 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [40088 2009-12-16] (McAfee, Inc.)
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51800 2009-12-16] (McAfee, Inc.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [13256 2009-12-16] (McAfee, Inc.)
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 602SQL 8 FastCGI Client; C:\Program Files\Software602\602SQL95\602FSVC8.EXE [X]

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForTRTÍK.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

2015-03-20 21:22 - 2011-11-24 22:07 - 00000000 ____D () C:\ProgramData\AVG2012

C:\Program Files\AVG
C:\windows\System32\DRIVERS\avgmfx86.sys
C:\windows\System32\drivers\mfetdik.sys
C:\windows\system32\Drivers\RsvLock.sys
C:\windows\system32\Drivers\SbAlg.sys
C:\windows\system32\Drivers\SbFsLock.sys

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.


Velikost plochy je neuvěřitelných 135 GB

Re: Prosím o kontrolu

Napsal: 06 dub 2015 14:55
od Márty84
industrol píše:Velikost plochy je neuvěřitelných 135 GB
:arrow: Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku :D


industrol píše:Ani po půlhodině proces neodpovídal, takže jsem to natvrdo vypnout.
Zkuste to jeste jednou. Poupravim skript.

:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-04-04] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []

FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4

R1 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 602SQL 8 FastCGI Client; C:\Program Files\Software602\602SQL95\602FSVC8.EXE [X]

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForTRTÍK.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

2015-03-20 21:22 - 2011-11-24 22:07 - 00000000 ____D () C:\ProgramData\AVG2012

C:\Program Files\AVG
C:\windows\System32\DRIVERS\avgmfx86.sys
C:\windows\System32\drivers\mfetdik.sys

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.


industrol píše:Co mám nainstalovat jako antivir? Je avast nejschůdnější cesta?
Ja Avast pouzivam uz asi 8 let a vyhovuje mi. Ale volba je na vas.

Re: Prosím o kontrolu

Napsal: 06 dub 2015 15:51
od industrol
Znova jsem kouknul na správný postup a udělal to tak, ale zase jsem to musel vypnout já. Fixlog to vytvořilo.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by TRTÍK at 2015-04-06 16:05:04 Run:2
Running from C:\Users\TRTÍK\Desktop
Loaded Profiles: TRTÍK (Available profiles: TRTÍK)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-04-04] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []

FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4

R1 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 602SQL 8 FastCGI Client; C:\Program Files\Software602\602SQL95\602FSVC8.EXE [X]

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForTRTÍK.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

2015-03-20 21:22 - 2011-11-24 22:07 - 00000000 ____D () C:\ProgramData\AVG2012

C:\Program Files\AVG
C:\windows\System32\DRIVERS\avgmfx86.sys
C:\windows\System32\drivers\mfetdik.sys

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.

Re: Prosím o kontrolu

Napsal: 06 dub 2015 16:03
od Márty84
Fixlog to mozna vytvorilo, ale nic nemazalo. Neco mu v tom brani. Tak jeste posledni pokus, znovu s upravenym skriptem.


:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:
CreateRestorePoint:

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-04-04] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []

FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4

R1 Avgmfx86; C:\windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 602SQL 8 FastCGI Client; C:\Program Files\Software602\602SQL95\602FSVC8.EXE [X]

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForTRTÍK.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

2015-03-20 21:22 - 2011-11-24 22:07 - 00000000 ____D () C:\ProgramData\AVG2012

C:\Program Files\AVG
C:\windows\System32\DRIVERS\avgmfx86.sys

Hosts:
EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.



Kdyby to zase neslo, zkuste to v nouzovem rezimu.

Re: Prosím o kontrolu

Napsal: 06 dub 2015 17:04
od industrol
Nepomohlo to. Ted koukám, že je zapnutý windows defender. Může to mít vliv?

Re: Prosím o kontrolu

Napsal: 06 dub 2015 18:11
od Márty84
industrol píše:Ted koukám, že je zapnutý windows defender. Může to mít vliv?
Nemelo by, navic v nouzovem rezimu nebezi.

Tak jinak. Dam do skriptu jen zaklad, zbytek znicim jinak.

:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start
CloseProcesses:

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [280576 2013-04-04] (Microsoft Corporation)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll No File []

FF HKLM\...\Firefox\Extensions: [{1E73965B-8B48-48be-9C8D-68B920ABC1C4}] - C:\Program Files\AVG\AVG2012\Firefox4

S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04 267440]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-25 107912]
S3 602SQL 8 FastCGI Client; C:\Program Files\Software602\602SQL95\602FSVC8.EXE [X]

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HPCeeScheduleForTRTÍK.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe

EmptyTemp:
Reboot:
End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Re: Prosím o kontrolu

Napsal: 06 dub 2015 18:38
od industrol
Opět se to seklo.

