Celkoove zpomaleni PC ?

[Márty84]

Postupujte podle navodu kolegy

Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbar
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte

Dejte nove logy podle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100 - vypnete na chvili antivir, je mozne, ze to bude blokovat jako skodnou, ale pouzivame to porad, jedna se o falesny poplach
(Kdyby nesel Launcher stahnout, dejte logy jen ze samotneho FRST, tedy bez pouziti Launcheru)

[Peky]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-06-2016
Ran by Blanka (administrator) on KEPKA-8947E124A (01-07-2016 19:27:35)
Running from C:\Documents and Settings\Blanka\Plocha
Loaded Profiles: Blanka (Available Profiles: Blanka & Eda & Dominik & Karinka & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Smapp] => C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [90112 2002-06-26] (Analog Devices, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [1183656 2006-10-19] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [1958800 2006-10-19] (Acronis)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [87584 2006-10-17] (Acronis)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [BluetoothAuthenticationAgent] => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll [2004-02-10] (Intel Corporation)
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk [2015-06-02]
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk [2015-06-02]
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.33.5 192.168.33.1
Tcpip\..\Interfaces\{E106DF72-6CC3-458D-A5C7-35791BF15542}: [DhcpNameServer] 192.168.1.254 192.168.33.5 192.168.33.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.seznam.cz/?clid=22668
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
HKU\S-1-5-21-1229272821-1958367476-1547161642-1003\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.seznam.cz/?clid=22668
URLSearchHook: [S-1-5-21-1229272821-1958367476-1547161642-1003] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?sourceid=quicksearch_22668&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {15C4DF55-4B67-495A-A3D3-A497C4A49EE0} URL = hxxp://search.seznam.cz/?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {395BABE7-AA39-442B-AEE9-4EDABC0F8C02} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=cz_en&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {4097E266-DCF5-43BF-BE75-1FE0C9BF080D} URL = hxxp://www.firmy.cz/?q={searchTerms}&sourceid= ... arch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {5F188AFE-B49E-41AD-A042-F36D61A813CC} URL = hxxp://tv.seznam.cz/hledej?w={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {9B4D94F9-439F-496B-AD2F-835B7E4755CE} URL = hxxp://encyklopedie.seznam.cz/search?q={searchTerms}&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {AA106D7E-F574-47B4-8C75-71140C31753B} URL = hxxp://www.zbozi.cz/?q={searchTerms}&r=campmoz ... arch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {AD568FA8-4BA1-4CC9-9F5D-AF604CDAA195} URL = hxxp://slovnik.seznam.cz/?q={searchTerms}&lang=en_cz&sourceid=QuickSearch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {E4595010-0B0A-41BC-8493-A56A667C1DEA} URL = hxxp://www.mapy.cz/?query={searchTerms}&source ... arch_12454
SearchScopes: HKU\S-1-5-21-1229272821-1958367476-1547161642-1003 -> {F623DD05-C85C-4C62-BFD1-DB7B2B1E0C7E} URL = hxxp://www.novinky.cz/hledej?w={searchTerms}&s ... arch_12454
BHO: Podpora odkazu pro Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Blanka\Data aplikací\Mozilla\Firefox\Profiles\d2ih9pbl.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-05] (CANON INC.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Disk Google) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26]
CHR Extension: (YouTube) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-29]
CHR Extension: (Dokumenty Google offline) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-23]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [230944 2006-10-17] (Acronis)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
S3 NetSvc; c:\Program Files\Intel\NCS\Sync\NetSvc.exe [139264 2002-09-27] (Intel(R) Corporation) [File not signed]
S2 PEVSystemStart; C:\ComboFix\SWREG.3XE [518144 2000-08-31] (SteelWerX) [File not signed]
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-07-15] (Analog Devices, Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [121560 2016-07-01] (Malwarebytes)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [39264 2002-01-01] (Acronis)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-01 19:27 - 2016-07-01 19:27 - 00010868 _____ C:\Documents and Settings\Blanka\Plocha\FRST.txt
2016-07-01 19:01 - 2016-07-01 19:26 - 00000000 ____D C:\Documents and Settings\Blanka\Plocha\mbar
2016-07-01 19:01 - 2016-07-01 19:26 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes' Anti-Malware (portable)
2016-07-01 19:01 - 2016-07-01 19:01 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-01 19:01 - 2016-07-01 19:01 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-07-01 18:59 - 2016-07-01 18:59 - 16563352 _____ (Malwarebytes Corp.) C:\Documents and Settings\Blanka\Plocha\mbar-1.09.3.1001.exe
2016-06-30 15:37 - 2016-06-30 15:39 - 00000000 ___SD C:\ComboFix
2016-06-30 15:10 - 2016-06-30 15:10 - 00000300 _____ C:\WINDOWS\UPGRADE.TXT
2016-06-30 15:10 - 2016-06-30 15:10 - 00000000 _RSHD C:\cmdcons
2016-06-30 15:10 - 2016-06-30 15:10 - 00000000 ____D C:\WINDOWS\setup.pss
2016-06-30 15:10 - 2014-10-30 15:56 - 00000211 ___SH C:\BOOT.BAK
2016-06-30 15:10 - 2008-04-14 14:00 - 00261328 __RSH C:\cmldr
2016-06-29 20:36 - 2016-06-29 20:40 - 00062000 _____ C:\WINDOWS\ntbtlog.txt
2016-06-29 20:36 - 2016-06-29 20:36 - 00000000 ____D C:\WINDOWS\CSC
2016-06-28 20:56 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2016-06-28 20:56 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2016-06-28 20:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2016-06-28 20:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2016-06-28 20:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2016-06-28 20:56 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2016-06-28 20:56 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2016-06-28 20:56 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2016-06-28 20:56 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2016-06-28 20:55 - 2016-06-28 20:56 - 00000000 ____D C:\Qoobox
2016-06-28 20:55 - 2016-06-28 20:55 - 00000000 ___RD C:\Documents and Settings\Blanka\Nabídka Start\Programy\Nástroje pro správu
2016-06-28 20:55 - 2016-06-28 20:55 - 00000000 ____D C:\WINDOWS\erdnt
2016-06-28 15:25 - 2016-07-01 19:27 - 00000000 ____D C:\FRST
2016-06-28 15:22 - 2016-06-30 16:50 - 01740288 _____ (Farbar) C:\Documents and Settings\Blanka\Plocha\FRST.exe
2016-06-27 16:47 - 2016-06-27 16:47 - 00090112 _____ C:\WINDOWS\Minidump\Mini062716-01.dmp
2016-06-26 17:43 - 2016-06-26 17:43 - 00000000 ____D C:\Documents and Settings\Blanka\Data aplikací\Malwarebytes
2016-06-26 17:43 - 2016-06-26 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2016-06-26 17:27 - 2016-06-26 17:30 - 00000000 ____D C:\AdwCleaner

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-01 19:27 - 2014-11-04 08:34 - 00000468 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{D90B0509-1BFA-410E-A17C-880EC9BE4C6B}.job
2016-07-01 19:27 - 2002-01-01 01:17 - 00000000 ____D C:\Documents and Settings\Blanka\Plocha
2016-07-01 19:27 - 2002-01-01 01:17 - 00000000 ____D C:\Documents and Settings\Blanka\Local Settings\Temp
2016-07-01 19:01 - 2014-10-30 16:33 - 00000000 __RHD C:\Documents and Settings\All Users\Data aplikací
2016-07-01 18:55 - 2014-10-30 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-01 18:55 - 2008-04-14 14:00 - 00012984 _____ C:\WINDOWS\system32\wpa.dbl
2016-06-30 17:02 - 2014-10-30 16:45 - 00032338 _____ C:\WINDOWS\SchedLgU.Txt
2016-06-30 17:02 - 2002-01-01 01:17 - 00000272 ___SH C:\Documents and Settings\Blanka\ntuser.ini
2016-06-30 16:55 - 2014-10-30 16:46 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-06-30 16:55 - 2002-01-01 02:43 - 00000000 ____D C:\Documents and Settings\Karinka\Local Settings\Temp
2016-06-30 16:55 - 2002-01-01 02:24 - 00000000 ____D C:\Documents and Settings\Dominik\Local Settings\Temp
2016-06-30 16:54 - 2014-10-30 16:45 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2016-06-30 16:49 - 2015-10-26 11:20 - 00000000 ____D C:\Documents and Settings\Blanka\Data aplikací\BitTorrent
2016-06-30 16:48 - 2015-01-26 07:54 - 00000003 _____ C:\Documents and Settings\Blanka\stut
2016-06-30 15:39 - 2002-01-01 01:17 - 00000000 __RHD C:\Documents and Settings\Blanka\Data aplikací
2016-06-30 15:10 - 2014-10-30 16:31 - 00000297 __RSH C:\boot.ini
2016-06-28 20:55 - 2002-01-01 01:17 - 00000000 ___RD C:\Documents and Settings\Blanka\Nabídka Start\Programy
2016-06-28 15:20 - 2014-10-30 16:33 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2016-06-28 15:20 - 2014-10-30 16:33 - 00000000 ____D C:\Documents and Settings\All Users\Plocha
2016-06-27 19:28 - 2015-09-12 09:48 - 00000000 ____D C:\Documents and Settings\Blanka\Data aplikací\Seznam.cz
2016-06-27 19:24 - 2014-10-31 18:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2686509$
2016-06-27 16:47 - 2015-03-11 10:23 - 00000000 ____D C:\WINDOWS\Minidump
2016-06-27 16:40 - 2014-11-01 10:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2483185$
2016-06-27 16:39 - 2014-10-30 16:22 - 00000000 ___HD C:\WINDOWS\inf
2016-06-27 16:07 - 2015-01-26 07:52 - 00001259 _____ C:\Documents and Settings\Blanka\rgut
2016-06-26 17:30 - 2002-01-01 02:09 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\ICQ
2016-06-26 17:28 - 2014-11-05 08:25 - 00000000 ____D C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Google
2016-06-26 17:28 - 2014-11-05 08:23 - 00000000 ____D C:\Documents and Settings\Blanka\Local Settings\Data aplikací\Adobe
2016-06-26 17:27 - 2015-04-08 08:50 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\Google
2016-06-26 17:27 - 2014-11-05 08:25 - 00000000 ____D C:\Program Files\Google
2016-06-26 17:26 - 2014-11-05 08:25 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-06-26 17:26 - 2014-11-05 08:25 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-06-25 11:37 - 2015-03-19 13:21 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-06-21 20:55 - 2002-01-01 02:14 - 00000272 ___SH C:\Documents and Settings\Eda\ntuser.ini
2016-06-21 14:41 - 2002-01-01 02:13 - 00000000 ____D C:\Documents and Settings\Eda\Local Settings\Temp
2016-06-21 14:20 - 2015-01-25 19:29 - 00001259 _____ C:\Documents and Settings\Eda\rgut
2016-06-15 22:40 - 2014-11-12 14:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-06-15 22:25 - 2014-10-31 18:36 - 139785240 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-06-15 12:47 - 2002-01-01 02:13 - 00000000 ____D C:\Documents and Settings\Eda
2016-06-10 16:28 - 2002-01-01 02:43 - 00000178 ___SH C:\Documents and Settings\Karinka\ntuser.ini
2016-06-10 16:27 - 2014-11-12 15:05 - 00000000 ____D C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2016-06-10 15:12 - 2002-01-01 01:17 - 00000000 ___HD C:\Documents and Settings\Blanka\Local Settings\Data aplikací
2016-06-10 15:10 - 2015-11-04 16:25 - 00000000 ____D C:\Documents and Settings\Karinka\Data aplikací\Seznam.cz
2016-06-10 15:07 - 2015-01-25 19:20 - 00001259 _____ C:\Documents and Settings\Karinka\rgut

