VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Zamrzání PC + HJT log

https://forum.viry.cz:443/viewtopic.php?t=143444

Stránka 1 z 1

Zamrzání PC + HJT log

Napsal: 10 bře 2015 19:31
od Redkitty
Zdravím, mám problém s tím, že počítač vždy po přihlášení do profilu zamrzne (i v nouzovém režimu, ale trvá to déle). Kurzorem pořád hýbat jde, ale jinak nic nereaguje (pouze se místo kurzoru ukazuje "kolečko"). Myslím si, že jde o vir hlavně proto, že se mi samo od sebe vyplo zabezpečení Systému Windows a nelze spustit. Zkoušela jsem různé skeny, včetně MBAM, ale bohužel jsem nikdy nemohla dojet kompletní kontrolu, protože vždy došlo k výše uvedenému zamrznutí. Přikládám log HJT (dělaný v nouzovém režimu)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:17:46, on 10.3.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16866)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\DllHost.exe
C:\Users\Klara\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MIF5BA~1\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SDActiveMonitor] "C:\Program Files\Max Spyware Detector\MaxSDTray.exe" -AUTO
O4 - HKLM\..\Run: [MaxUSBProc] "C:\Program Files\Max Spyware Detector\MaxUSBProc.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do Microsoft Excelu - res://C:\PROGRA~1\MIF5BA~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do OneNotu - res://C:\PROGRA~1\MIF5BA~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Odeslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do OneNotu - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Volání kliknutím v Lyncu - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Evolve Service (EvoSvc) - Echobit LLC - C:\Program Files\Echobit\Evolve\EvoSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Intel Corporation - C:\Windows\system32\igfxCUIService.exe
O23 - Service: MaxMerger - Max Secure Software - C:\Program Files\Max Spyware Detector\MaxMerger.exe
O23 - Service: MaxWatchDogService - Max Secure Software - C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\KMPService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6672 bytes

Re: Zamrzání PC + HJT log

Napsal: 10 bře 2015 19:55
od Rudy
Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Re: Zamrzání PC + HJT log