Re: Prosím o kontrolu

Napsal: 07 dub 2015 08:24
od Márty84
:arrow: Najdete tento soubor C:\Program Files\trend micro\TRTÍK.exe , kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Kliknete na Main menu a na Do a system scan only
U techto radku dejte vlevo zatrzitko

Kód: Vybrat vše

R3 - URLSearchHook: (no name) - - (no file)
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
Kliknete na nápis Fix checked a potvrdte



:arrow: Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
gupdate
AdobeFlashPlayerUpdateSvc
gupdatem
Avgmfx86

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\HPCeeScheduleForTRTÍK.job
C:\windows\System32\DRIVERS\avgmfx86.sys
C:\ProgramData\AVG2012
Kliknete na MoveIt a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)

Re: Prosím o kontrolu

Napsal: 07 dub 2015 12:01
od industrol
Vše jsem udělal, jen trend micro jsem tam nenašel dva řádky a to:
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

Na ploše se objevil desktop.ini a obsahuje:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Microsoft Office - 60 Day Trial.lnk=@C:\PROGRA~1\MIDDD5~1\mui\oaa.dll,-103
Znamená to něco nebo to můžu smazat? Bylo to vytvořeno v roce 2010.

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TRTÍK
->Temp folder emptied: 61869 bytes
->Temporary Internet Files folder emptied: 296300484 bytes
->Java cache emptied: 1141927 bytes
->Google Chrome cache emptied: 16548321 bytes
->Flash cache emptied: 2354 bytes

User: TRTÖK
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11046428 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 44025663 bytes
RecycleBin emptied: 283384 bytes

Total Files Cleaned = 352.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: TRTÍK
->Flash cache emptied: 0 bytes

User: TRTÖK

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTM Restore Point
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service Avgmfx86 stopped successfully!
Service Avgmfx86 deleted successfully!
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
C:\windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\windows\tasks\HPCeeScheduleForTRTÍK.job moved successfully.
C:\windows\System32\DRIVERS\avgmfx86.sys moved successfully.
C:\ProgramData\AVG2012\Temp folder moved successfully.
C:\ProgramData\AVG2012\SetupBackup folder moved successfully.
C:\ProgramData\AVG2012\log folder moved successfully.
C:\ProgramData\AVG2012\IDS\profile folder moved successfully.
C:\ProgramData\AVG2012\IDS folder moved successfully.
C:\ProgramData\AVG2012\Chjw\32a28ceda28cb73f folder moved successfully.
C:\ProgramData\AVG2012\Chjw\2a8027b880278981 folder moved successfully.
C:\ProgramData\AVG2012\Chjw\1e707a5c707a3b1b folder moved successfully.
C:\ProgramData\AVG2012\Chjw folder moved successfully.
C:\ProgramData\AVG2012\cfgall folder moved successfully.
C:\ProgramData\AVG2012\Cfg folder moved successfully.
C:\ProgramData\AVG2012 folder moved successfully.

OTM by OldTimer - Version 3.1.21.0 log created on 04072015_125342

Re: Prosím o kontrolu

Napsal: 07 dub 2015 17:48
od Márty84
industrol píše:Na ploše se objevil desktop.ini a obsahuje:
:arrow: Odkryly se nejspis skryte a systemove soubory a slozky
http://www.tipypropc.cz/jak-v-pruzkumni ... e-soubory/
Akorat vy je samozrejme misto zobrazeni nechate skryt.
Dejte vedet, jestli to zabralo.




:arrow: Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

Start

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

End
Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev fixlist a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte FRST jako spravce, kliknete na napis Fix a program vykona prikazy.
Po restartu pc by se mel objevit novy log - s nazvem fixlog, ten mi sem zase zkopirujte.

Re: Prosím o kontrolu

Napsal: 08 dub 2015 17:51
od industrol
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by TRTÍK at 2015-04-08 18:50:07 Run:7
Running from C:\Users\TRTÍK\Desktop
Loaded Profiles: TRTÍK (Available profiles: TRTÍK)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> {6537C524-DDDB-4964-B1C7-A9C977A0B269} URL = http://www.bing.com/search?q={searchTer ... -SearchBox
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-2018833422-2900327754-1930971165-1002 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

End
*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6537C524-DDDB-4964-B1C7-A9C977A0B269}" => Key deleted successfully.
HKCR\CLSID\{6537C524-DDDB-4964-B1C7-A9C977A0B269} => Key not found.
"HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6537C524-DDDB-4964-B1C7-A9C977A0B269}" => Key deleted successfully.
HKCR\CLSID\{6537C524-DDDB-4964-B1C7-A9C977A0B269} => Key not found.
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKU\S-1-5-21-2018833422-2900327754-1930971165-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.

==== End of Fixlog 18:50:08 ====
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz