Kontrola Logu

[altrok]

Pokud jeste nemate, presunte ComboFix na plochu.

• Otevrete Poznamkovy blok (Start -> Spustit -> notepad)
• zkopirujte do nej skript nize a ulozte na plochu jako CFScript (Typ souboru: Textovy dokument)

  Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "GrooveMonitor"=-
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Tento CFScript.txt chytte, doslova pretahnete nad ikonu ComboFixu a pustte.
  
• Po restartu na Vas vyskoci log, jehoz obsah mi vlozte do dalsi odpovedi.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou Windows. V tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[ja-pce]

ComboFix 15-01-08.01 - Vera 15.01.2015 22:45:06.2.4 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1250.420.1029.18.2036.1093 [GMT 1:00]
Spuštěný z: c:\users\Vera\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vera\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-12-15 do 2015-01-15 )))))))))))))))))))))))))))))))
.
.
2015-01-15 18:43 . 2015-01-15 19:54 -------- d-----w- C:\FRST
2015-01-15 09:02 . 2015-01-15 09:02 -------- d-----w- c:\program files\CCleaner
2015-01-14 15:23 . 2015-01-14 15:24 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-01-14 13:32 . 2015-01-14 13:32 -------- d-----w- c:\programdata\Malwarebytes
2015-01-14 12:57 . 2009-12-30 09:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2015-01-14 12:49 . 2015-01-14 12:49 -------- d-----w- c:\programdata\MFAData
2015-01-14 12:49 . 2015-01-14 12:49 -------- d--h--w- c:\programdata\Common Files
2015-01-14 12:49 . 2015-01-14 12:49 -------- d-----w- c:\users\Vera\AppData\Local\MFAData
2015-01-14 12:49 . 2015-01-14 12:49 -------- d-----w- c:\users\Vera\AppData\Local\Avg2015
2015-01-12 22:36 . 2015-01-12 22:42 -------- d-----w- c:\users\Vera\AppData\Roaming\FTWeak
2015-01-12 21:22 . 2015-01-12 21:22 -------- d-----w- c:\users\Vera\AppData\Local\Licenses
2015-01-12 21:22 . 2015-01-12 21:35 -------- d-----w- c:\users\Vera\AppData\Roaming\Hiteksquad
2015-01-12 21:22 . 2015-01-12 21:35 -------- d-----w- c:\program files\Ratchet
2015-01-12 20:45 . 2015-01-12 20:46 -------- d-----w- c:\users\Vera\AppData\Roaming\Geek Uninstaller
2015-01-12 20:25 . 2015-01-12 20:25 -------- d-----w- c:\program files\DLLSuite
2015-01-12 19:18 . 2015-01-12 20:11 -------- d-----w- c:\users\Vera\AppData\Local\ElevatedDiagnostics
2015-01-12 18:12 . 2015-01-12 18:12 -------- d-----w- c:\users\Vera\AppData\Local\VS Revo Group
2015-01-12 18:11 . 2015-01-12 18:11 -------- d-----w- c:\programdata\VS Revo Group
2015-01-12 16:09 . 2015-01-12 16:14 -------- d-----w- c:\users\Vera\AppData\Local\Google
2015-01-12 16:09 . 2015-01-12 16:14 -------- d-----w- c:\program files\Google
2015-01-11 01:31 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2CA34E6-F393-40CA-A760-C5289FBA3FA8}\mpengine.dll
2015-01-06 10:27 . 2015-01-08 12:30 -------- d-----w- c:\users\Vera\AppData\Roaming\Foxit Software
2015-01-06 10:26 . 2015-01-06 10:26 -------- d-----w- c:\users\Public\Foxit Software
2015-01-06 10:25 . 2015-01-06 10:25 -------- d-----w- c:\program files\Foxit Software
2015-01-06 08:13 . 2015-01-12 01:16 -------- d-----w- c:\users\Vera\AppData\Local\PDFCreator
2015-01-06 08:10 . 2014-12-16 19:01 98488 ----a-w- c:\windows\system32\pdfcmon.dll
2015-01-06 08:10 . 2015-01-13 08:38 -------- d-----w- c:\program files\PDFCreator
2014-12-18 09:46 . 2014-12-13 03:33 115712 ----a-w- c:\windows\system32\ieUnatt.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-15 11:23 . 2012-07-18 08:26 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-01-15 11:23 . 2012-07-18 08:26 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-01-06 03:36 . 2014-06-06 22:51 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-04 04:38 . 2014-12-11 09:45 337920 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 04:38 . 2014-12-11 09:45 610304 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 04:38 . 2014-12-11 09:45 315392 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 04:38 . 2014-12-11 09:45 728576 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 04:38 . 2014-12-11 09:45 159744 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 04:38 . 2014-12-11 09:45 202752 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 04:34 . 2014-12-11 09:45 873984 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-11 09:45 1160872 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-23 23:20 . 2014-06-06 23:15 787800 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-11-23 23:20 . 2014-06-06 23:15 423784 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-11-23 23:19 . 2014-06-06 23:15 91496 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-11-23 23:19 . 2014-06-06 23:15 206248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-11-23 23:19 . 2014-06-06 23:15 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-11-23 23:19 . 2014-06-06 23:15 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-11-23 23:19 . 2014-06-06 23:15 81768 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-11-23 23:19 . 2014-06-06 23:15 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-11-23 23:19 . 2014-11-23 23:19 291352 ----a-w- c:\windows\system32\aswBoot.exe
2014-11-23 23:19 . 2014-11-23 23:19 43152 ----a-w- c:\windows\avastSS.scr
2014-11-22 02:20 . 2014-12-11 09:43 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 02:20 . 2014-12-11 09:44 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:07 . 2014-12-11 09:44 501248 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:07 . 2014-12-11 09:42 62464 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:06 . 2014-12-11 09:44 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-11 09:44 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 01:55 . 2014-12-11 09:44 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 01:54 . 2014-12-11 09:44 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 01:48 . 2014-12-11 09:44 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 01:40 . 2014-12-11 09:44 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-11 09:43 4299264 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 01:22 . 2014-12-11 09:43 2052096 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:21 . 2014-12-11 09:44 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:00 . 2014-12-11 09:44 1888256 ----a-w- c:\windows\system32\wininet.dll
2014-11-18 13:56 . 2014-11-18 13:56 1202848 ----a-w- c:\windows\system32\FM20.DLL
2014-11-11 02:44 . 2014-12-11 09:45 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-19 09:22 186880 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 02:44 . 2014-11-19 09:22 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 01:32 . 2014-12-11 09:45 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 02:45 . 2014-12-11 09:40 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-30 01:45 . 2014-12-11 09:37 155136 ----a-w- c:\windows\system32\charmap.exe
2014-10-25 01:32 . 2014-11-13 00:45 67584 ----a-w- c:\windows\system32\packager.dll
2014-10-18 01:33 . 2014-11-13 00:46 571904 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-18 01:33 . 2014-12-14 02:32 3209728 ----a-w- c:\windows\system32\mf.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-23 23:19 723976 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-09-20 341360]
"Norton Online Backup"="c:\program files\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 966488]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-06 142144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-06 175936]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-06 168256]
"GfxServiceInstall"="c:\windows\system32\GfxCUIServiceInstall.vbs" [2012-06-27 131]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-01-10 10959464]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2012-02-07 714120]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-10 5227112]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-07-31 536576]
"STO Backup Service"="c:\program files\SmarThru Office\BackUpSvr.exe" [2008-06-11 192512]
"STO Launcher Service"="c:\program files\SmarThru Office\LegacyLauncher.exe" [2008-06-11 331776]
"4x24 Scan2PC"="c:\windows\Twain_32\Samsung\SCX4x24\Scan2pc.exe" [2008-09-28 495616]
.
c:\users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CPP - CalcServer.lnk - c:\cpp\CppKalkulacky\CppCalcServer.exe [2014-6-7 1014272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-06-07 191752]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [2012-06-05 266240]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-11-22 102912]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-11-23 787800]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-11-23 423784]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-07-18 21600]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-07-18 16936]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-07-18 62240]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-11-23 24184]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-11-23 70384]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-11-23 91496]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-05-12 249648]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-07 738688]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-10-28 244448]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2012-02-29 28264]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-07 1755136]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376]
S2 NOBU;Norton Online Backup;c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-12-11 5120]
S3 igddim32;igddim32;c:\windows\system32\DRIVERS\igddim32.sys [2012-06-27 1349120]
S3 igdkmd32;igdkmd32;c:\windows\system32\DRIVERS\igdkmd32.sys [2012-06-27 435200]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-06-09 278528]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 254056]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-01-12 16:13 1087816 ----a-w- c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-01-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 11:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://sus.cpp.cz/
IE: Capture Selection - c:\program files\SmarThru Office\WebCapture.dll2.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Save as HTML - c:\program files\SmarThru Office\WebCapture.dll1.htm
IE: Save Selected Text - c:\program files\SmarThru Office\WebCapture.dll.htm
IE: Web Capture - c:\program files\SmarThru Office\WebCapture.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\9vgaia5l.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
.
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Launch Manager\LMworker.exe
c:\program files\Launch Manager\LMutilps32.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Symantec\Norton Online Backup\NOBuAgent.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2015-01-15 23:21:35 - počítač byl restartován
ComboFix-quarantined-files.txt 2015-01-15 22:21
ComboFix2.txt 2015-01-15 21:06
.
Před spuštěním: Volných bajtů: 87 476 895 744
Po spuštění: Volných bajtů: 87 318 052 864
.
- - End Of File - - 6425239CD7651F2415F8B3C6376BD1CB
A36C5E4F47E84449FF07ED3517B43A31

[ja-pce]

.. jen informativně - zatím bohužel žádná změna... nevím tedy jestli nebude nutná reinstalace :/

[altrok]

Virovy problem to neni a nevim jestli ho zde vyresime... Dejte mi jeste prosim novy log z FRST - staci FRST.txt bez FRSTLauncheru.

Start -> spustit -> eventvwr, vlevo rozkliknete Protokoly systemu Windows, pravej klik na System, vyberte Ulozit vsechny udalosti jako, vysledny soubor zabalte uploadnete na leteckou postu - link sem

[ja-pce]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-01-2015
Ran by Vera (administrator) on VERA-PC on 15-01-2015 23:45:28
Running from C:\Users\Vera\Desktop
Loaded Profiles: Vera (Available profiles: Vera)
Platform: Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Symantec Corporation) C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SuiteTray] => C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM\...\Run: [Norton Online Backup] => C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [966488 2010-06-01] (Symantec Corporation)
HKLM\...\Run: [GfxServiceInstall] => C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2012-06-27] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10959464 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [714120 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM\...\Run: [ControlCenter4] => C:\Program Files\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [536576 2008-07-31] ()
HKLM\...\Run: [STO Backup Service] => C:\Program Files\SmarThru Office\BackUpSvr.exe [192512 2008-06-11] ()
HKLM\...\Run: [STO Launcher Service] => C:\Program Files\SmarThru Office\LegacyLauncher.exe [331776 2008-06-11] ()
HKLM\...\Run: [4x24 Scan2PC] => C:\Windows\Twain_32\Samsung\SCX4x24\Scan2pc.exe [495616 2008-09-29] ()
Startup: C:\Users\Vera\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CPP - CalcServer.lnk
ShortcutTarget: CPP - CalcServer.lnk -> C:\CPP\CppKalkulacky\CppCalcServer.exe (Pražská softwarová s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-428363639-2987571098-4238844215-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-428363639-2987571098-4238844215-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://sus.cpp.cz/
HKU\S-1-5-21-428363639-2987571098-4238844215-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Vera\AppData\Roaming\Mozilla\Firefox\Profiles\9vgaia5l.default
FF Homepage: www.seznam.cz
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKU\S-1-5-21-428363639-2987571098-4238844215-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-07]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-12]
CHR Extension: (Avast Online Security) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-12]
CHR Extension: (Peněženka Google) - C:\Users\Vera\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-12]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-24]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-24] (AVAST Software)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-06-21] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [738688 2012-02-07] (Acer Incorporated)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [28264 2012-02-29] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-02-07] (Acer Incorporated)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-01] (Symantec Corporation)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-24] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-24] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-24] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-24] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2007-12-11] (Samsung Electronics Co., Ltd.) [File not signed]
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2012-07-18] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2012-07-18] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2012-07-18] (Egis Technology Inc.)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Vera\AppData\Local\Temp\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 23:45 - 2015-01-15 23:45 - 00012505 _____ () C:\Users\Vera\Desktop\FRST.txt
2015-01-15 23:43 - 2015-01-15 23:43 - 01402537 _____ () C:\Users\Vera\Desktop\SYSTEM.rar
2015-01-15 23:42 - 2015-01-15 23:42 - 21041152 _____ () C:\Users\Vera\Desktop\SYSTEM.evtx
2015-01-15 23:21 - 2015-01-15 23:21 - 00015996 _____ () C:\ComboFix.txt
2015-01-15 21:38 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-15 21:38 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-15 21:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-15 21:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-15 21:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-15 21:38 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-15 21:38 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-15 21:38 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-15 21:36 - 2015-01-15 23:21 - 00000000 ____D () C:\Qoobox
2015-01-15 21:36 - 2015-01-15 23:03 - 00000000 ____D () C:\Windows\erdnt
2015-01-15 21:35 - 2015-01-15 21:35 - 05609736 ____R (Swearware) C:\Users\Vera\Desktop\ComboFix.exe
2015-01-15 21:32 - 2015-01-15 21:34 - 00002866 _____ () C:\Users\Vera\Desktop\Rkill.txt
2015-01-15 21:27 - 2015-01-15 21:27 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Vera\Desktop\rkill.exe
2015-01-15 19:45 - 2015-01-15 19:45 - 00016301 _____ () C:\Users\Vera\Desktop\Addition.txt
2015-01-15 19:43 - 2015-01-15 23:45 - 00000000 ____D () C:\FRST
2015-01-15 19:42 - 2015-01-15 19:42 - 01116672 _____ (Farbar) C:\Users\Vera\Desktop\FRST.exe
2015-01-15 18:31 - 2015-01-15 23:18 - 00121834 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 18:28 - 2015-01-15 23:12 - 00002110 _____ () C:\Windows\PFRO.log
2015-01-15 18:28 - 2015-01-15 23:12 - 00000224 _____ () C:\Windows\setupact.log
2015-01-15 18:28 - 2015-01-15 18:28 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 10:02 - 2015-01-15 10:02 - 00000929 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-15 10:02 - 2015-01-15 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-01-15 10:02 - 2015-01-15 10:02 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-14 23:46 - 2015-01-14 23:46 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-14 16:23 - 2015-01-14 16:24 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-01-14 14:32 - 2015-01-14 14:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-14 13:57 - 2015-01-14 13:57 - 00001194 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2015-01-14 13:57 - 2015-01-14 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-01-14 13:57 - 2009-12-30 10:21 - 00027192 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-01-14 13:49 - 2015-01-14 13:49 - 00000000 ____D () C:\Users\Vera\AppData\Local\MFAData
2015-01-14 13:49 - 2015-01-14 13:49 - 00000000 ____D () C:\Users\Vera\AppData\Local\Avg2015
2015-01-14 13:49 - 2015-01-14 13:49 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-14 13:38 - 2015-01-15 19:42 - 00000000 ____D () C:\Users\Vera\Desktop\Zrušit-pokusy
2015-01-13 18:34 - 2015-01-13 18:34 - 00104493 _____ () C:\Users\Vera\Desktop\AAMK_FORM_2015.xlsm
2015-01-13 09:46 - 2015-01-13 09:46 - 00108888 _____ () C:\Users\Vera\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-13 09:45 - 2015-01-13 09:45 - 00406192 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-13 09:12 - 2015-01-13 09:12 - 02475456 _____ (WiseCleaner.com ) C:\Users\Vera\Downloads\WDCFree.exe
2015-01-13 09:12 - 2015-01-13 09:12 - 02138744 _____ (WiseCleaner.com ) C:\Users\Vera\Downloads\WRCFree.exe
2015-01-12 23:36 - 2015-01-12 23:42 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\FTWeak
2015-01-12 22:22 - 2015-01-12 22:35 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\Hiteksquad
2015-01-12 22:22 - 2015-01-12 22:35 - 00000000 ____D () C:\Program Files\Ratchet
2015-01-12 22:22 - 2015-01-12 22:22 - 00000000 ____D () C:\Users\Vera\AppData\Local\Licenses
2015-01-12 21:25 - 2015-01-12 21:25 - 00000000 ____D () C:\Program Files\DLLSuite
2015-01-12 19:12 - 2015-01-12 19:12 - 00000000 ____D () C:\Users\Vera\AppData\Local\VS Revo Group
2015-01-12 19:11 - 2015-01-12 19:11 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-01-12 17:13 - 2015-01-12 17:13 - 00002165 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-12 17:13 - 2015-01-12 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-12 17:09 - 2015-01-12 17:14 - 00000000 ____D () C:\Users\Vera\AppData\Local\Google
2015-01-12 17:09 - 2015-01-12 17:14 - 00000000 ____D () C:\Program Files\Google
2015-01-12 14:02 - 2015-01-12 14:02 - 00109568 _____ () C:\Users\Vera\Desktop\PS_ODZAM_O_214.xls
2015-01-11 22:51 - 2015-01-11 22:51 - 00007024 ____N () C:\bootsqm.dat
2015-01-11 22:28 - 2015-01-11 22:28 - 00000000 ____D () C:\Users\Vera\Documents\úvěrové smlouvy
2015-01-11 21:53 - 2015-01-12 17:00 - 00000000 ____D () C:\Users\Vera\Desktop\Nová složka
2015-01-08 17:43 - 2015-01-09 00:57 - 00000000 ____D () C:\Users\Vera\Desktop\Formulare M
2015-01-08 13:25 - 2015-01-08 13:25 - 00000000 ____D () C:\Users\Vera\AppData\Local\{E4A8033C-602D-4D4D-97F4-D7F3A021A20A}
2015-01-06 11:27 - 2015-01-08 13:30 - 00000000 ____D () C:\Users\Vera\AppData\Roaming\Foxit Software
2015-01-06 11:26 - 2015-01-06 11:26 - 00002055 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2015-01-06 11:26 - 2015-01-06 11:26 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-01-06 11:26 - 2015-01-06 11:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-01-06 11:25 - 2015-01-06 11:25 - 00000000 ____D () C:\Program Files\Foxit Software
2015-01-06 09:13 - 2015-01-12 02:16 - 00000000 ____D () C:\Users\Vera\AppData\Local\PDFCreator
2015-01-06 09:10 - 2015-01-13 09:38 - 00000000 ____D () C:\Program Files\PDFCreator
2015-01-06 09:10 - 2015-01-13 09:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-01-06 09:10 - 2015-01-06 09:10 - 00000953 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2015-01-06 09:10 - 2014-12-16 20:01 - 00098488 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-01-06 09:07 - 2015-01-06 09:08 - 00000000 _____ () C:\Users\Vera\Desktop\PDFCreator-2_0_1-setup.exe
2015-01-05 19:10 - 2015-01-05 19:10 - 00001436 _____ () C:\Users\Vera\Documents\Zerzánová Nabidka_2015_01_05_19_10.bsf
2015-01-05 18:19 - 2015-01-05 18:19 - 00001440 _____ () C:\Users\Vera\Documents\jANECKÝ Nabidka_2015_01_05_18_19.bsf
2014-12-18 17:57 - 2014-12-18 17:57 - 00000000 ____D () C:\Users\Vera\AppData\Local\{3CE9EB97-1BF1-420D-B562-61457D8976E9}
2014-12-18 17:56 - 2014-12-18 17:57 - 00000000 ____D () C:\Users\Vera\AppData\Local\{C00ADB71-E461-4AA8-B765-2A4F76146032}
2014-12-18 17:56 - 2014-12-18 17:56 - 00000000 ____D () C:\Users\Vera\AppData\Local\{E646BBCC-8797-4B47-A18E-53E4833938FC}
2014-12-18 17:56 - 2014-12-18 17:56 - 00000000 ____D () C:\Users\Vera\AppData\Local\{CBE4691A-03E6-4363-BCD1-62C43FE50737}
2014-12-18 15:39 - 2014-12-18 15:39 - 00001439 _____ () C:\Users\Vera\Documents\Hubinka j- stNabidka_2014_12_18_15_38.bsf
2014-12-18 13:12 - 2014-12-18 13:12 - 27309568 _____ () C:\Users\Vera\Documents\IŽP_Evoluce_20121221 UNI.xls
2014-12-18 10:46 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-16 01:49 - 2015-01-08 16:14 - 00000000 ____D () C:\Users\Vera\Documents\2014_12_15
2014-12-16 01:49 - 2014-12-16 01:49 - 00000000 ____D () C:\Users\Vera\Documents\2014_12_09

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 23:29 - 2012-07-18 09:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 23:20 - 2009-07-14 05:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 23:20 - 2009-07-14 05:34 - 00016160 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 23:19 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 23:18 - 2009-07-14 05:53 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-15 23:14 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-15 22:06 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-15 22:06 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-15 18:28 - 2014-06-06 23:36 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-15 12:23 - 2012-07-18 09:26 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-15 12:23 - 2012-07-18 09:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 18:40 - 2010-11-20 22:01 - 01582262 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-14 13:57 - 2014-06-07 21:40 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-01-14 13:27 - 2014-06-29 16:12 - 00000240 _____ () C:\Windows\wininit.ini
2015-01-13 09:22 - 2014-06-06 23:46 - 00000000 ___RD () C:\MSOCache
2015-01-13 09:21 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther
2015-01-12 19:06 - 2014-06-06 23:46 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-11 22:25 - 2014-06-07 07:44 - 00000000 ___RD () C:\Users\Vera\výpisy
2015-01-11 22:00 - 2014-06-07 07:44 - 00000000 ____D () C:\Users\Vera\Záznamy z jednání, ZK
2015-01-10 13:18 - 2014-06-08 09:50 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-08 16:51 - 2014-06-26 16:02 - 00000000 ____D () C:\Einstein
2015-01-08 16:50 - 2014-12-02 13:45 - 00000610 _____ () C:\Users\Vera\Desktop\Einstein.lnk
2015-01-08 16:50 - 2014-06-26 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wüstenrot
2015-01-08 16:14 - 2014-06-07 06:24 - 00000000 ____D () C:\Users\Vera\Documents\Platby
2015-01-08 14:12 - 2014-06-07 06:37 - 00000000 ___RD () C:\Users\Vera\Desktop\Moje
2015-01-06 04:36 - 2014-06-06 23:51 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-18 17:55 - 2014-06-07 11:35 - 00000000 ____D () C:\Users\Vera\Documents\Scan

Some zero byte size files/folders:
==========================
C:\Windows\System32\IMJP10K.DLL

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 01:43

==================== End Of Log ============================

http://leteckaposta.cz/702054347

[altrok]

• Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
• ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
• znovu spustte FRST a kliknete na Fix
• po restartu na Vas vyskoci fixlog (pripadne bude ulozen na Plose), jehoz obsah mi vlozte do pristi odpovedi

  Kód: Vybrat vše

  Start
  CloseProcesses:
  BootExecute: autocheck autochk * sdnclean.exe
  HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  HKU\S-1-5-21-428363639-2987571098-4238844215-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  EmptyTemp:
  End
  

Start -> Spustit -> cmd

• vepiste chkdsk /r
• enter a restartujte PC
• tato kontrola a opravovani probihaji pred nactenim OS a trvaji az nekolik hodin, takze doporucuji pustit napr. pres noc

Mejte radeji zalohovana data... system hlasi chyby na disku.

[ja-pce]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-01-2015
Ran by Vera at 2015-01-16 08:23:02 Run:2
Running from C:\Users\Vera\Desktop
Loaded Profiles: Vera (Available profiles: Vera)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
BootExecute: autocheck autochk * sdnclean.exe
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-428363639-2987571098-4238844215-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-428363639-2987571098-4238844215-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 72.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog 08:23:16 ====

[altrok]

Toto je OK. Az bude cas, pustte tam chkdsk a pak dejte novy log z Crystal Disk Info.

[ja-pce]

Chkdsk již proběhl... teď ještě najít nebo spíš kde vytvořit ten log?

[altrok]

• Stahnete Crystal Disk Info (CDI) http://sourceforge.jp/frs/redir.php?m=j ... o6_2_2.zip
• archiv extrahujte a spustte vyextrahovany soubor DiskInfo.exe
• ve spustenem programu kliknete nahore na Upravy -> Kopirovat (log mate nyni zkopirovany ve schrance)
• log vlozte do dalsi odpovedi (Ctrl + V)

problem stale nevyresen?

[ja-pce]

Problém stále přetrvává -> při otevření Ovládacích panelů je vše v poho... ale při otevření Programů nebo Odinstalovat.. vyskočí hláška Průzkumník přestal pracovat..

Log

----------------------------------------------------------------------------
CrystalDiskInfo 6.2.2 (C) 2008-2014 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows 7 Starter SP1 [6.1 Build 7601] (x86)
Date : 2015/01/16 12:06:24

-- Controller Map ----------------------------------------------------------
+ Intel(R) NM10 Express Chipset [ATA]
- ST320LM001 HN-M320MBB

-- Disk List ---------------------------------------------------------------
(1) ST320LM001 HN-M320MBB : 320,0 GB [0/0/0, pd1] - st

----------------------------------------------------------------------------
(1) ST320LM001 HN-M320MBB
----------------------------------------------------------------------------
Model : ST320LM001 HN-M320MBB
Firmware : 2AR10001
Serial Number : S2UPJ9AC710891
Disk Size : 320,0 GB (8,4/137,4/320,0/320,0)
Buffer Size : 8192 KB
Queue Depth : 32
# of Sectors : 625142448
Rotation Rate : 5400 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : SATA/300 | SATA/300
Power On Hours : 4997 hod.
Power On Count : 4546 krát
Temperature : 27 C (80 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0080h [ON]
AAM Level : FE80h [ON]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000001 Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _91 _86 _25 000000000B31 Čas na roztočení ploten
04 _85 _85 __0 000000003BED Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 000000001385 Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _96 _96 __0 0000000011C2 Počet cyklů zapnutí zařízení
BF 100 100 __0 0000000000E4 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _57 __0 002C000C001B Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 00000000028A Počet chyb při zápisu sektorů
DF 100 100 __0 00000000009D Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 _93 _93 __0 000000011B46 Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 0000 003F 0000 0000 0000
010: 5332 5550 4A39 4143 3731 3038 3931 2020 2020 2020
020: 0000 4000 0004 3241 5231 3030 3031 5354 3332 304C
030: 4D30 3031 2048 4E2D 4D33 3230 4D42 4220 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 0010 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 001F 1F06 0004 004C 004C
080: 01FF 0028 746B 7F69 6123 7469 BE49 6123 407F 0028
090: 0028 0080 FFFE 0000 FE80 0000 0000 0000 0000 0000
100: EAB0 2542 0000 0000 0000 0000 6003 0000 5000 4CF2
110: 0812 DAC5 0000 0000 0000 0000 0000 0100 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0003 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 003F 0000 0000 4000
210: 0000 0000 0000 0000 0000 0000 0000 1518 0000 0000
220: 0000 0000 103F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0400 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 D3A5

-- SMART_READ_DATA ---------------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 2F 00 64 64 01 00 00 00 00 00 00 02 26
010: 00 FC FC 00 00 00 00 00 00 00 03 23 00 5B 56 31
020: 0B 00 00 00 00 00 04 32 00 55 55 ED 3B 00 00 00
030: 00 00 05 33 00 FC FC 00 00 00 00 00 00 00 07 2E
040: 00 FC FC 00 00 00 00 00 00 00 08 24 00 FC FC 00
050: 00 00 00 00 00 00 09 32 00 64 64 85 13 00 00 00
060: 00 00 0A 32 00 FC FC 00 00 00 00 00 00 00 0C 32
070: 00 60 60 C2 11 00 00 00 00 00 BF 22 00 64 64 E4
080: 00 00 00 00 00 00 C0 22 00 FC FC 00 00 00 00 00
090: 00 00 C2 02 00 40 39 1B 00 0C 00 2C 00 00 C3 3A
0A0: 00 64 64 00 00 00 00 00 00 00 C4 32 00 FC FC 00
0B0: 00 00 00 00 00 00 C5 32 00 FC FC 00 00 00 00 00
0C0: 00 00 C6 30 00 FC FC 00 00 00 00 00 00 00 C7 36
0D0: 00 C8 C8 00 00 00 00 00 00 00 C8 2A 00 64 64 8A
0E0: 02 00 00 00 00 00 DF 32 00 64 64 9D 00 00 00 00
0F0: 00 00 E1 32 00 5D 5D 46 1B 01 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 74 13 00 5B
170: 03 00 01 00 02 53 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61

-- SMART_READ_THRESHOLD ----------------------------------------------------
+0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F
000: 10 00 01 33 00 00 00 00 00 00 00 00 00 00 02 00
010: 00 00 00 00 00 00 00 00 00 00 03 19 00 00 00 00
020: 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00
030: 00 00 05 0A 00 00 00 00 00 00 00 00 00 00 07 33
040: 00 00 00 00 00 00 00 00 00 00 08 0F 00 00 00 00
050: 00 00 00 00 00 00 09 00 00 00 00 00 00 00 00 00
060: 00 00 0A 33 00 00 00 00 00 00 00 00 00 00 0C 00
070: 00 00 00 00 00 00 00 00 00 00 BF 00 00 00 00 00
080: 00 00 00 00 00 00 C0 00 00 00 00 00 00 00 00 00
090: 00 00 C2 00 00 00 00 00 00 00 00 00 00 00 C3 00
0A0: 00 00 00 00 00 00 00 00 00 00 C4 00 00 00 00 00
0B0: 00 00 00 00 00 00 C5 00 00 00 00 00 00 00 00 00
0C0: 00 00 C6 00 00 00 00 00 00 00 00 00 00 00 C7 00
0D0: 00 00 00 00 00 00 00 00 00 00 C8 00 00 00 00 00
0E0: 00 00 00 00 00 00 DF 00 00 00 00 00 00 00 00 00
0F0: 00 00 E1 00 00 00 00 00 00 00 00 00 00 00 00 00
100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1A0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1B0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1E0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
1F0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 46

[altrok]

C8 100 100 __0 000000000289 Počet chyb při zápisu sektorů
toto neni dobre... pres noc/po chkdsku se zase zvysila...

Nainstalujte a spustte HD Tune - http://www.hdtune.com/files/hdtune_255.exe

• Prejdete na zalozku Health a zkontrolujte, ze je ve sloupecku Status vsude hodnota OK a dole sviti zelene Health status: OK
• Na zalozce Error Scan kliknete na Start. Po dokonceni testu udelejte screen a prilozte ho k dalsi odpovedi.

[ja-pce]

Svědčí to tedy o umírajícím disku ?

[ja-pce]

V Health není nic zobrazeno... nikde není OK.. Power On Time n/a a dole Health Status n/a

[altrok]

tezko rict umirajici... urcite neni v nejlepsi kondici... i system samotny hlasi chyby na disku, takze nevylucuju, ze to je HW problem... tady moje moznosti konci a zkuste se obratit na podporu Microsoftu, zda Vam k tomu budou schopni neco rict...