==================== Files in the root of some directories =======

2014-11-10 20:02 - 2016-05-19 15:38 - 0034304 _____ () C:\Documents and Settings\Blanka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

[Peky]

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2016.07.01.06
rootkit: v2016.05.27.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Blanka :: KEPKA-8947E124A [administrator]

1.7.2016 19:02:43
mbar-log-2016-07-01 (19-02-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 393892
Time elapsed: 24 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

[Márty84]

Zkontrolujte velikost adresare plochy.


Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

DelFix https://toolslib.net/downloads/finish/2/

• Stahnete a spustte
• Ponechte zatrzitkou pouze u volby Remove disinfection tools
• Kliknete na Run

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler https://www.piriform.com/defraggler/download/standard
Pri instalaci opet pozor na toolbar a dalsi nesmysly.
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada.

[Peky]

velikost 66.5 GB (jsou tam nejake fotky v adresari atd.)
PC je myslim nyni v pohode, diky

[Márty84]

velikost 66.5 GB (jsou tam nejake fotky v adresari atd.)

Velikost plochy by nemela presahovat 200 - 300 MB! Brzdi to chod pc. Cili ji trosku uklidte a na plochu dejte jen zastupce. Jen pozor na obcasnou chybu, ze uzivatele maji na plose slozku, v ni dalsi a v ni dalsi a do te to schovaji. To je sice hezke, ale plochu to nezmensi, jen je to v jinem supliku


Nemate zac!

Mejte se a treba zase nekdy