Napsal: 10 bře 2015 20:26
od Redkitty
Opět v nouzovém režimu. Problémy začaly včera navečer (předtím žádné problémy)- po obnově systému vše běželo jak má pár hodin, ale po přihlášení ráno byl PC opět nepoužitelný. Nyní funguje jen v nouzovém režimu.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2015
Ran by Klara (administrator) on PC2 on 10-03-2015 20:02:16
Running from C:\Users\Klara\Desktop
Loaded Profiles: Klara (Available profiles: Klara & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ALTAP) C:\Program Files\Salamander\salamand.exe
(forum.viry.cz) C:\Users\Klara\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [997920 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [SDActiveMonitor] => C:\Program Files\Max Spyware Detector\MaxSDTray.exe [1071144 2014-12-03] (Max Secure Software)
HKLM\...\Run: [SDAutoScan] => [X]
HKLM\...\Run: [MaxUSBProc] => C:\Program Files\Max Spyware Detector\MaxUSBProc.exe [450088 2014-12-03] (Max Secure Software)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\MountPoints2: {14066265-4eb4-11e4-a381-74d4351c0d60} - F:\AutoRun.exe
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\MountPoints2: {2252e51d-52df-11e4-a33b-74d4351c0d60} - F:\LG_PC_Programs.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Registrace produktu.lnk
ShortcutTarget: Logitech . Registrace produktu.lnk -> C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 192.168.99.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @qq.com/npchrome -> C:\Program Files\Common Files\Tencent\Npchrome\npchrome.dll [2014-03-11] (Tencent)
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll [2014-03-11] (Tencent)
FF Plugin: @qq.com/TXSSO -> C:\Program Files\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [2013-04-08] (Tencent)
FF Plugin: @t.garena.com/garenatalk -> D:\Users\Klara\Apps\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Users\Klara\Apps\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-163411933-1303605079-18187683-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Klara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
CHR Profile: C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-03]
CHR Extension: (Google Drive) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-03]
CHR Extension: (YouTube) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-03]
CHR Extension: (Google Search) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-03]
CHR Extension: (Google Wallet) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR Extension: (Gmail) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-03]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-09-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-03-11] (Intel Corporation)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-09-25] (Echobit LLC)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [250352 2014-03-11] (Intel Corporation)
S2 MaxMerger; C:\Program Files\Max Spyware Detector\MaxMerger.exe [307752 2014-12-03] (Max Secure Software)
S2 MaxWatchDogService; C:\Program Files\Max Spyware Detector\MaxWatchDogService.exe [660520 2014-12-03] (Max Secure Software)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
S2 PanService; C:\Program Files\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-06-23] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-02-08] (DT Soft Ltd)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [18584 2013-12-21] (Echobit, LLC)
S3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [205552 2012-11-02] (Fresco Logic)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [61168 2012-11-02] (Fresco Logic)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-10-12] (Windows (R) Win 7 DDK provider)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [23424 2009-12-15] (Huawei Tech. Co., Ltd.)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-08-15] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [362480 2013-08-15] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [798704 2013-08-15] (Intel Corporation)
R0 MaxMgr; C:\Windows\System32\drivers\MaxMgr.sys [75816 2014-12-03] (Max Secure Software)
S1 MaxProtector32; C:\Windows\System32\drivers\MaxProtector32.sys [86056 2014-12-03] (Max Secure Software)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2015-03-10] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-10] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-11] (Intel Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
S0 SDActMon; C:\Windows\System32\drivers\SDActMon.sys [127016 2014-12-03] (Max Secure Software)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [69024 2012-10-12] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-10-12] (Wacom Technology)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [198656 2009-12-15] (Huawei Technologies Co., Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 20:02 - 2015-03-10 20:02 - 00013080 _____ () C:\Users\Klara\Desktop\FRST.txt
2015-03-10 20:02 - 2015-03-10 20:02 - 00000000 ____D () C:\FRST
2015-03-10 19:59 - 2015-03-10 19:59 - 01134592 _____ (Farbar) C:\Users\Klara\Desktop\FRST.exe
2015-03-10 19:59 - 2015-03-10 19:59 - 00112640 _____ (forum.viry.cz) C:\Users\Klara\Desktop\FRSTLauncher.exe
2015-03-10 19:51 - 2015-03-10 19:51 - 00000000 _____ () C:\Users\Klara\AppData\Local\{5EC253FF-98FD-4F11-B1E3-2F08439D05E5}
2015-03-10 19:14 - 2015-03-10 19:17 - 00000000 ____D () C:\Users\Klara\Desktop\backups
2015-03-10 19:12 - 2015-03-10 19:17 - 00006673 _____ () C:\Users\Klara\Desktop\hijackthis.log
2015-03-10 19:11 - 2015-03-10 19:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Klara\Desktop\hijackthis.exe
2015-03-10 17:59 - 2015-03-10 18:08 - 00000000 ____D () C:\Program Files\Max Spyware Detector
2015-03-10 17:59 - 2015-03-10 17:59 - 00001900 _____ () C:\Users\Public\Desktop\Max Spyware Detector.lnk
2015-03-10 17:59 - 2015-03-10 17:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Spyware Detector
2015-03-10 17:59 - 2014-12-03 17:59 - 00127016 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon.sys
2015-03-10 17:59 - 2014-12-03 17:59 - 00086056 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector32.sys
2015-03-10 17:59 - 2014-12-03 17:59 - 00078376 _____ (Max Secure Software) C:\Windows\system32\Drivers\SDActMon2K.sys
2015-03-10 17:59 - 2014-12-03 17:59 - 00077864 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProtector64.sys
2015-03-10 17:59 - 2014-12-03 17:59 - 00075816 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxMgr.sys
2015-03-10 17:59 - 2014-12-03 17:59 - 00068648 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxProc64.sys
2015-03-10 17:59 - 2014-12-03 17:59 - 00023080 _____ (Max Secure Software) C:\Windows\system32\Drivers\MaxTdss.sys
2015-03-10 17:59 - 2014-12-03 17:59 - 00013352 _____ (Max Secure Software) C:\Windows\system32\Drivers\004.sys
2015-03-10 17:59 - 2014-12-02 13:29 - 00117248 _____ () C:\Windows\system32\MaxNative.exe
2015-03-10 17:59 - 2009-06-10 22:39 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.backup
2015-03-10 17:58 - 2015-03-10 17:59 - 00000000 ____D () C:\ProgramData\Max Secure
2015-03-10 17:58 - 2015-03-10 17:58 - 265044424 _____ (Max Secure Software ) C:\Users\Klara\Desktop\MaxSpywaredetectorR.exe
