VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Preventiva notebook

https://forum.viry.cz:443/viewtopic.php?t=142423

Stránka 1 z 2

Preventiva notebook

Napsal: 13 led 2015 22:26
od Dreddrew
Dobrý večer,

prosím o preventivku na notebook, který byl dlouho připojen na internetu bez jakékoliv ochrany. Díky

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by zuza (administrator) on ZUZA-PC on 13-01-2015 22:19:40
Running from C:\Users\zuza\Desktop
Loaded Profile: zuza (Available profiles: zuza)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(SafeBoot International) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accoca.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Prolific Technology Inc.) C:\Windows\System32\IoctlSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-24] (InterVideo Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3842048 2008-03-19] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [10244096 2008-05-14] (Hewlett-Packard)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2014-10-01] (ESET)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-24] (Google Inc.)
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {55e1da1c-6b4b-11df-9d1f-0022645cdb1a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!

AppInit_DLLs: APSHook.dll => C:\windows\system32\APSHook.dll [76048 2008-03-25] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://www.icq.com/search/results.php?q ... &ch_id=osd
URLSearchHook: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 - (No Name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 - (No Name) - *{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - No File
URLSearchHook: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 - (No Name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL No File
SearchScopes: HKLM -> {41BE54D5-4ABD-4E9A-A9E6-8C4804E0FFDF} URL = http://slirsredirect.search.aol.com/sli ... bie7-cs-cz
SearchScopes: HKLM -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> {41BE54D5-4ABD-4E9A-A9E6-8C4804E0FFDF} URL = http://slirsredirect.search.aol.com/sli ... bie7-cs-cz
SearchScopes: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://www.icq.com/search/results.php?q ... &ch_id=osd
SearchScopes: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
BHO: BHO_Startup Class -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO: No Name -> {A3BC75A2-1F87-4686-AA43-5347D756017C} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 C:\windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-03]

Chrome:
=======
CHR Profile: C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-25]
CHR Extension: (Disk Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-25]
CHR Extension: (YouTube) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Peněženka Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
CHR Extension: (Gmail) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-16] (ActivIdentity)
R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-21] (Bioscrypt Inc.)
R2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-21] (Bioscrypt Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2014-10-01] (ESET)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [18944 2008-06-02] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-30] (SafeBoot International)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2008-05-14] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-05-12] (PDF Complete Inc)
R2 PLFlash DeviceIoControl Service; C:\windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [191928 2014-10-10] (ESET)
R1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [135296 2014-10-10] (ESET)
R2 epfw; C:\windows\System32\DRIVERS\epfw.sys [176448 2014-10-10] (ESET)
R1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [37928 2014-10-10] (ESET)
R0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [51288 2014-10-10] (ESET)
R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [12496 2008-05-30] (SafeBoot International)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [108752 2008-05-30] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51376 2008-05-30] (SafeBoot N.V.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [12928 2008-05-30] (SafeBoot International)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] ()
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 22:19 - 2015-01-13 22:20 - 00016701 _____ () C:\Users\zuza\Desktop\FRST.txt
2015-01-13 22:19 - 2015-01-13 22:19 - 00000000 ____D () C:\FRST
2015-01-13 22:18 - 2015-01-13 22:16 - 00112640 _____ (forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
2015-01-13 22:17 - 2015-01-13 22:14 - 01115648 _____ (Farbar) C:\Users\zuza\Desktop\FRST.exe
2015-01-13 22:13 - 2015-01-13 22:14 - 01115648 _____ (Farbar) C:\Users\zuza\Downloads\FRST.exe
2015-01-13 14:01 - 2015-01-13 14:01 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\ESET
2015-01-13 14:01 - 2015-01-13 14:01 - 00000000 ____D () C:\Users\zuza\AppData\Local\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\ProgramData\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\Program Files\ESET
2015-01-13 13:44 - 2015-01-13 13:44 - 01660616 _____ (ESET) C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe
2015-01-11 21:06 - 2015-01-11 20:57 - 00116878 _____ () C:\Users\zuza\Desktop\The.Holiday.2006.BrRip.x264.720p.YIFY.srt
2015-01-11 21:01 - 2015-01-08 21:34 - 840641319 _____ () C:\Users\zuza\Desktop\The.Holiday.2006.BrRip.x264.720p.YIFY.mp4
2015-01-08 19:42 - 2015-01-08 19:42 - 19843800 _____ () C:\Users\zuza\Downloads\BioluminescentForest_Image_Collection.zip
2015-01-07 00:07 - 2015-01-07 00:09 - 00000000 ____D () C:\Users\zuza\Desktop\The.Boat.That.Rocked.2009.720p.Bluray.x264.anoXmous
2015-01-06 21:31 - 2015-01-06 21:31 - 00142600 _____ () C:\windows\Minidump\Mini010615-01.dmp
2015-01-03 23:10 - 2015-01-03 23:15 - 1196435940 _____ () C:\Users\zuza\Downloads\Notting Hill =1999-J.Roberts,H.Grant-DVD-CZ.avi
2015-01-02 21:46 - 2015-01-02 21:46 - 00000318 _____ () C:\Users\zuza\Desktop\SDÍLEJ.CZ Manager.appref-ms
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDÍLEJ.CZ
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Local\Deployment
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Local\Apps\2.0
2015-01-02 21:45 - 2015-01-02 21:45 - 00467263 _____ () C:\Users\zuza\Downloads\Manager_1_42.zip
2015-01-02 21:09 - 2015-01-02 19:21 - 00100827 _____ () C:\Users\zuza\Desktop\Love.Actually.2003.720p.BluRay.x264.YIFY.srt
2015-01-02 21:09 - 2015-01-02 19:20 - 975125715 _____ () C:\Users\zuza\Desktop\Love.Actually.2003.720p.BluRay.x264.YIFY.mp4
2014-12-20 16:34 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 16:27 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-12-18 14:06 - 2014-12-18 14:10 - 00000000 ____D () C:\Users\zuza\Desktop\Begin.Again.2013.HDRip.XviD.AC3-EVO

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 22:18 - 2006-11-02 13:52 - 00393784 _____ () C:\windows\setupact.log
2015-01-13 21:50 - 2010-02-04 21:41 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 20:36 - 2006-11-02 13:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 20:36 - 2006-11-02 13:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 15:07 - 2009-03-03 22:48 - 01224903 _____ () C:\windows\WindowsUpdate.log
2015-01-13 14:42 - 2010-02-04 21:41 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 14:36 - 2008-08-04 11:10 - 00000000 ____D () C:\ProgramData\hpqLog
2015-01-13 14:36 - 2006-11-02 14:01 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-13 14:35 - 2006-11-02 14:00 - 00228650 _____ () C:\windows\PFRO.log
2015-01-13 14:34 - 2009-03-03 22:47 - 00002140 _____ () C:\windows\bthservsdp.dat
2015-01-13 14:34 - 2006-11-02 14:01 - 00032614 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-13 13:57 - 2009-03-03 15:08 - 00000000 ____D () C:\Users\zuza
2015-01-11 21:50 - 2012-08-13 12:22 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\vlc
2015-01-08 09:55 - 2009-10-04 15:07 - 00249488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-06 21:31 - 2011-09-23 08:49 - 00000000 ____D () C:\windows\Minidump
2015-01-06 21:31 - 2011-09-23 08:48 - 193792446 _____ () C:\windows\MEMORY.DMP
2015-01-03 23:21 - 2009-03-07 10:16 - 00089600 _____ () C:\Users\zuza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-31 11:51 - 2014-11-06 09:59 - 02533222 _____ () C:\Users\zuza\Desktop\light on pranayama překlad.odt
2014-12-20 16:34 - 2013-10-22 18:49 - 00000000 ____D () C:\windows\system32\MRT
2014-12-20 16:29 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe
2014-12-18 20:05 - 2008-04-17 18:00 - 01603480 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-15 21:54 - 2014-09-25 09:08 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

Some content of TEMP:
====================
C:\Users\zuza\AppData\Local\Temp\avgnt.exe
C:\Users\zuza\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\zuza\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\zuza\AppData\Local\Temp\InstHelper.exe
C:\Users\zuza\AppData\Local\Temp\SDShelEx-win32.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\zuza\Desktop" je 6224 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub
"c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS
rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor
"C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete
C:\Program Files\PDF Complete\pdfsty.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent
"C:\Program Files\Winamp\winampa.exe" [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^zuza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Preventiva notebook

Napsal: 13 led 2015 22:58
od vyosek
Zdravim :)

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Po spusteni probehne stazeni databaze
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Re: Preventiva notebook

Napsal: 13 led 2015 23:08
od Dreddrew
# AdwCleaner v4.107 - Report created 13/01/2015 at 23:04:43
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Username : zuza - ZUZA-PC
# Running from : C:\Users\zuza\Desktop\adwcleaner_4.107.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Program Files\AskTBar
Folder Deleted : C:\Program Files\ICQ6Toolbar

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{9CB65206-89C4-402C-BA80-02D8C59F9B1D}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{41BE54D5-4ABD-4E9A-A9E6-8C4804E0FFDF}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{41BE54D5-4ABD-4E9A-A9E6-8C4804E0FFDF}
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\AskTBar
Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\icq.com

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v


-\\ Google Chrome v39.0.2171.95


*************************

AdwCleaner[R0].txt - [4011 octets] - [13/01/2015 23:02:01]
AdwCleaner[S0].txt - [3918 octets] - [13/01/2015 23:04:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3978 octets] ##########

Re: Preventiva notebook

Napsal: 13 led 2015 23:12
od vyosek
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
resethosts;
emptyclsid;
IEdefaults;
FFdefaults;
CHRdefaults;
emptyIEcache;
emptyFFcache;
emptyCHRcache;
emptyalltemp;
emptyflash;
emptyjava;
emptyrecycle.bin;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Preventiva notebook

Napsal: 13 led 2015 23:17
od Dreddrew
Po spuštění programu vyskočí okno:

Skriptovací stroj VBScript pro script
C:/User/zuza/AppData/Local/Temp/os.vbs nebyl nalezen.

Co s tím? :) Díky

Re: Preventiva notebook

Napsal: 13 led 2015 23:19
od vyosek
Zkuste jej spustit v nouzovem rezimu...

Re: Preventiva notebook

Napsal: 13 led 2015 23:43
od Dreddrew
Zoek.exe v5.0.0.0 Updated 07-December-2014
Tool run by zuza on Łt 13.01.2015 at 23:24:26,84.
Microsoft® Windows Vista™ Business 6.0.6002 Service Pack 2 x86
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\zuza\Desktop\zoek.exe.scr [Scan all users] [Script inserted]

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Program Files\MSXML 4.0 deleted successfully
C:\Program Files\OLYMPUS deleted successfully
C:\PROGRA~2\Oracle deleted successfully
C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} deleted successfully
C:\Users\zuza\AppData\Roaming\HpUpdate deleted successfully
C:\Users\zuza\AppData\Roaming\WinRAR deleted successfully
C:\Users\zuza\AppData\Local\Adobe deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\*{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully
HKEY_USERS\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\*{9CB65206-89C4-402c-BA80-02D8C59F9B1D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\zuza\AppData\Roaming\Mozilla\Firefox\Profiles\V1LEerWf.default\prefs.js:

Added to C:\Users\zuza\AppData\Roaming\Mozilla\Firefox\Profiles\V1LEerWf.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~2\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} not found
C:\PROGRA~2\ICQ deleted
C:\Users\zuza\AppData\LocalLow\AVGTOOLBAR deleted
C:\windows\system32\config\systemprofile\Searches deleted
C:\Users\zuza\AppData\Roaming\Mozilla\Firefox\Profiles\V1LEerWf.default\extensions\abs@avira.com deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [02.09.2009 15:17]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb"
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... PB_enCZ317"

==== Reset Google Chrome ======================

C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent deleted successfully

==== Empty IE Cache ======================

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\zuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\zuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=173 folders=33 3873536 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\zuza\AppData\Local\Temp will be emptied at reboot
C:\windows\system32\config\systemprofile\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\zuza\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\zuza\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on Łt 13.01.2015 at 23:42:26,15 ======================

Re: Preventiva notebook

Napsal: 13 led 2015 23:47
od vyosek
Poprosim o novy log z FRST

Re: Preventiva notebook

Napsal: 13 led 2015 23:52
od Dreddrew
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-01-2015 02
Ran by zuza (administrator) on ZUZA-PC on 13-01-2015 23:50:14
Running from C:\Users\zuza\Desktop
Loaded Profile: zuza (Available profiles: zuza)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WatchDog] => C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [197904 2008-05-24] (InterVideo Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3842048 2008-03-19] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2008-04-04] (Analog Devices, Inc.)
HKLM\...\Run: [File Sanitizer] => C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe [10244096 2008-05-14] (Hewlett-Packard)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5088456 2014-10-01] (ESET)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-24] (Google Inc.)
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {55e1da1c-6b4b-11df-9d1f-0022645cdb1a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!

AppInit_DLLs: APSHook.dll => C:\windows\system32\APSHook.dll [76048 2008-03-25] (Bioscrypt Inc.)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DVD Check.lnk
ShortcutTarget: DVD Check.lnk -> C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: BHO_Startup Class -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 C:\windows\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-03-03]

Chrome:
=======
CHR Profile: C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-25]
CHR Extension: (Disk Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-25]
CHR Extension: (YouTube) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-25]
CHR Extension: (Avira Browser Safety) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]
CHR Extension: (Peněženka Google) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-25]
CHR Extension: (Gmail) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-25]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-16] (ActivIdentity)
S2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-21] (Bioscrypt Inc.)
S2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-21] (Bioscrypt Inc.)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1349576 2014-10-01] (ESET)
S2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard) [File not signed]
S2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [18944 2008-06-02] (Hewlett-Packard Development Company, L.P) [File not signed]
S2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-30] (SafeBoot International)
S2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2008-05-14] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-18] (Hewlett-Packard Company) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-05-12] (PDF Complete Inc)
S2 PLFlash DeviceIoControl Service; C:\windows\system32\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
S3 usnjsvc; C:\Program Files\MSN Messenger\usnsvc.exe [97136 2007-01-19] (Microsoft Corporation)
S3 COMSysApp; %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 eamonm; C:\windows\System32\DRIVERS\eamonm.sys [191928 2014-10-10] (ESET)
S1 ehdrv; C:\windows\System32\DRIVERS\ehdrv.sys [135296 2014-10-10] (ESET)
S2 epfw; C:\windows\System32\DRIVERS\epfw.sys [176448 2014-10-10] (ESET)
S1 EpfwLWF; C:\windows\System32\DRIVERS\EpfwLWF.sys [37928 2014-10-10] (ESET)
S0 epfwwfp; C:\windows\System32\DRIVERS\epfwwfp.sys [51288 2014-10-10] (ESET)
R0 FltMgr; C:\windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R3 Ntfs; C:\windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
S1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [12496 2008-05-30] (SafeBoot International)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [108752 2008-05-30] (SafeBoot International)
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51376 2008-05-30] (SafeBoot N.V.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [12928 2008-05-30] (SafeBoot International)
S3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] ()
U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 23:39 - 2014-02-13 23:59 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-01-13 23:27 - 2015-01-13 23:42 - 00009278 _____ () C:\zoek-results.log
2015-01-13 23:24 - 2015-01-13 23:24 - 00000069 _____ () C:\windows\NeroDigital.ini
2015-01-13 23:15 - 2015-01-13 23:15 - 04134156 _____ () C:\Users\zuza\Downloads\zoek.zip
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.scr
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.com
2015-01-13 23:15 - 2014-11-30 00:27 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe.exe
2015-01-13 23:14 - 2015-01-13 23:38 - 00000000 ____D () C:\zoek_backup
2015-01-13 23:13 - 2015-01-13 23:13 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe
2015-01-13 23:01 - 2015-01-13 23:04 - 00000000 ____D () C:\AdwCleaner
2015-01-13 22:59 - 2015-01-13 22:59 - 02191360 _____ () C:\Users\zuza\Desktop\adwcleaner_4.107.exe
2015-01-13 22:23 - 2015-01-13 22:23 - 00007901 _____ () C:\Users\zuza\Desktop\Addition.rar
2015-01-13 22:19 - 2015-01-13 23:51 - 00012017 _____ () C:\Users\zuza\Desktop\FRST.txt
2015-01-13 22:19 - 2015-01-13 23:50 - 00000000 ____D () C:\FRST
2015-01-13 22:18 - 2015-01-13 22:16 - 00112640 _____ (forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
2015-01-13 22:17 - 2015-01-13 22:14 - 01115648 _____ (Farbar) C:\Users\zuza\Desktop\FRST.exe
2015-01-13 22:13 - 2015-01-13 22:14 - 01115648 _____ (Farbar) C:\Users\zuza\Downloads\FRST.exe
2015-01-13 14:01 - 2015-01-13 14:01 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\ESET
2015-01-13 14:01 - 2015-01-13 14:01 - 00000000 ____D () C:\Users\zuza\AppData\Local\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\ProgramData\ESET
2015-01-13 13:51 - 2015-01-13 13:51 - 00000000 ____D () C:\Program Files\ESET
2015-01-13 13:44 - 2015-01-13 13:44 - 01660616 _____ (ESET) C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe
2015-01-08 19:42 - 2015-01-08 19:42 - 19843800 _____ () C:\Users\zuza\Downloads\BioluminescentForest_Image_Collection.zip
2015-01-06 21:31 - 2015-01-06 21:31 - 00142600 _____ () C:\windows\Minidump\Mini010615-01.dmp
2015-01-03 23:10 - 2015-01-03 23:15 - 1196435940 _____ () C:\Users\zuza\Downloads\Notting Hill =1999-J.Roberts,H.Grant-DVD-CZ.avi
2015-01-02 21:46 - 2015-01-02 21:46 - 00000318 _____ () C:\Users\zuza\Desktop\SDÍLEJ.CZ Manager.appref-ms
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SDÍLEJ.CZ
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Local\Deployment
2015-01-02 21:46 - 2015-01-02 21:46 - 00000000 ____D () C:\Users\zuza\AppData\Local\Apps\2.0
2015-01-02 21:45 - 2015-01-02 21:45 - 00467263 _____ () C:\Users\zuza\Downloads\Manager_1_42.zip
2014-12-20 16:34 - 2014-11-07 02:33 - 00974848 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-20 16:27 - 2014-12-03 03:06 - 00278528 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-12-18 14:06 - 2014-12-18 14:10 - 00000000 ____D () C:\Users\zuza\Desktop\Begin.Again.2013.HDRip.XviD.AC3-EVO

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-13 23:41 - 2006-11-02 14:00 - 00231730 _____ () C:\windows\PFRO.log
2015-01-13 23:20 - 2009-03-03 22:48 - 01231311 _____ () C:\windows\WindowsUpdate.log
2015-01-13 23:20 - 2009-03-03 22:47 - 00002140 _____ () C:\windows\bthservsdp.dat
2015-01-13 23:20 - 2006-11-02 14:01 - 00032614 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-01-13 23:20 - 2006-11-02 14:01 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-13 23:20 - 2006-11-02 13:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-13 23:20 - 2006-11-02 13:47 - 00003216 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-13 23:07 - 2010-02-04 21:41 - 00000936 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-13 23:06 - 2008-08-04 11:10 - 00000000 ____D () C:\ProgramData\hpqLog
2015-01-13 22:50 - 2010-02-04 21:41 - 00000940 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-13 22:29 - 2009-03-23 09:41 - 00000000 ____D () C:\Users\zuza\Documents\FILM
2015-01-13 22:21 - 2008-04-17 18:00 - 01603480 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-13 22:18 - 2006-11-02 13:52 - 00393784 _____ () C:\windows\setupact.log
2015-01-13 13:57 - 2009-03-03 15:08 - 00000000 ____D () C:\Users\zuza
2015-01-11 21:50 - 2012-08-13 12:22 - 00000000 ____D () C:\Users\zuza\AppData\Roaming\vlc
2015-01-08 09:55 - 2009-10-04 15:07 - 00249488 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-01-06 21:31 - 2011-09-23 08:49 - 00000000 ____D () C:\windows\Minidump
2015-01-06 21:31 - 2011-09-23 08:48 - 193792446 _____ () C:\windows\MEMORY.DMP
2015-01-03 23:21 - 2009-03-07 10:16 - 00089600 _____ () C:\Users\zuza\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-31 11:51 - 2014-11-06 09:59 - 02533222 _____ () C:\Users\zuza\Desktop\light on pranayama překlad.odt
2014-12-20 16:34 - 2013-10-22 18:49 - 00000000 ____D () C:\windows\system32\MRT
2014-12-20 16:29 - 2006-11-02 11:24 - 109818608 _____ (Microsoft Corporation) C:\windows\system32\mrt.exe
2014-12-15 21:54 - 2014-09-25 09:08 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personální firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\zuza\Desktop" je 3424 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\accrdsub
"c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS
rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
"C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete
C:\Program Files\PDF Complete\pdfsty.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC
"c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh
%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^zuza^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Preventiva notebook

Napsal: 14 led 2015 20:56
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-24] (Google Inc.)
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {55e1da1c-6b4b-11df-9d1f-0022645cdb1a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR Extension: (Avira Browser Safety) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]

U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

2015-01-13 23:39 - 2014-02-13 23:59 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-01-13 23:27 - 2015-01-13 23:42 - 00009278 _____ () C:\zoek-results.log
2015-01-13 23:15 - 2015-01-13 23:15 - 04134156 _____ () C:\Users\zuza\Downloads\zoek.zip
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.scr
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.com
2015-01-13 23:15 - 2014-11-30 00:27 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe.exe
2015-01-13 23:14 - 2015-01-13 23:38 - 00000000 ____D () C:\zoek_backup
2015-01-13 23:13 - 2015-01-13 23:13 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe
2015-01-13 23:01 - 2015-01-13 23:04 - 00000000 ____D () C:\AdwCleaner
2015-01-13 22:59 - 2015-01-13 22:59 - 02191360 _____ () C:\Users\zuza\Desktop\adwcleaner_4.107.exe
2015-01-13 22:23 - 2015-01-13 22:23 - 00007901 _____ () C:\Users\zuza\Desktop\Addition.rar
2015-01-13 22:19 - 2015-01-13 23:51 - 00012017 _____ () C:\Users\zuza\Desktop\FRST.txt
2015-01-13 22:18 - 2015-01-13 22:16 - 00112640 _____ (forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
2015-01-13 13:44 - 2015-01-13 13:44 - 01660616 _____ (ESET) C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe

REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f

Hosts:
EmptyTemp:
Reboot:
End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: Preventiva notebook

Napsal: 14 led 2015 22:11
od Dreddrew
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-01-2015 01
Ran by zuza at 2015-01-14 21:59:26 Run:1
Running from C:\Users\zuza\Desktop
Loaded Profiles: zuza (Available profiles: zuza)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-24] (Google Inc.)
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\MountPoints2: {55e1da1c-6b4b-11df-9d1f-0022645cdb1a} - "H:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\...\InprocServer32: [Default-pngfilt] <==== ATTENTION!

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: AOL Toolbar BHO -> {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} -> C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
Toolbar: HKU\S-1-5-21-2206674454-1512701101-3341063230-1004 -> AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR Extension: (Avira Browser Safety) - C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-09-25]

U4 eabfiltr; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

2015-01-13 23:39 - 2014-02-13 23:59 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-01-13 23:27 - 2015-01-13 23:42 - 00009278 _____ () C:\zoek-results.log
2015-01-13 23:15 - 2015-01-13 23:15 - 04134156 _____ () C:\Users\zuza\Downloads\zoek.zip
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.scr
2015-01-13 23:15 - 2014-12-07 23:06 - 01429293 _____ () C:\Users\zuza\Desktop\zoek.exe.com
2015-01-13 23:15 - 2014-11-30 00:27 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe.exe
2015-01-13 23:14 - 2015-01-13 23:38 - 00000000 ____D () C:\zoek_backup
2015-01-13 23:13 - 2015-01-13 23:13 - 01295360 _____ () C:\Users\zuza\Desktop\zoek.exe
2015-01-13 23:01 - 2015-01-13 23:04 - 00000000 ____D () C:\AdwCleaner
2015-01-13 22:59 - 2015-01-13 22:59 - 02191360 _____ () C:\Users\zuza\Desktop\adwcleaner_4.107.exe
2015-01-13 22:23 - 2015-01-13 22:23 - 00007901 _____ () C:\Users\zuza\Desktop\Addition.rar
2015-01-13 22:19 - 2015-01-13 23:51 - 00012017 _____ () C:\Users\zuza\Desktop\FRST.txt
2015-01-13 22:18 - 2015-01-13 22:16 - 00112640 _____ (forum.viry.cz) C:\Users\zuza\Desktop\FRSTLauncher.exe
2015-01-13 13:44 - 2015-01-13 13:44 - 01660616 _____ (ESET) C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe

REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f
REG: reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter => value deleted successfully.
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Windows\CurrentVersion\Run\\swg => value deleted successfully.
"HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cdfdf9b-7fd6-11e1-915b-0022645cdb1a}" => Key deleted successfully.
HKCR\CLSID\{1cdfdf9b-7fd6-11e1-915b-0022645cdb1a} => Key not found.
"HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55e1da1c-6b4b-11df-9d1f-0022645cdb1a}" => Key deleted successfully.
HKCR\CLSID\{55e1da1c-6b4b-11df-9d1f-0022645cdb1a} => Key not found.
"HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Classes\CLSID\{A3CCEDF7-2DE2-11D0-86F4-00A0C913F750}" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}" => Key deleted successfully.
"HKCR\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
"HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key deleted successfully.
HKU\S-1-5-21-2206674454-1512701101-3341063230-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => value deleted successfully.
HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => Key deleted successfully.
C:\Users\zuza\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => Moved successfully.
eabfiltr => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\Users\zuza\Downloads\zoek.zip => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe.scr => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe.com => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe.exe => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\zuza\Desktop\zoek.exe => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\zuza\Desktop\adwcleaner_4.107.exe => Moved successfully.
C:\Users\zuza\Desktop\Addition.rar => Moved successfully.
"C:\Users\zuza\Desktop\FRST.txt" => File/Directory not found.
"C:\Users\zuza\Desktop\FRSTLauncher.exe" => File/Directory not found.
C:\Users\zuza\Downloads\eset_smart_security_live_installer_.exe => Moved successfully.

========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f =========

CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.


========= End of Reg: =========


========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f =========

CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.


========= End of Reg: =========


========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f =========

CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.


========= End of Reg: =========


========= reg delere "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f =========

CHYBA: Neplatně argument nebo mo§nost - delere.
Chcete-li zobrazit n povŘdu, zadejte pýˇkaz REG /?.


========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 259.2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 22:01:10 ====

Re: Preventiva notebook

Napsal: 14 led 2015 22:30
od vyosek
Jeste jeden fixlist s timto obsahem

Kód: Vybrat vše

Start

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f

Reboot:
End

Re: Preventiva notebook

Napsal: 14 led 2015 22:35
od Dreddrew
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-01-2015 01
Ran by zuza at 2015-01-14 22:32:26 Run:2
Running from C:\Users\zuza\Desktop
Loaded Profiles: zuza (Available profiles: zuza)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f

Reboot:
End
*****************


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========



The system needed a reboot.

==== End of Fixlog 22:32:26 ====

Re: Preventiva notebook

Napsal: 14 led 2015 23:45
od vyosek
Tak jeste uklidime :James008:

:arrow: DelFix https://toolslib.net/downloads/finish/2/
  • Stahnete a spustte
  • Ponechte zatrzitkou pouze u volby Remote disinfection tools
  • Kliknete na Run
:arrow: Stahnete Ccleaner https://www.piriform.com/ccleaner/download/standard
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|

Re: Preventiva notebook

Napsal: 15 led 2015 13:21
od Dreddrew
Díky moc!!!
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz