Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

PC zablokovane Policii CR

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Zamčeno
Zpráva
Autor
kewin
Návštěvník
Návštěvník
Příspěvky: 125
Registrován: 27 srp 2004 08:36

Re: PC zablokovane Policii CR

#31 Příspěvek od kewin »

V tom adresari ten soubor opravdu nevidím. Myslel jsem , že ho tam ten virus generuje pri přístupu do konkrétního profilu uživatele
Nahoru
Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 119529
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:
Kontaktovat uživatele Rudy

Re: PC zablokovane Policii CR

#32 Příspěvek od Rudy »

Poslední možností je sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 . Pokud se ho nepodaří zdolat, budete muset vytvořit nový profil a ten původní smazat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Nahoru
kewin
Návštěvník
Návštěvník
Příspěvky: 125
Registrován: 27 srp 2004 08:36

Re: PC zablokovane Policii CR

#33 Příspěvek od kewin »

zkusim. Jeste jsem si vsiml ze se pise documents a ne document, ale stejne to tam nic nenaslo :-(
Nahoru
kewin
Návštěvník
Návštěvník
Příspěvky: 125
Registrován: 27 srp 2004 08:36

Re: PC zablokovane Policii CR

#34 Příspěvek od kewin »

AVP Tool jsem uz zkousel. Jde to jen v nouzovem rezimu a nepomohlo to.
Nahoru
kewin
Návštěvník
Návštěvník
Příspěvky: 125
Registrován: 27 srp 2004 08:36

Re: PC zablokovane Policii CR

#35 Příspěvek od kewin »

Přepnul jsem uživatele na milan. Opět naskočila tapeta plochy a DOSovské okno. V tom DOSovském okně jsem se dostal až do adresáře temp. Příkaz DIR neukázal žádný soubor. Ukázal dva adresáře, ale ty taky nevidím. Co takhle smazat celý adresář temp? Jde pak znovu vytvořit? Nebo se vytvoří sám?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: PC zablokovane Policii CR

#36 Příspěvek od vyosek »

Zdravim a pekny den preji :)

:arrow: Omlouvam se kolegovi za vstup

:arrow: Na ucte uzivatele milan poprosim o spusteni nasledujiciho

:arrow: Aplikace ke stažení:
:arrow: Po stažení FRSTLauncher spustte, objevi se mozna varovani od antiviru, ignorujte a nechte FRSTL spustit

:arrow: Následně dojde ke stažení FRST a inicializaci
  • Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na Ano.
  • Dooznačíme položku Addition.txt - viz obrázek.
    Obrázek
  • Klikneme na tlačítko Scan čímž spustíme skenování.
  • Počkáme na dokončení skenování FRST a vytvoření doplňkových informací naší nástavbou.
  • Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
  • Po uzavření logu se FRSTLauncher.exe ukončí a na ploše nám zbyde utilta FRST a dva logy FRST.txt a Addition.txt - nic z toho zatím nemažeme.
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kewin
Návštěvník
Návštěvník
Příspěvky: 125
Registrován: 27 srp 2004 08:36

Re: PC zablokovane Policii CR

#37 Příspěvek od kewin »

dobre rano, na ucet milan se nedostanu, blokuje ho to dosovske okno. Muu to spustit z druheho profilu - take s pravy admina?
Nahoru
kewin
Návštěvník
Návštěvník
Příspěvky: 125
Registrován: 27 srp 2004 08:36

Re: PC zablokovane Policii CR

#38 Příspěvek od kewin »

Vkládám log.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04
Ran by aja (administrator) on 01-08-2013 08:30:59
Running from C:\Documents and Settings\aja\Plocha
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Avocent Inc.) C:\Acer\Empowering Technology\admServ.exe
() C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
(Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
(Cyberlink) C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
() C:\Program Files\NetDrive\wdService.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
() C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(acer Inc.) C:\Acer\Empowering Technology\eRecovery\Monitor.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Firebird Project) C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avocent Inc.) C:\Acer\Empowering Technology\admtray.exe
(HiTRUST) C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
(CyberLink Corp.) C:\Program Files\Acer\Acer Arcade\PCMService.exe
(Acer Incorporated) C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Realtek Semiconductor Corp.) C:\DOCUME~1\aja\LOCALS~1\Temp\RtkBtMnt.exe
(Dritek System Inc.) C:\PROGRA~1\LAUNCH~1\LManager.exe
() C:\Program Files\NetDrive\netdrive.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(MRP-Informatics, s.r.o.) C:\PROGRA~1\MRP\MRPRun.exe
(HP) C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe
(Nokia) C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
(Nokia.) C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
() C:\Program Files\AVG Secure Search\vprot.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)
HKLM\...\Run: [BluetoothAuthenticationAgent] - rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [x]
HKLM\...\Run: [LaunchApp] - Alaunch [x]
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16248320 2006-06-28] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\Windows\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [53248 2005-12-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [761946 2006-03-03] (Synaptics, Inc.)
HKLM\...\Run: [ntiMUI] - C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [45056 2006-05-15] ()
HKLM\...\Run: [ADMTray.exe] - C:\Acer\Empowering Technology\admtray.exe [2462208 2005-10-24] (Avocent Inc.)
HKLM\...\Run: [eDataSecurity Loader] - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [69632 2005-12-27] (HiTRUST)
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-18] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-18] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-18] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-18] (Microsoft Corporation)
HKLM\...\Run: [PCMService] - C:\Program Files\Acer\Acer Arcade\PCMService.exe [151552 2006-08-09] (CyberLink Corp.)
HKLM\...\Run: [ePower_DMC] - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe [352256 2006-08-10] (Acer Incorporated)
HKLM\...\Run: [Acer ePower Management] - C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe [3080704 2006-05-22] (Acer Value Labs, Taiwan)
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\LManager.exe [593920 2006-07-20] (Dritek System Inc.)
HKLM\...\Run: [eRecoveryService] - C:\Acer\Empowering Technology\eRecovery\Monitor.exe [397312 2006-01-24] (acer Inc.)
HKLM\...\Run: [WebDriveTray] - C:\Program Files\NetDrive\netdrive.exe [294912 2002-08-29] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [149280 2009-09-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [MRPRun] - C:\PROGRA~1\MRP\MRPRun.exe [551424 2004-10-25] (MRP-Informatics, s.r.o.)
HKLM\...\Run: [HPDJ Taskbar Utility] - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe [200704 2001-07-20] (HP)
HKLM\...\Run: [PCSuiteTrayApplication] - C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [229376 2006-06-15] (Nokia)
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-12-02] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-09-28] (Apple Inc.)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2285232 2013-07-29] ()
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 16D456AAA5}
URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={ ... rer:source?}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?sr ... 16D456AAA5}
SearchScopes: HKCU - {7EE445BA-FCDB-41CE-9466-7B747BFA3E05} URL = http://websearch.ask.com/redirect?clien ... 4A3176E509&
SearchScopes: HKCU - {92A82FFF-F3E0-4FB1-A073-0BC4F9B63DBC} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={440C ... 2013-07-25 19:30:15&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A92A1815-DE1B-4C94-8AFD-FF4AA315C1C8} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKCU - {E708F91D-1235-4720-98CE-E9F7BFD46914} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -&Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU -&Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU -Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKCU -No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ctivex.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CB927D12-4FF7-4A9E-A169-56E4B8A75598} http://appldnld.apple.com.edgesuite.net ... plugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ipp - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: msdaipp - No CLSID Value -
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 194.228.41.113 160.218.161.54

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Java(TM) Platform SE 6 U16) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.160.1) - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Extension: (Skype Click to Call) - C:\DOCUME~1\aja\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.10.0.13089_0
CHR Extension: (SweetPacks Chrome Extension) - C:\DOCUME~1\aja\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Documents and Settings\milan\Local Settings\Data aplikací\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
R2 AWService; C:\Acer\Empowering Technology\admServ.exe [1314816 2005-10-24] (Avocent Inc.)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
R2 CLCapSvc; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe [254050 2006-08-09] ()
R2 CLSched; C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe [114784 2006-08-09] ()
R2 CyberLink Media Library Service; C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe [61440 2006-08-09] (Cyberlink)
R2 FirebirdGuardianDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [81920 2008-06-13] (Firebird Project)
R3 FirebirdServerDefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2723840 2008-06-13] (Firebird Project)
S2 gupdate1ca7113e5850da0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-11-29] (Google Inc.)
S3 lmab_device; C:\WINDOWS\system32\LMabcoms.exe [495616 2006-06-14] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [143360 2005-01-21] ()
R3 ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-29] (AVG Secure Search)
R2 WebDriveService; C:\Program Files\NetDrive\wdService.exe [94208 2002-03-21] ()
S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
R1 AvgLdx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 AvgMfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 AvgRkx86; C:\Windows\System32\Drivers\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiX; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-07-29] (AVG Technologies)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [424320 2005-11-02] (Broadcom Corporation)
S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R3 Cam5603D; C:\Windows\System32\Drivers\BisonCam.sys [775936 2006-06-30] (Bison Electronics. Inc. )
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [61056 2006-06-16] (ENE Technology Inc.)
R3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [40064 2006-06-16] (ENE Technology Inc.)
R3 ESMCR; C:\Windows\System32\DRIVERS\ESM7SK.sys [74752 2006-06-16] (ENE Technology Inc.)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)
R3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [218496 2005-10-24] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [998656 2005-10-18] (Conexant Systems, Inc.)
R3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1166972 2006-03-23] (Intel Corporation)
R2 int15.sys; C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
R3 NdisFilt; C:\Windows\System32\Drivers\NdisFilt.sys [4392 2005-09-13] (OSA Technologies)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETMNT; C:\Windows\System32\DRIVERS\NETMNT.sys [9600 2005-05-02] ()
R1 OsaFsLoc; C:\WINDOWS\system32\drivers\OsaFsLoc.sys [12106 2005-10-15] (OSA Technologies)
R2 osaio; C:\WINDOWS\system32\drivers\osaio.sys [7296 2005-06-30] (OSA Technologies, An Avocent Company)
R2 osanbm; C:\WINDOWS\system32\drivers\osanbm.sys [4010 2005-01-14] (Windows (R) 2000 DDK provider)
R3 Rasirda; C:\Windows\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 SMCIRDA; C:\Windows\System32\DRIVERS\smcirda.sys [46080 2005-10-31] (SMSC)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 tap0801; C:\Windows\System32\DRIVERS\tap0801.sys [26624 2006-10-01] (The OpenVPN Project)
R0 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [13952 2004-12-17] ()
S3 w39n51; C:\Windows\System32\DRIVERS\w39n51.sys [1427968 2005-11-27] (Intel® Corporation)
R2 WebDriveFSD; C:\Program Files\NetDrive\rffsd.sys [67032 2001-07-29] ()
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S2 ADILOADER; System32\Drivers\adildr.sys [x]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [x]
S4 RFNP32; No ImagePath
S3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080325.002\symidsco.sys [x]
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-01 08:30 - 2013-07-30 20:47 - 01222064 _____ (Farbar) C:\Documents and Settings\aja\Plocha\FRST.exe
2013-08-01 08:27 - 2013-08-01 08:27 - 00000000 ____D C:\FRST
2013-07-31 23:35 - 2013-07-31 23:35 - 00001468 _____ C:\avenger.txt
2013-07-31 21:57 - 2013-07-31 21:57 - 00000000 ____D C:\Avenger
2013-07-31 21:54 - 2013-07-31 21:54 - 00731136 _____ C:\Documents and Settings\aja\Plocha\avenger.exe
2013-07-31 21:41 - 2013-07-31 21:41 - 00000000 ____D C:\totalcmd
2013-07-31 21:41 - 2013-07-31 21:41 - 00000000 ____D C:\Documents and Settings\aja\Data aplikací\GHISLER
2013-07-31 20:44 - 2013-07-31 20:44 - 00189952 _____ C:\Documents and Settings\aja\Plocha\T-Cleaner.exe
2013-07-31 00:41 - 2013-07-31 00:33 - 177123520 _____ C:\Documents and Settings\aja\Plocha\setup_11.0.0.1245.x01_2013_07_23_10_15.exe
2013-07-31 00:35 - 2013-07-31 22:56 - 00006820 _____ C:\WINDOWS\setupapi.log
2013-07-31 00:07 - 2013-07-31 00:07 - 00074020 _____ C:\Documents and Settings\aja\Dokumenty\cc_20130731_000706.reg
2013-07-31 00:05 - 2013-07-31 00:05 - 00000000 __SHD C:\Recycled
2013-07-30 23:13 - 2013-07-30 23:13 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-07-30 23:13 - 2013-07-30 23:13 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2013-07-30 23:13 - 2013-07-30 23:13 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2013-07-30 23:13 - 2013-07-30 23:13 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-07-30 23:13 - 2013-07-30 23:13 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2013-07-28 11:56 - 2013-07-28 11:56 - 00000000 ____D C:\Documents and Settings\aja\Data aplikací\Malwarebytes
2013-07-28 11:55 - 2013-07-28 11:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-28 11:55 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-07-28 11:54 - 2013-07-28 11:00 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\aja\Plocha\mbam-setup-1.75.0.1300.exe
2013-07-27 16:50 - 2013-07-27 16:50 - 00000000 ____D C:\FOUND.022
2013-07-26 14:29 - 2013-07-26 14:29 - 00000000 _RSHD C:\cmdcons
2013-07-26 14:29 - 2013-07-25 19:00 - 00000211 _____ C:\Boot.bak
2013-07-26 14:29 - 2004-08-03 23:00 - 00261312 __RSH C:\cmldr
2013-07-26 14:24 - 2013-07-26 14:24 - 00000000 ___RD C:\Documents and Settings\aja\Nabídka Start\Programy\Nástroje pro správu
2013-07-25 20:06 - 2013-07-25 20:06 - 00000000 ____D C:\Program Files\trend micro
2013-07-25 19:33 - 2013-07-25 19:34 - 00000000 ____D C:\Documents and Settings\aja\Data aplikací\AVG2013
2013-07-25 19:30 - 2013-07-29 20:11 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-07-25 19:30 - 2013-07-25 19:30 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-07-25 19:30 - 2013-07-25 19:30 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-07-25 19:30 - 2013-07-25 19:30 - 00000000 ____D C:\Documents and Settings\aja\Data aplikací\TuneUp Software
2013-07-25 19:30 - 2013-07-25 19:30 - 00000000 ____D C:\Documents and Settings\aja\Data aplikací\AVG Secure Search
2013-07-25 19:23 - 2013-07-25 19:23 - 140002992 _____ (AVG Technologies) C:\Documents and Settings\aja\Plocha\avg_free_x86_all_2013_3349a6461.exe
2013-07-25 18:32 - 2013-07-25 18:02 - 02994168 _____ (Symantec Corporation) C:\Documents and Settings\aja\Plocha\NPE.exe
2013-07-25 18:21 - 2013-07-25 18:21 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-07-25 18:20 - 2013-07-31 07:15 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-07-25 18:20 - 2013-07-25 18:20 - 00000000 ____D C:\Documents and Settings\Administrator
2013-07-25 18:20 - 2006-08-28 20:20 - 00000000 ___RD C:\Documents and Settings\Administrator\Oblíbené položky
2013-07-25 18:20 - 2006-08-28 20:20 - 00000000 ___RD C:\Documents and Settings\Administrator\Dokumenty
2013-07-25 18:20 - 2006-08-28 19:59 - 00000000 __RHD C:\Documents and Settings\Administrator\Data aplikací
2013-07-25 18:20 - 2006-08-28 19:59 - 00000000 ___RD C:\Documents and Settings\Administrator\Nabídka Start
2013-07-25 18:20 - 2006-08-28 19:59 - 00000000 ___HD C:\Documents and Settings\Administrator\Šablony
2013-07-25 18:20 - 2006-08-28 19:59 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní tiskárny
2013-07-25 18:20 - 2006-08-28 19:59 - 00000000 ___HD C:\Documents and Settings\Administrator\Okolní síť
2013-07-25 18:20 - 2006-08-28 19:59 - 00000000 ___HD C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2013-07-25 18:20 - 2006-08-28 19:59 - 00000000 ____D C:\Documents and Settings\Administrator\Plocha
2013-07-14 11:16 - 2013-07-14 11:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-12 09:37 - 2013-07-12 09:37 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-12 09:34 - 2013-07-12 09:34 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2850851$
2013-07-12 09:34 - 2013-07-12 09:34 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2834886$
2013-07-12 09:33 - 2013-07-12 09:34 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2845187$
2013-07-04 22:50 - 2013-07-04 22:50 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-07-04 22:50 - 2013-07-04 22:50 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf

==================== One Month Modified Files and Folders =======

2013-08-01 08:31 - 2009-11-29 17:56 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-01 08:31 - 2009-11-29 17:56 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-01 08:27 - 2013-08-01 08:27 - 00000000 ____D C:\FRST
2013-08-01 08:24 - 2013-01-04 10:19 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-01 08:24 - 2010-01-13 08:34 - 00000466 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{841C420B-E491-4DA5-8406-74C76A6CCBCE}.job
2013-08-01 07:18 - 2006-12-28 03:41 - 00000451 _____ C:\WINDOWS\system32\eRLog.ini
2013-08-01 07:17 - 2006-08-28 20:04 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-08-01 07:16 - 2006-08-28 21:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-01 00:13 - 2011-02-20 21:37 - 00000048 _____ C:\WINDOWS\wiaservc.log
2013-08-01 00:13 - 2006-12-29 02:42 - 00000272 ___SH C:\Documents and Settings\milan\ntuser.ini
2013-08-01 00:13 - 2006-12-28 03:31 - 00000272 ___SH C:\Documents and Settings\aja\ntuser.ini
2013-08-01 00:13 - 2006-08-28 21:30 - 00032590 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-01 00:13 - 2006-08-28 21:29 - 00000012 _____ C:\WINDOWS\bthservsdp.dat
2013-08-01 00:00 - 2006-08-28 21:29 - 01725015 _____ C:\WINDOWS\WindowsUpdate.log
2013-07-31 23:35 - 2013-07-31 23:35 - 00001468 _____ C:\avenger.txt
2013-07-31 22:56 - 2013-07-31 00:35 - 00006820 _____ C:\WINDOWS\setupapi.log
2013-07-31 21:57 - 2013-07-31 21:57 - 00000000 ____D C:\Avenger
2013-07-31 21:54 - 2013-07-31 21:54 - 00731136 _____ C:\Documents and Settings\aja\Plocha\avenger.exe
2013-07-31 21:41 - 2013-07-31 21:41 - 00000000 ____D C:\totalcmd
2013-07-31 21:41 - 2013-07-31 21:41 - 00000000 ____D C:\Documents and Settings\aja\Data aplikací\GHISLER
2013-07-31 20:44 - 2013-07-31 20:44 - 00189952 _____ C:\Documents and Settings\aja\Plocha\T-Cleaner.exe
2013-07-31 07:15 - 2013-07-25 18:20 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-07-31 00:33 - 2013-07-31 00:41 - 177123520 _____ C:\Documents and Settings\aja\Plocha\setup_11.0.0.1245.x01_2013_07_23_10_15.exe
2013-07-31 00:07 - 2013-07-31 00:07 - 00074020 _____ C:\Documents and Settings\aja\Dokumenty\cc_20130731_000706.reg
2013-07-31 00:05 - 2013-07-31 00:05 - 00000000 __SHD C:\Recycled
2013-07-30 23:39 - 2006-08-28 19:59 - 00000296 _____ C:\WINDOWS\system.ini
2013-07-30 23:13 - 2013-07-30 23:13 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-07-30 23:13 - 2013-07-30 23:13 - 00000000 ____H C:\WINDOWS\system32\config\SYSTEM.tmp.LOG
2013-07-30 23:13 - 2013-07-30 23:13 - 00000000 ____H C:\WINDOWS\system32\config\SOFTWARE.tmp.LOG
2013-07-30 23:13 - 2013-07-30 23:13 - 00000000 ____H C:\WINDOWS\system32\config\SAM.tmp.LOG
2013-07-30 23:13 - 2013-07-30 23:13 - 00000000 ____H C:\WINDOWS\system32\config\DEFAULT.tmp.LOG
2013-07-30 23:13 - 2006-08-28 21:30 - 30408704 _____ C:\WINDOWS\system32\config\SOFTWARE.bak
2013-07-30 23:13 - 2006-08-28 21:30 - 07864320 _____ C:\WINDOWS\system32\config\SYSTEM.bak
2013-07-30 23:13 - 2006-08-28 21:30 - 00524288 _____ C:\WINDOWS\system32\config\DEFAULT.bak
2013-07-30 23:13 - 2006-08-28 21:30 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-07-30 23:13 - 2006-08-28 21:30 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-07-30 20:47 - 2013-08-01 08:30 - 01222064 _____ (Farbar) C:\Documents and Settings\aja\Plocha\FRST.exe
2013-07-29 20:11 - 2013-07-25 19:30 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-07-28 12:44 - 2009-10-14 17:06 - 00001540 _____ C:\lmab.log
2013-07-28 11:56 - 2013-07-28 11:56 - 00000000 ____D C:\Documents and Settings\aja\Data aplikací\Malwarebytes
2013-07-28 11:55 - 2013-07-28 11:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-28 11:00 - 2013-07-28 11:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Documents and Settings\aja\Plocha\mbam-setup-1.75.0.1300.exe
2013-07-27 16:50 - 2013-07-27 16:50 - 00000000 ____D C:\FOUND.022
2013-07-26 14:29 - 2013-07-26 14:29 - 00000000 _RSHD C:\cmdcons
2013-07-26 14:29 - 2006-08-28 21:29 - 00000327 __RSH C:\boot.ini
2013-07-26 14:24 - 2013-07-26 14:24 - 00000000 ___RD C:\Documents and Settings\aja\Nabídka Start\Programy\Nástroje pro správu
2013-07-25 20:06 - 2013-07-25 20:06 - 00000000 ____D C:\Program Files\trend micro
2013-07-25 19:34 - 2013-07-25 19:33 - 00000000 ____D C:\Documents and Settings\aja\Data aplikací\AVG2013
2013-07-25 19:30 - 2013-07-25 19:30 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2013-07-25 19:30 - 2013-07-25 19:30 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-07-25 19:30 - 2013-07-25 19:30 - 00000000 ____D C:\Documents and Settings\aja\Data aplikací\TuneUp Software
2013-07-25 19:30 - 2013-07-25 19:30 - 00000000 ____D C:\Documents and Settings\aja\Data aplikací\AVG Secure Search
2013-07-25 19:23 - 2013-07-25 19:23 - 140002992 _____ (AVG Technologies) C:\Documents and Settings\aja\Plocha\avg_free_x86_all_2013_3349a6461.exe
2013-07-25 19:00 - 2013-07-26 14:29 - 00000211 _____ C:\Boot.bak
2013-07-25 18:21 - 2013-07-25 18:21 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-07-25 18:20 - 2013-07-25 18:20 - 00000000 ____D C:\Documents and Settings\Administrator
2013-07-25 18:02 - 2013-07-25 18:32 - 02994168 _____ (Symantec Corporation) C:\Documents and Settings\aja\Plocha\NPE.exe
2013-07-22 08:47 - 2006-08-28 21:29 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-07-14 11:16 - 2013-07-14 11:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-07-12 09:55 - 2013-05-02 14:34 - 00321136 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-07-12 09:37 - 2013-07-12 09:37 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-07-12 09:34 - 2013-07-12 09:34 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2850851$
2013-07-12 09:34 - 2013-07-12 09:34 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2834886$
2013-07-12 09:34 - 2013-07-12 09:33 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB2845187$
2013-07-04 22:50 - 2013-07-04 22:50 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2013-07-04 22:50 - 2013-07-04 22:50 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ggflt_01009.Wdf

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2009-03-15 17:07] - [2008-04-14 05:22] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\Windows\System32\winlogon.exe
[2009-03-15 17:07] - [2008-04-14 05:22] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\Windows\System32\svchost.exe
[2009-03-15 17:07] - [2008-04-14 05:22] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\Windows\System32\services.exe
[2009-03-15 17:07] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\Windows\System32\User32.dll
[2009-03-15 17:07] - [2008-04-14 05:22] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\Windows\System32\userinit.exe
[2009-03-15 17:07] - [2008-04-14 05:22] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\Windows\System32\Drivers\volsnap.sys
[2009-03-15 17:06] - [2008-04-14 04:12] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1


==================== Scheduled Tasks (whitelisted) ===========

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{841C420B-E491-4DA5-8406-74C76A6CCBCE}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Supplementary Scan (All) ================



[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\run]


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"="C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\\WINDOWS\\System32\\usmt\\migwiz.exe"="C:\\WINDOWS\\System32\\usmt\\migwiz.exe:*:Enabled:Prvodce penesenm soubor a nastaven"
"C:\\WINDOWS\\System32\\LMabcoms.exe"="C:\\WINDOWS\\System32\\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Firebird\\Firebird_2_1\\bin\\fbserver.exe"="C:\\Program Files\\Firebird\\Firebird_2_1\\bin\\fbserver.exe:LocalSubNet:Enabled:Firebird server 2.1"
"C:\\WINDOWS\\System32\\FXSCLNT.exe"="C:\\WINDOWS\\System32\\FXSCLNT.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\\WINDOWS\\System32\\MSIEXEC.EXE"="C:\\WINDOWS\\System32\\MSIEXEC.EXE:*:Enabled:UpdateManagerSetup"
"C:\\WINDOWS\\System32\\ARFC\\wrtc.exe"="C:\\WINDOWS\\System32\\ARFC\\wrtc.exe:*:Enabled:wrtc"
"C:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"="C:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe:*:Enabled:Update Engine"
"C:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"="C:\\Program Files\\AVG\\AVG2013\\avgnsx.exe:*:Enabled:Webov tt"
"C:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"="C:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe:*:Enabled:AVG Diagnostika 2013"
"C:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"="C:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe:*:Enabled:Instaltor AVG"
"C:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"="C:\\Program Files\\AVG\\AVG2013\\avgemcx.exe:*:Enabled:Obecn kontrola poty"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"VIDC.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVU9"="tsbyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"MSVideo8"="VfWWDM32.dll"
"msacm.l3codecp"="VfWWDM32.dll"
"msacm.mkdmp3enc"="C:\\PROGRA~1\\Acer\\ACERAR~1\\Kernel\\Burner\\MKDMP3Enc.ACM"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"mixer"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"


==================== Drive and Memory info ===================

Drive c: (ACER) (Fixed) (Total:34.57 GB) (Free:9.68 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive d: (ACERDATA) (Fixed) (Total:35.06 GB) (Free:34.95 GB) FAT32

Available physical RAM: 150.06 MB
Total physical RAM: 502.04 MB
Percentage of memory in use: 70%

==================== End Of Log ==============================
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: PC zablokovane Policii CR

#39 Příspěvek od vyosek »

OK, dejte mi chvili, napisu skript...Uz jsem mrchu asi nasel...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: PC zablokovane Policii CR

#40 Příspěvek od vyosek »

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [149280 2009-09-29] (Sun Microsystems, Inc.)
HKLM\...\Run: [PCSuiteTrayApplication] - C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE [229376 2006-06-15] (Nokia)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2012-09-28] (Apple Inc.)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2285232 2013-07-29] ()
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002&barid={8A60E6D9-5F2B-11E2-9F5A-0016D456AAA5}
URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={8A60E6D9-5F2B-11E2-9F5A-0016D456AAA5}
SearchScopes: HKCU - {7EE445BA-FCDB-41CE-9466-7B747BFA3E05} URL = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=RY&apn_dtid=YYYYYYYYCZ&apn_uid=9f90aaaa-48c4-4356-a886-1aa6a7a57fc6&apn_sauid=F36C8630-D354-4687-AEC6-254A3176E509&
SearchScopes: HKCU - {92A82FFF-F3E0-4FB1-A073-0BC4F9B63DBC} URL = http://www.webhledani.cz/results.aspx?i=42&tp=ie&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={440CF7DC-7ECD-49A3-9793-DBB3545EA290}&mid=ee6b2b2ed6a347d1be6ad15f92b24356-b49c89c641fc5b81d1b033f326aacaec01fa4238&lang=cs&ds=AVG&pr=fr&d=2013-07-25 19:30:15&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A92A1815-DE1B-4C94-8AFD-FF4AA315C1C8} URL = http://www.webhledani.cz/results.aspx?i=42&tp=ie&q={searchTerms}
SearchScopes: HKCU - {E708F91D-1235-4720-98CE-E9F7BFD46914} URL = http://www.webhledani.cz/results.aspx?i=42&tp=ie&q={searchTerms}
BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.4.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: No Name - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKCU -Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKCU -No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - No File
Handler: ipp - No CLSID Value -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler: msdaipp - No CLSID Value - 
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll (AVG Technologies)
CHR Extension: (SweetPacks Chrome Extension) - C:\DOCUME~1\aja\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.2_0
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Documents and Settings\milan\Local Settings\Data aplikací\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx
R2 vToolbarUpdater15.4.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [1616048 2013-07-29] (AVG Secure Search)
S2 ADILOADER; System32\Drivers\adildr.sys [x]
S3 adiusbaw; system32\DRIVERS\adiusbaw.sys [x]
S4 RFNP32; No ImagePath
S3 SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20080325.002\symidsco.sys [x]
U3 TlntSvr; 
2013-07-25 19:30 - 2013-07-25 19:30 - 00000000 ____D C:\Documents and Settings\aja\Data aplikací\AVG Secure Search
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{841C420B-E491-4DA5-8406-74C76A6CCBCE}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
REG: reg delete "HKUS\S-1-5-21-382403456-3286024301-4586780-1007\Software\Microsoft\Windows\CurrentVersion\Run" /v qcgce2mrvjq91kk1e7pnbb19m52fx /f
c:\DOCUME~1\milan\LOCALS~1\Temp\dfqdpelvjdcuyojeu.exe
C:\Program Files\AVG Secure Search
C:\Program Files\Common Files\AVG Secure Search
Hosts:
CMD: shutdown /f
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt a zkuste rozjet ucet "milan"
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kewin
Návštěvník
Návštěvník
Příspěvky: 125
Registrován: 27 srp 2004 08:36

Re: PC zablokovane Policii CR

#41 Příspěvek od kewin »

Posilam log a jdu zusit prepnout uzivatele.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 30-07-2013 04
Ran by aja at 2013-08-01 08:57:59 Run:1
Running from C:\Documents and Settings\aja\Plocha
Boot Mode: Normal

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PCSuiteTrayApplication => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PDFHook => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PDF5 Registry Controller => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\PDFPrint => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => Value deleted successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk => Moved successfully.
C:\Program Files\Microsoft Office\Office10\OSA.EXE => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL => Value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7EE445BA-FCDB-41CE-9466-7B747BFA3E05} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7EE445BA-FCDB-41CE-9466-7B747BFA3E05} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{92A82FFF-F3E0-4FB1-A073-0BC4F9B63DBC} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{92A82FFF-F3E0-4FB1-A073-0BC4F9B63DBC} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A92A1815-DE1B-4C94-8AFD-FF4AA315C1C8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{A92A1815-DE1B-4C94-8AFD-FF4AA315C1C8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E708F91D-1235-4720-98CE-E9F7BFD46914} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E708F91D-1235-4720-98CE-E9F7BFD46914} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} => Key deleted successfully.
HKCR\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key deleted successfully.
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Value deleted successfully.
HKCR\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => Value deleted successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => Key not found.
HKCR\PROTOCOLS\Handler\avgsecuritytoolbar => Key deleted successfully.
HKCR\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C} => Key not found.
HKCR\PROTOCOLS\Handler\Handler: ipp - No CLSID Value - => Key not found.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
HKCR\PROTOCOLS\Handler\msdaipp => Key deleted successfully.
HKCR\PROTOCOLS\Handler\viprotocol => Key deleted successfully.
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key deleted successfully.
C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll => Moved successfully.
C:\DOCUME~1\aja\LOCALS~1\Data aplikací\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl => Key deleted successfully.
C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx => Moved successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj => Key deleted successfully.
C:\Documents and Settings\milan\Local Settings\Data aplikací\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx => Moved successfully.
vToolbarUpdater15.4.0 => Service deleted successfully.
ADILOADER => Service deleted successfully.
adiusbaw => Service deleted successfully.
RFNP32 => Service deleted successfully.
SYMIDSCO => Service deleted successfully.
TlntSvr => Service deleted successfully.
C:\Documents and Settings\aja\Data aplikací\AVG Secure Search => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{841C420B-E491-4DA5-8406-74C76A6CCBCE}.job => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.

========= reg delete "HKUS\S-1-5-21-382403456-3286024301-4586780-1007\Software\Microsoft\Windows\CurrentVersion\Run" /v qcgce2mrvjq91kk1e7pnbb19m52fx /f =========


Chyba: Neplatný název klíče.


========= End of Reg: =========

"c:\DOCUME~1\milan\LOCALS~1\Temp\dfqdpelvjdcuyojeu.exe" => File/Directory not found.
C:\Program Files\AVG Secure Search => Moved successfully.
C:\Program Files\Common Files\AVG Secure Search => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /f =========


========= End of CMD: =========



The system needs a manual reboot.

==== End of Fixlog ====
Nahoru
kewin
Návštěvník
Návštěvník
Příspěvky: 125
Registrován: 27 srp 2004 08:36

Re: PC zablokovane Policii CR

#42 Příspěvek od kewin »

Tak, bohuzel, nic noveho. Opet vyskocilo DOS okno s tou hlaskou o dfqd~.exe.
Kdyz se snazim pomoci dosovskych prikazu do adresare temp dostat a pres dir dam vypis souboru, tak tam neni
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: PC zablokovane Policii CR

#43 Příspěvek od vyosek »

:arrow: Stahnete SytemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    :regfind
*dfqd*.*
  • Kliknete na Look
  • Tlacitko Look se zmeni na Scanning a zsedne
  • Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
  • Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
kewin
Návštěvník
Návštěvník
Příspěvky: 125
Registrován: 27 srp 2004 08:36

Re: PC zablokovane Policii CR

#44 Příspěvek od kewin »

Posilam. V registrech jsem uz hledal.

SystemLook 30.07.11 by jpshortstuff
Log created at 09:42 on 01/08/2013 by aja
Administrator - Elevation successful

========== regfind ==========

Searching for "*dfqd*.*"
No data found.

-= EOF =-

musim jet pracovat, pokracovani v 15:00
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: PC zablokovane Policii CR

#45 Příspěvek od vyosek »

:arrow: OK, ja mam tez nejake povinnosti...By me zajimalo, kde je ten kram zasity...On ten soubor tam nebude, ono to bude jen nejaky neplatny zaznam v registru, akorat se jmenuje jinak :boxed:

:arrow: Ale nebojte, jeste par tipu v zaloze mam :)

:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
  • Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Zamčeno

Zpět na „Řešení problémů, logy“