2015-03-10 17:45 - 2015-03-10 17:45 - 00000000 ____D () C:\Users\Klara\AppData\Local\Max Secure Software
2015-03-10 17:44 - 2015-03-10 17:45 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\GetRightToGo
2015-03-10 17:44 - 2015-03-10 17:44 - 00368256 _____ (RegNow.com) C:\Users\Klara\Desktop\Download_MaxSDRDM.exe
2015-03-10 17:43 - 2015-03-10 17:43 - 00000000 __RSH () C:\MSDOS.SYS
2015-03-10 17:43 - 2015-03-10 17:43 - 00000000 __RSH () C:\IO.SYS
2015-03-10 17:39 - 2015-03-10 17:39 - 00141136 _____ () C:\Windows\Minidump\031015-19172-01.dmp
2015-03-10 17:37 - 2015-03-10 17:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Klara\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-03-10 08:57 - 2015-03-10 19:08 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-10 08:57 - 2015-03-10 18:20 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-10 08:57 - 2015-03-10 08:57 - 00001022 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-10 08:57 - 2015-03-10 08:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-10 08:57 - 2015-03-10 08:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-10 08:57 - 2015-03-10 08:57 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-10 08:57 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-10 08:57 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-10 08:56 - 2015-03-10 08:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Klara\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-06 22:05 - 2015-03-06 22:54 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\TS3Client
2015-02-28 15:32 - 2015-02-28 15:32 - 00008644 _____ () C:\Users\Klara\Desktop\Epic.xlsx
2015-02-27 22:55 - 2015-03-01 18:44 - 00010946 _____ () C:\Users\Klara\Desktop\Rare.xlsx
2015-02-27 20:56 - 2015-02-27 20:56 - 00000785 _____ () C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
2015-02-27 20:56 - 2015-02-27 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
2015-02-27 20:54 - 2015-02-27 20:55 - 04691200 _____ (Wargaming.net ) C:\Users\Klara\Downloads\WoT_internet_install_ct.exe
2015-02-25 21:09 - 2015-03-07 16:24 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\MMFApplications
2015-02-25 21:07 - 2015-02-25 21:07 - 00000938 _____ () C:\Users\Klara\Desktop\Five Nights at Freddy's.lnk
2015-02-25 21:07 - 2015-02-25 21:07 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Five Nights at Freddy's
2015-02-22 14:14 - 2015-02-22 14:14 - 23137948 _____ () C:\Users\Klara\Downloads\Stealthic Heaventide (Hair).package
2015-02-20 19:07 - 2015-02-20 19:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-02-20 18:41 - 2015-02-20 18:41 - 00050490 _____ () C:\Users\Klara\Downloads\Annabelle(0000248062).srt
2015-02-19 21:03 - 2015-02-19 21:03 - 00086016 _____ () C:\Users\Klara\Downloads\Seznam literatury 2014-2015a.xls
2015-02-18 20:51 - 2015-02-18 20:51 - 00008074 _____ () C:\Users\Klara\Desktop\Blabla.odt
2015-02-18 16:45 - 2015-02-27 22:02 - 00014146 _____ () C:\Users\Klara\Desktop\Rare perfects collection.odt
2015-02-16 14:19 - 2015-03-08 16:26 - 00000000 ____D () C:\Users\Klara\Desktop\Nová složka
2015-02-12 16:44 - 2015-02-12 16:44 - 01586333 _____ () C:\Users\Klara\Downloads\20150212_1550_france-F68_AMX_Chasseur_de_char_46_39_crimea.wotreplay
2015-02-12 16:43 - 2015-02-12 16:43 - 01068669 _____ () C:\Users\Klara\Downloads\20150212_1621_germany-Hetzer_43_north_america.wotreplay
2015-02-12 16:43 - 2015-02-12 16:43 - 01031206 _____ () C:\Users\Klara\Downloads\20150202_1522_ussr-IS_08_ruinberg.wotreplay
2015-02-12 16:43 - 2015-02-12 16:43 - 00870045 _____ () C:\Users\Klara\Downloads\20150208_1758_germany-G_Panther_10_hills.wotreplay
2015-02-12 16:37 - 2015-02-12 16:37 - 00848765 _____ () C:\Users\Klara\Downloads\14237540519759_germany_Wespe_prohorovka.wotreplay
2015-02-12 16:34 - 2015-02-12 16:34 - 00000000 ____D () C:\Users\Klara\Downloads\Záloha 9.6
2015-02-12 16:33 - 2015-02-12 16:33 - 00071550 _____ () C:\Users\Klara\Downloads\Shtys [Blogtanker.ru] (1).zip
2015-02-12 16:29 - 2015-02-12 16:29 - 00943500 _____ () C:\Users\Klara\Downloads\Ingame_Clock_int_96.zip
2015-02-12 16:17 - 2015-02-12 16:17 - 00202173 _____ () C:\Users\Klara\Downloads\clock_datetime_94.zip
2015-02-12 16:14 - 2015-02-12 16:14 - 01671552 _____ () C:\Users\Klara\Downloads\[0.9.6.1]-YasenKrasen-statistiky-V1-[CZ].rar
2015-02-12 16:12 - 2015-02-12 16:12 - 00066409 _____ () C:\Users\Klara\Downloads\battle_assistant_0.9.6_1.2.5.zip
2015-02-12 16:11 - 2015-02-12 16:14 - 39313052 _____ (Aslain ) C:\Users\Klara\Downloads\Aslains_XVM_Mod_Installer_v.4.2.2_96.exe
2015-02-08 15:13 - 2015-02-08 15:13 - 00009930 _____ () C:\Users\Klara\Desktop\Invaders.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 20:00 - 2012-01-15 11:16 - 00006492 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 19:55 - 2012-01-16 17:53 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 19:55 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-10 19:55 - 2009-07-14 05:39 - 00205031 _____ () C:\Windows\setupact.log
2015-03-10 19:49 - 2012-01-16 17:53 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 19:21 - 2012-01-15 11:06 - 01700666 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 18:09 - 2009-07-14 05:33 - 00473128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 18:08 - 2013-06-03 09:00 - 00120880 _____ () C:\Users\Klara\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-10 17:39 - 2012-01-16 00:03 - 289396561 _____ () C:\Windows\MEMORY.DMP
2015-03-10 17:39 - 2012-01-16 00:03 - 00000000 ____D () C:\Windows\Minidump
2015-03-10 09:03 - 2014-03-29 22:02 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-10 09:03 - 2012-01-15 11:08 - 00049224 _____ () C:\Windows\PFRO.log
2015-03-09 23:17 - 2015-01-29 20:34 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 23:11 - 2014-09-01 16:06 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005UA.job
2015-03-09 23:01 - 2013-06-03 10:04 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\Skype
2015-03-09 18:05 - 2009-07-14 05:34 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 18:05 - 2009-07-14 05:34 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 17:59 - 2013-06-03 09:00 - 00000000 ____D () C:\Users\Klara
2015-03-09 17:58 - 2013-06-03 09:12 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\IrfanView
2015-03-09 17:58 - 2012-01-20 07:53 - 00000000 ____D () C:\Users\Administrator
2015-03-09 17:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-09 17:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-08 13:19 - 2014-10-26 13:49 - 00010547 _____ () C:\Users\Klara\Desktop\DC- Boosts.xlsx
2015-03-03 14:16 - 2012-01-15 11:43 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 19:56 - 2013-08-04 14:32 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\uTorrent
2015-03-02 17:11 - 2014-09-01 16:06 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005Core.job
2015-03-02 16:08 - 2014-05-18 20:54 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\vlc
2015-02-28 00:03 - 2015-01-30 08:52 - 00000000 ____D () C:\Users\Klara\Desktop\Himiko
2015-02-27 20:56 - 2013-08-23 20:52 - 00000000 ____D () C:\Windows\system32\directx
2015-02-20 16:14 - 2014-06-12 16:54 - 00000000 ____D () C:\Users\Klara\.gimp-2.8
2015-02-18 18:56 - 2015-01-05 10:30 - 00000000 ____D () C:\Users\Klara\Desktop\Selling

==================== Files in the root of some directories =======

2013-06-03 09:03 - 2014-06-26 22:18 - 0000600 _____ () C:\Users\Klara\AppData\Roaming\winscp.rnd
2013-09-21 22:12 - 2015-02-07 14:26 - 0007168 _____ () C:\Users\Klara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-22 19:36 - 2014-06-22 19:36 - 0002787 _____ () C:\Users\Klara\AppData\Local\recently-used.xbel
2013-09-08 21:53 - 2014-10-20 20:35 - 0007595 _____ () C:\Users\Klara\AppData\Local\Resmon.ResmonCfg
2015-03-10 19:51 - 2015-03-10 19:51 - 0000000 _____ () C:\Users\Klara\AppData\Local\{5EC253FF-98FD-4F11-B1E3-2F08439D05E5}

Some content of TEMP:
====================
C:\Users\Klara\AppData\Local\Temp\DataCard_Setup.exe
C:\Users\Klara\AppData\Local\Temp\KMP_3.9.1.131.exe
C:\Users\Klara\AppData\Local\Temp\ose00000.exe
C:\Users\Klara\AppData\Local\Temp\ResetDevice.exe
C:\Users\Klara\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Klara\AppData\Local\Temp\utils.dll
C:\Users\Klara\AppData\Local\Temp\_is1229.exe
C:\Users\Klara\AppData\Local\Temp\_is17B5.exe
C:\Users\Klara\AppData\Local\Temp\_is9A4C.exe
C:\Users\Klara\AppData\Local\Temp\_isC909.exe
C:\Users\Klara\AppData\Local\Temp\_isCB6A.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-08 12:40




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (SYSTEM) (Fixed) (Total:151.35 GB) (Free:106.89 GB) NTFS
Drive d: (DATA) (Fixed) (Total:780.07 GB) (Free:222.76 GB) NTFS
Drive n: () (Network) (Total:1832.31 GB) (Free:391.88 GB)

Available physical RAM: 2736.94 MB
Total physical RAM: 3286.06 MB
Percentage of memory in use: 16%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCCAC35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=780.1 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005Core.job => C:\Users\Klara\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005UA.job => C:\Users\Klara\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Klara\Desktop" je 1198 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Zamrzání PC + HJT log

Napsal: 10 bře 2015 21:55
od Rudy
Spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Nelze le vyloučit systémový problém. Nemusí jít pouze o malware.

Re: Zamrzání PC + HJT log

Napsal: 11 bře 2015 16:36
od Redkitty
Problém bohužel stále přetrvává. Profil v normálním režimu se buď "zasekne" po pár sekundách, nebo se vůbec nenačte plocha (černá obrazovka)

1. log (scan)

# AdwCleaner v4.112 - Logfile created 10/03/2015 at 21:58:02
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Klara - PC2
# Running from : C:\Users\Klara\Desktop\adwcleaner_4.112.exe
# Option : Scan

***** [ Services ] *****

Service Found : PanService

***** [ Files / Folders ] *****

File Found : C:\Users\Klara\AppData\Local\Temp\Utils.dll
File Found : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Found : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Found : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Found : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Found : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.olark.com_0.localstorage
File Found : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Folder Found : C:\Program Files\PANDORA.TV
Folder Found : C:\Users\Klara\AppData\Local\Max Secure Software
Folder Found : C:\Users\Klara\AppData\Roaming\DriverFinder

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\63bc4abca137710340f9e323d204fe08
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Found : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.16866


-\\ Google Chrome v40.0.2214.115


-\\ Opera v0.0.0.0

*************************

AdwCleaner[R0].txt - [2422 bytes] - [10/03/2015 21:58:02]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2481 bytes] ##########

2. log (cleaning)

# AdwCleaner v4.112 - Logfile created 10/03/2015 at 21:59:03
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : Klara - PC2
# Running from : C:\Users\Klara\Desktop\adwcleaner_4.112.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : PanService

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\PANDORA.TV
Folder Deleted : C:\Users\Klara\AppData\Local\Max Secure Software
Folder Deleted : C:\Users\Klara\AppData\Roaming\DriverFinder
File Deleted : C:\Users\Klara\AppData\Local\Temp\Utils.dll
File Deleted : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Deleted : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
File Deleted : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
File Deleted : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxps_static.olark.com_0.localstorage

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Key Deleted : HKCU\Software\63bc4abca137710340f9e323d204fe08
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Conduit

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.16866


-\\ Google Chrome v40.0.2214.115


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R0].txt - [2560 bytes] - [10/03/2015 21:58:02]
AdwCleaner[S0].txt - [2535 bytes] - [10/03/2015 21:59:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2594 bytes] ##########

Re: Zamrzání PC + HJT log

Napsal: 11 bře 2015 19:14
od Rudy
Dejte nový log FRST.

Re: Zamrzání PC + HJT log

Napsal: 11 bře 2015 19:28
od Redkitty
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Klara (administrator) on PC2 on 11-03-2015 19:22:16
Running from C:\Users\Klara\Desktop
Loaded Profiles: Klara (Available profiles: Klara & Administrator)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 10 (Default browser: Opera)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ALTAP) C:\Program Files\Salamander\salamand.exe
(forum.viry.cz) C:\Users\Klara\Desktop\FRST-OlderVersion\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM\...\Run: [USB3MON] => C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-15] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12017368 2013-10-24] (Realtek Semiconductor)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S1].txt [952 2015-03-11] ()
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\MountPoints2: {14066265-4eb4-11e4-a381-74d4351c0d60} - F:\AutoRun.exe
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\MountPoints2: {2252e51d-52df-11e4-a33b-74d4351c0d60} - F:\LG_PC_Programs.exe
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2014-03-12] (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 192.168.99.1

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll [2013-06-26] (Adobe Systems, Inc.)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-01-23] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @qq.com/npchrome -> C:\Program Files\Common Files\Tencent\Npchrome\npchrome.dll [2014-03-11] (Tencent)
FF Plugin: @qq.com/npqscall -> C:\Program Files\Common Files\Tencent\NPQSCALL\npqscall.dll [2014-03-11] (Tencent)
FF Plugin: @t.garena.com/garenatalk -> D:\Users\Klara\Apps\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> D:\Users\Klara\Apps\VLC\npvlc.dll [2014-02-05] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-163411933-1303605079-18187683-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Klara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2014-01-23] (Microsoft Corporation)

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (WacomTabletPlugin) - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
CHR Profile: C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-03]
CHR Extension: (Google Drive) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-03]
CHR Extension: (YouTube) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-03]
CHR Extension: (Google Search) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-03]
CHR Extension: (Google Wallet) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR Extension: (Gmail) - C:\Users\Klara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-03]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\Klara\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-09-13]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [406288 2014-06-23] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-06-23] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [774928 2014-06-23] (BlueStack Systems, Inc.)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2014-03-11] (Intel Corporation)
S3 EvoSvc; C:\Program Files\Echobit\Evolve\EvoSvc.exe [1579936 2014-09-25] (Echobit LLC)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [250352 2014-03-11] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [11736 2011-04-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [208944 2011-04-27] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26032 2014-04-09] (Wondershare)
S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-06-23] (BlueStack Systems)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-02-08] (DT Soft Ltd)
R3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [18584 2013-12-21] (Echobit, LLC)
S3 FLxHCIc; C:\Windows\System32\DRIVERS\FLxHCIc.sys [205552 2012-11-02] (Fresco Logic)
S3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [61168 2012-11-02] (Fresco Logic)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-10-12] (Windows (R) Win 7 DDK provider)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [23424 2009-12-15] (Huawei Tech. Co., Ltd.)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-08-15] (Intel Corporation)
R3 iusb3hub; C:\Windows\System32\DRIVERS\iusb3hub.sys [362480 2013-08-15] (Intel Corporation)
R3 iusb3xhc; C:\Windows\System32\DRIVERS\iusb3xhc.sys [798704 2013-08-15] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [56432 2013-01-11] (Intel Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [165648 2011-04-18] (Microsoft Corporation)
S3 MpNWMon; C:\Windows\System32\DRIVERS\MpNWMon.sys [43392 2011-04-18] (Microsoft Corporation)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [69024 2012-10-12] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-10-12] (Wacom Technology)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [198656 2009-12-15] (Huawei Technologies Co., Ltd.)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 19:22 - 2015-03-11 19:22 - 00000000 ____D () C:\Users\Klara\Desktop\FRST-OlderVersion
2015-03-11 16:27 - 2015-03-11 16:27 - 00000000 _____ () C:\Users\Klara\AppData\Local\{7FF4ABDE-7941-4CC2-BC32-196997559A74}
2015-03-11 11:55 - 2015-03-11 16:44 - 00003208 _____ () C:\Windows\WindowsUpdate.log
2015-03-11 11:42 - 2015-03-11 16:26 - 00000168 _____ () C:\Windows\setupact.log
2015-03-11 11:42 - 2015-03-11 11:42 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-11 11:39 - 2015-03-11 11:39 - 00470280 _____ () C:\Users\Klara\Documents\cc_20150311_113900.reg
2015-03-11 11:39 - 2015-03-11 11:39 - 00034852 _____ () C:\Users\Klara\Documents\cc_20150311_113928.reg
2015-03-11 11:39 - 2015-03-11 11:39 - 00003646 _____ () C:\Users\Klara\Documents\cc_20150311_113945.reg
2015-03-11 11:39 - 2015-03-11 11:39 - 00000460 _____ () C:\Users\Klara\Documents\cc_20150311_113956.reg
2015-03-11 11:38 - 2015-03-11 11:38 - 00000927 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-03-11 11:38 - 2015-03-11 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-11 11:38 - 2015-03-11 11:38 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-11 11:06 - 2015-03-11 11:06 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-11 11:06 - 2015-03-11 11:06 - 00000000 _____ () C:\Users\Klara\AppData\Local\{FC3CD613-5D49-46B6-A095-E09EB3C0C424}
2015-03-11 10:43 - 2015-03-11 10:43 - 00806400 _____ () C:\Users\Klara\Desktop\MicrosoftFixit50692.msi
2015-03-11 10:42 - 2015-03-11 10:42 - 00159288 _____ () C:\Users\Klara\Documents\11.3.2015.reg
2015-03-11 10:19 - 2015-03-11 10:19 - 00330056 _____ () C:\Users\Klara\Desktop\417036_intl_i386_zip.exe
2015-03-11 10:19 - 2010-07-03 03:08 - 00201089 _____ () C:\Windows6.1-KB2265716-x86.msu
2015-03-10 23:12 - 2015-03-10 23:12 - 00347816 _____ (Microsoft Corporation) C:\Users\Klara\Desktop\MicrosoftFixit.Performance.RNP.134945584981641.6.1.Run.exe
2015-03-10 23:11 - 2015-03-10 23:11 - 00347816 _____ (Microsoft Corporation) C:\Users\Klara\Desktop\MicrosoftFixit.WinFileFolder.RNP.134945584981641.4.1.Run.exe
2015-03-10 23:10 - 2015-03-10 23:10 - 00347816 _____ (Microsoft Corporation) C:\Users\Klara\Desktop\MicrosoftFixit.WinSecurity.RNP.134945584981641.2.1.Run.exe
2015-03-10 23:08 - 2015-03-10 23:08 - 00347816 _____ (Microsoft Corporation) C:\Users\Klara\Desktop\MicrosoftFixit.malware.Run.exe
2015-03-10 22:57 - 2015-03-10 22:57 - 00006896 ____N () C:\bootsqm.dat
2015-03-10 22:47 - 2015-03-10 22:47 - 00000000 _____ () C:\Users\Klara\AppData\Local\{6BFFD6DD-5666-49C1-949C-D5052F507DF2}
2015-03-10 22:19 - 2015-03-10 22:19 - 00000000 _____ () C:\Users\Klara\AppData\Local\{5489F2B8-BDB8-418F-A3AC-1FFAE0274D13}
2015-03-10 21:57 - 2015-03-11 16:03 - 00000000 ____D () C:\AdwCleaner
2015-03-10 21:57 - 2015-03-10 21:57 - 02171392 _____ () C:\Users\Klara\Desktop\adwcleaner_4.112.exe
2015-03-10 20:25 - 2015-03-10 20:25 - 00008920 _____ () C:\Users\Klara\Desktop\Addition.zip
2015-03-10 20:02 - 2015-03-11 19:22 - 00011713 _____ () C:\Users\Klara\Desktop\FRST.txt
2015-03-10 20:02 - 2015-03-11 19:22 - 00000000 ____D () C:\FRST
2015-03-10 19:59 - 2015-03-11 19:22 - 01135104 _____ (Farbar) C:\Users\Klara\Desktop\FRST.exe
2015-03-10 19:51 - 2015-03-10 19:51 - 00000000 _____ () C:\Users\Klara\AppData\Local\{5EC253FF-98FD-4F11-B1E3-2F08439D05E5}
2015-03-10 19:14 - 2015-03-11 11:19 - 00000000 ____D () C:\Users\Klara\Desktop\backups
2015-03-10 19:12 - 2015-03-10 19:17 - 00006673 _____ () C:\Users\Klara\Desktop\hijackthis.log
2015-03-10 19:11 - 2015-03-10 19:11 - 00388608 _____ (Trend Micro Inc.) C:\Users\Klara\Desktop\hijackthis.exe
2015-03-10 17:58 - 2015-03-10 17:59 - 00000000 ____D () C:\ProgramData\Max Secure
2015-03-10 17:58 - 2015-03-10 17:58 - 265044424 _____ (Max Secure Software ) C:\Users\Klara\Desktop\MaxSpywaredetectorR.exe
2015-03-10 17:44 - 2015-03-10 17:45 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\GetRightToGo
2015-03-10 17:44 - 2015-03-10 17:44 - 00368256 _____ (RegNow.com) C:\Users\Klara\Desktop\Download_MaxSDRDM.exe
2015-03-10 17:43 - 2015-03-10 17:43 - 00000000 __RSH () C:\MSDOS.SYS
2015-03-10 17:43 - 2015-03-10 17:43 - 00000000 __RSH () C:\IO.SYS
2015-03-10 17:37 - 2015-03-10 17:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Klara\Downloads\mbam-setup-2.0.4.1028 (1).exe
2015-03-10 08:57 - 2015-03-10 08:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-10 08:56 - 2015-03-10 08:56 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Klara\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-06 22:05 - 2015-03-06 22:54 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\TS3Client
2015-02-28 15:32 - 2015-02-28 15:32 - 00008644 _____ () C:\Users\Klara\Desktop\Epic.xlsx
2015-02-27 22:55 - 2015-03-01 18:44 - 00010946 _____ () C:\Users\Klara\Desktop\Rare.xlsx
2015-02-27 20:56 - 2015-02-27 20:56 - 00000785 _____ () C:\Users\Public\Desktop\World of Tanks - Common Test.lnk
2015-02-27 20:56 - 2015-02-27 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Tanks - Common Test
2015-02-27 20:54 - 2015-02-27 20:55 - 04691200 _____ (Wargaming.net ) C:\Users\Klara\Downloads\WoT_internet_install_ct.exe
2015-02-25 21:09 - 2015-03-07 16:24 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\MMFApplications
2015-02-25 21:07 - 2015-02-25 21:07 - 00000938 _____ () C:\Users\Klara\Desktop\Five Nights at Freddy's.lnk
2015-02-25 21:07 - 2015-02-25 21:07 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Five Nights at Freddy's
2015-02-22 14:14 - 2015-02-22 14:14 - 23137948 _____ () C:\Users\Klara\Downloads\Stealthic Heaventide (Hair).package
2015-02-20 19:07 - 2015-02-20 19:07 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-02-20 18:41 - 2015-02-20 18:41 - 00050490 _____ () C:\Users\Klara\Downloads\Annabelle(0000248062).srt
2015-02-19 21:03 - 2015-02-19 21:03 - 00086016 _____ () C:\Users\Klara\Downloads\Seznam literatury 2014-2015a.xls
2015-02-18 20:51 - 2015-02-18 20:51 - 00008074 _____ () C:\Users\Klara\Desktop\Blabla.odt
2015-02-18 16:45 - 2015-02-27 22:02 - 00014146 _____ () C:\Users\Klara\Desktop\Rare perfects collection.odt
2015-02-16 14:19 - 2015-03-08 16:26 - 00000000 ____D () C:\Users\Klara\Desktop\Nová složka
2015-02-12 16:44 - 2015-02-12 16:44 - 01586333 _____ () C:\Users\Klara\Downloads\20150212_1550_france-F68_AMX_Chasseur_de_char_46_39_crimea.wotreplay
2015-02-12 16:43 - 2015-02-12 16:43 - 01068669 _____ () C:\Users\Klara\Downloads\20150212_1621_germany-Hetzer_43_north_america.wotreplay
2015-02-12 16:43 - 2015-02-12 16:43 - 01031206 _____ () C:\Users\Klara\Downloads\20150202_1522_ussr-IS_08_ruinberg.wotreplay
2015-02-12 16:43 - 2015-02-12 16:43 - 00870045 _____ () C:\Users\Klara\Downloads\20150208_1758_germany-G_Panther_10_hills.wotreplay
2015-02-12 16:37 - 2015-02-12 16:37 - 00848765 _____ () C:\Users\Klara\Downloads\14237540519759_germany_Wespe_prohorovka.wotreplay
2015-02-12 16:34 - 2015-02-12 16:34 - 00000000 ____D () C:\Users\Klara\Downloads\Záloha 9.6
2015-02-12 16:33 - 2015-02-12 16:33 - 00071550 _____ () C:\Users\Klara\Downloads\Shtys [Blogtanker.ru] (1).zip
2015-02-12 16:29 - 2015-02-12 16:29 - 00943500 _____ () C:\Users\Klara\Downloads\Ingame_Clock_int_96.zip
2015-02-12 16:17 - 2015-02-12 16:17 - 00202173 _____ () C:\Users\Klara\Downloads\clock_datetime_94.zip
2015-02-12 16:14 - 2015-02-12 16:14 - 01671552 _____ () C:\Users\Klara\Downloads\[0.9.6.1]-YasenKrasen-statistiky-V1-[CZ].rar
2015-02-12 16:12 - 2015-02-12 16:12 - 00066409 _____ () C:\Users\Klara\Downloads\battle_assistant_0.9.6_1.2.5.zip
2015-02-12 16:11 - 2015-02-12 16:14 - 39313052 _____ (Aslain ) C:\Users\Klara\Downloads\Aslains_XVM_Mod_Installer_v.4.2.2_96.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 19:21 - 2013-06-03 10:04 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\Skype
2015-03-11 16:34 - 2012-01-15 11:16 - 00006492 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 16:27 - 2012-01-16 17:53 - 00000936 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-11 16:26 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-11 11:41 - 2013-09-07 21:39 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\DAEMON Tools Lite
2015-03-11 11:41 - 2013-08-04 14:32 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\uTorrent
2015-03-11 11:41 - 2012-01-16 00:03 - 00000000 ____D () C:\Windows\Minidump
2015-03-11 11:41 - 2012-01-15 11:03 - 00000000 ____D () C:\Windows\Panther
2015-03-11 11:27 - 2013-09-08 21:53 - 00007595 _____ () C:\Users\Klara\AppData\Local\Resmon.ResmonCfg
2015-03-11 10:41 - 2012-01-16 18:09 - 00002243 _____ () C:\Windows\epplauncher.mif
2015-03-11 10:23 - 2012-01-20 07:53 - 00008224 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-11 10:20 - 2015-01-05 10:30 - 00000000 ____D () C:\Users\Klara\Desktop\Selling
2015-03-10 19:55 - 2012-01-16 17:53 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 18:09 - 2009-07-14 05:33 - 00473128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-10 18:08 - 2013-06-03 09:00 - 00120880 _____ () C:\Users\Klara\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-10 09:03 - 2014-03-29 22:02 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-09 23:17 - 2015-01-29 20:34 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-09 23:11 - 2014-09-01 16:06 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005UA.job
2015-03-09 18:05 - 2009-07-14 05:34 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 18:05 - 2009-07-14 05:34 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 17:59 - 2013-06-03 09:00 - 00000000 ____D () C:\Users\Klara
2015-03-09 17:58 - 2013-06-03 09:12 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\IrfanView
2015-03-09 17:58 - 2012-01-20 07:53 - 00000000 ____D () C:\Users\Administrator
2015-03-09 17:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-03-09 17:58 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\registration
2015-03-08 13:19 - 2014-10-26 13:49 - 00010547 _____ () C:\Users\Klara\Desktop\DC- Boosts.xlsx
2015-03-03 14:16 - 2012-01-15 11:43 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-02 17:11 - 2014-09-01 16:06 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005Core.job
2015-03-02 16:08 - 2014-05-18 20:54 - 00000000 ____D () C:\Users\Klara\AppData\Roaming\vlc
2015-02-28 00:03 - 2015-01-30 08:52 - 00000000 ____D () C:\Users\Klara\Desktop\Himiko
2015-02-27 20:56 - 2013-08-23 20:52 - 00000000 ____D () C:\Windows\system32\directx
2015-02-20 16:14 - 2014-06-12 16:54 - 00000000 ____D () C:\Users\Klara\.gimp-2.8

==================== Files in the root of some directories =======

2013-06-03 09:03 - 2014-06-26 22:18 - 0000600 _____ () C:\Users\Klara\AppData\Roaming\winscp.rnd
2013-09-21 22:12 - 2015-02-07 14:26 - 0007168 _____ () C:\Users\Klara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-22 19:36 - 2014-06-22 19:36 - 0002787 _____ () C:\Users\Klara\AppData\Local\recently-used.xbel
2013-09-08 21:53 - 2015-03-11 11:27 - 0007595 _____ () C:\Users\Klara\AppData\Local\Resmon.ResmonCfg
2015-03-10 22:19 - 2015-03-10 22:19 - 0000000 _____ () C:\Users\Klara\AppData\Local\{5489F2B8-BDB8-418F-A3AC-1FFAE0274D13}
2015-03-10 19:51 - 2015-03-10 19:51 - 0000000 _____ () C:\Users\Klara\AppData\Local\{5EC253FF-98FD-4F11-B1E3-2F08439D05E5}
2015-03-10 22:47 - 2015-03-10 22:47 - 0000000 _____ () C:\Users\Klara\AppData\Local\{6BFFD6DD-5666-49C1-949C-D5052F507DF2}
2015-03-11 16:27 - 2015-03-11 16:27 - 0000000 _____ () C:\Users\Klara\AppData\Local\{7FF4ABDE-7941-4CC2-BC32-196997559A74}
2015-03-11 11:06 - 2015-03-11 11:06 - 0000000 _____ () C:\Users\Klara\AppData\Local\{FC3CD613-5D49-46B6-A095-E09EB3C0C424}

Some content of TEMP:
====================
C:\Users\Klara\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-08 12:40




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: (SYSTEM) (Fixed) (Total:151.35 GB) (Free:108.83 GB) NTFS
Drive d: (DATA) (Fixed) (Total:780.07 GB) (Free:222.76 GB) NTFS
Drive n: () (Network) (Total:1832.31 GB) (Free:391.9 GB)

Available physical RAM: 2722.42 MB
Total physical RAM: 3286.06 MB
Percentage of memory in use: 17%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BBCCAC35)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=151.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=780.1 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005Core.job => C:\Users\Klara\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005UA.job => C:\Users\Klara\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Klara\Desktop" je 1209 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Zamrzání PC + HJT log

Napsal: 11 bře 2015 19:46
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\MountPoints2: {14066265-4eb4-11e4-a381-74d4351c0d60} - F:\AutoRun.exe
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\MountPoints2: {2252e51d-52df-11e4-a33b-74d4351c0d60} - F:\LG_PC_Programs.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin HKU\S-1-5-21-163411933-1303605079-18187683-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Klara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005Core.job
C:\Users\Klara\AppData\Local\{5489F2B8-BDB8-418F-A3AC-1FFAE0274D13}
C:\Users\Klara\AppData\Local\{5EC253FF-98FD-4F11-B1E3-2F08439D05E5}
C:\Users\Klara\AppData\Local\{6BFFD6DD-5666-49C1-949C-D5052F507DF2}
C:\Users\Klara\AppData\Local\{7FF4ABDE-7941-4CC2-BC32-196997559A74}
C:\Users\Klara\AppData\Local\{FC3CD613-5D49-46B6-A095-E09EB3C0C424}
C:\Users\Klara\AppData\Local\Temp
End
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Na ploše máte více než 1GB dat. To je mnoho, systém pak pomaleji startuje. Uložte je do jiného adresáře a na plochu si pro snazší přístup dejte zástupce.

Re: Zamrzání PC + HJT log

Napsal: 11 bře 2015 20:06
od Redkitty
Plocha vyčištěna.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Klara at 2015-03-11 19:58:01 Run:1
Running from C:\Users\Klara\Desktop
Loaded Profiles: Klara (Available profiles: Klara & Administrator)
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\MountPoints2: {14066265-4eb4-11e4-a381-74d4351c0d60} - F:\AutoRun.exe
HKU\S-1-5-21-163411933-1303605079-18187683-1005\...\MountPoints2: {2252e51d-52df-11e4-a33b-74d4351c0d60} - F:\LG_PC_Programs.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin HKU\S-1-5-21-163411933-1303605079-18187683-1005: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Klara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005Core.job
C:\Users\Klara\AppData\Local\{5489F2B8-BDB8-418F-A3AC-1FFAE0274D13}
C:\Users\Klara\AppData\Local\{5EC253FF-98FD-4F11-B1E3-2F08439D05E5}
C:\Users\Klara\AppData\Local\{6BFFD6DD-5666-49C1-949C-D5052F507DF2}
C:\Users\Klara\AppData\Local\{7FF4ABDE-7941-4CC2-BC32-196997559A74}
C:\Users\Klara\AppData\Local\{FC3CD613-5D49-46B6-A095-E09EB3C0C424}
C:\Users\Klara\AppData\Local\Temp
End
*****************

"HKU\S-1-5-21-163411933-1303605079-18187683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14066265-4eb4-11e4-a381-74d4351c0d60}" => Key deleted successfully.
HKCR\CLSID\{14066265-4eb4-11e4-a381-74d4351c0d60} => Key not found.
"HKU\S-1-5-21-163411933-1303605079-18187683-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2252e51d-52df-11e4-a33b-74d4351c0d60}" => Key deleted successfully.
HKCR\CLSID\{2252e51d-52df-11e4-a33b-74d4351c0d60} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-163411933-1303605079-18187683-1005\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => Key deleted successfully.
C:\Users\Klara\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163411933-1303605079-18187683-1005Core.job => Moved successfully.
C:\Users\Klara\AppData\Local\{5489F2B8-BDB8-418F-A3AC-1FFAE0274D13} => Moved successfully.
C:\Users\Klara\AppData\Local\{5EC253FF-98FD-4F11-B1E3-2F08439D05E5} => Moved successfully.
C:\Users\Klara\AppData\Local\{6BFFD6DD-5666-49C1-949C-D5052F507DF2} => Moved successfully.
C:\Users\Klara\AppData\Local\{7FF4ABDE-7941-4CC2-BC32-196997559A74} => Moved successfully.
C:\Users\Klara\AppData\Local\{FC3CD613-5D49-46B6-A095-E09EB3C0C424} => Moved successfully.

"C:\Users\Klara\AppData\Local\Temp" directory move:

Could not move "C:\Users\Klara\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Safe Mode (with Networking)) (Date&Time: 2015-03-11 19:59:15)<=

C:\Users\Klara\AppData\Local\Temp => Moved successfully.

==== End of Fixlog 19:59:15 ====

Re: Zamrzání PC + HJT log

Napsal: 11 bře 2015 21:16
od Rudy
Smazáno. Nastala nějaká změna?

Re: Zamrzání PC + HJT log

Napsal: 11 bře 2015 21:17
od Redkitty
No, bohužel to samé.. Mám začít shánět CD mechaniku na reinstal?

Re: Zamrzání PC + HJT log

Napsal: 11 bře 2015 21:38
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz