Dobrý den.
Dnes se mi na obrazovce zobrazilo hlášení od Policie ČR + podkres Interpol. Předpokládám, že jde o nějaký druh viru a něco už jsem zde na fóru o tom i četl. Problém je v tom, že přítelkyně má na notebook winXP u těchto win je problém prej složitější. Při restartu notebooku systém najede, ale okamžitě se tam zobrazí toto hlášení a nejde nic dělat. Při vyvolání správce úloh Ctrl+Alt+Delete se nenačte a opět se hned zobrazí toto hlášení.
Prosím a radu a pomoc, předem děkuji.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vir Policie Cr + Interpol
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Vir Policie Cr + Interpol
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Vir Policie Cr + Interpol
Dobrý den.
Děkuji za velmi rychlou reakci. Jakmile budu doma u notebooku vyzkouším.
Děkuji za velmi rychlou reakci. Jakmile budu doma u notebooku vyzkouším.
Re: Vir Policie Cr + Interpol
Ou Kej, ja sem budu prubezne cely zbytek dne nakukovat 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vir Policie Cr + Interpol
Tak jsem postupoval dle Vašeho návodu a vše proběhlo OK. Akorát jsem si všiml, že Hitman ten malware dal do karantény a nesmazal jej. Jaký tedy bude další postup? Jinak upřesnění jedná se o Win7, 64bit.
Děkuji.
Děkuji.
Re: Vir Policie Cr + Interpol
V karantene je uz neskodny 
Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vir Policie Cr + Interpol
Ok, vše dle návodu.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2014 01
Ran by Becky (administrator) on BECKY-ACER5630G on 14-01-2014 19:10:41
Running from C:\Users\Becky\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(QIP.ru) C:\Users\Becky\AppData\Roaming\QipGuard\QipGuard.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(QIP.ru) C:\Program Files (x86)\QipGuard\QipGuard.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Becky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Becky\AppData\Local\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Users\Becky\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Users\Becky\AppData\Local\MSGBOX.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2009-11-20] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1130504 2012-03-13] (Dritek System Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2486296 2014-01-09] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [160840 2012-04-03] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [QIP Internet Guardian] - C:\Users\Becky\AppData\Roaming\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17355912 2012-05-03] (Skype Technologies S.A.)
HKCU\...\Run: [Infium] - C:\Program Files (x86)\QIP 2012\qip.exe [7097296 2011-10-12] (QIP)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={9469 ... 2012-03-13 16:59:48&v=17.0.1.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Becky\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR RestoreOnStartup: "tabs": {
"use_compact_navigation_bar": false,
"use_vertical_tabs"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\pdf.dll ()
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Cryptoplus KB \u2013 podepisovac\u00ED modul) - C:\Users\Becky\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (AVG Security Toolbar) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.0.49_0 [2014-01-09]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-09]
==================== Services (Whitelisted) =================
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-09] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-14] ()
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [63264 2012-03-13] (O2Micro )
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-14 19:10 - 2014-01-14 19:11 - 00014289 _____ C:\Users\Becky\Desktop\FRST.txt
2014-01-14 19:10 - 2014-01-14 19:10 - 00000000 ____D C:\FRST
2014-01-14 19:09 - 2014-01-14 19:09 - 02075648 _____ (Farbar) C:\Users\Becky\Downloads\FRST64.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00029696 _____ C:\Users\Becky\AppData\Local\MSGBOX.EXE
2014-01-14 19:09 - 2014-01-14 19:09 - 00015327 _____ C:\Users\Becky\Desktop\LM.bat
2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload
2014-01-14 19:07 - 2014-01-14 19:07 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload
2014-01-14 19:05 - 2014-01-14 19:05 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload
2014-01-14 19:00 - 2014-01-14 19:00 - 02075648 _____ (Farbar) C:\Users\Becky\Desktop\FRST64.exe
2014-01-14 19:00 - 2014-01-14 19:00 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Desktop\FRSTLauncher.exe
2014-01-14 18:59 - 2014-01-14 18:59 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 18:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-14 18:54 - 2014-01-14 18:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:53 - 2014-01-14 18:53 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-14 18:53 - 2014-01-14 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 18:52 - 2014-01-14 18:52 - 11063632 _____ C:\Users\Becky\Downloads\cc-setup.exe
2014-01-14 18:43 - 2014-01-14 18:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 18:41 - 2014-01-14 18:41 - 00001698 _____ C:\Windows\system32\.crusader
2014-01-14 18:19 - 2014-01-14 18:42 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 06:57 - 2014-01-14 18:26 - 00000000 _____ C:\ProgramData\hj67t9rj3.odd
2014-01-11 19:50 - 2014-01-11 22:39 - 1520795648 _____ C:\Users\Becky\Downloads\Veľká-svadba-(2013)-1.avi
2014-01-05 13:06 - 2014-01-05 13:07 - 00000000 ____D C:\Users\Becky\Desktop\PV
2014-01-04 19:49 - 2014-01-04 20:26 - 651751424 _____ C:\Users\Becky\Downloads\neverhood.iso
2014-01-04 19:42 - 2014-01-04 19:42 - 00000000 ____D C:\TEMPNEV
2014-01-03 17:00 - 2014-01-03 17:00 - 01489920 _____ C:\Users\Becky\Downloads\akcel.xls
2013-12-30 17:02 - 2013-12-30 17:02 - 00060928 _____ C:\Users\Becky\Downloads\L850862_131215_139096.xls
2013-12-16 21:50 - 2013-12-16 21:50 - 00027551 _____ C:\Users\Becky\Downloads\PF 2014.zip
==================== One Month Modified Files and Folders =======
2014-01-14 19:11 - 2014-01-14 19:10 - 00014289 _____ C:\Users\Becky\Desktop\FRST.txt
2014-01-14 19:10 - 2014-01-14 19:10 - 00000000 ____D C:\FRST
2014-01-14 19:09 - 2014-01-14 19:09 - 02075648 _____ (Farbar) C:\Users\Becky\Downloads\FRST64.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00029696 _____ C:\Users\Becky\AppData\Local\MSGBOX.EXE
2014-01-14 19:09 - 2014-01-14 19:09 - 00015327 _____ C:\Users\Becky\Desktop\LM.bat
2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload
2014-01-14 19:07 - 2014-01-14 19:07 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload
2014-01-14 19:05 - 2014-01-14 19:05 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload
2014-01-14 19:00 - 2014-01-14 19:00 - 02075648 _____ (Farbar) C:\Users\Becky\Desktop\FRST64.exe
2014-01-14 19:00 - 2014-01-14 19:00 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Desktop\FRSTLauncher.exe
2014-01-14 18:59 - 2014-01-14 18:59 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 18:58 - 2012-03-13 21:31 - 00000000 ____D C:\Windows\Panther
2014-01-14 18:58 - 2012-03-13 14:10 - 00000000 ____D C:\Users\Becky\AppData\Roaming\FileZilla
2014-01-14 18:54 - 2014-01-14 18:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:53 - 2014-01-14 18:53 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-14 18:53 - 2014-01-14 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 18:52 - 2014-01-14 18:52 - 11063632 _____ C:\Users\Becky\Downloads\cc-setup.exe
2014-01-14 18:49 - 2012-03-13 12:35 - 01880706 ____N C:\Windows\WindowsUpdate.log
2014-01-14 18:48 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 18:48 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 18:43 - 2014-01-14 18:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 18:43 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 18:42 - 2014-01-14 18:19 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 18:41 - 2014-01-14 18:41 - 00001698 _____ C:\Windows\system32\.crusader
2014-01-14 18:41 - 2012-03-13 12:44 - 00000000 ___RD C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-14 18:35 - 2012-03-13 14:38 - 00000000 ____D C:\ProgramData\MFAData
2014-01-14 18:33 - 2009-07-14 06:08 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-14 18:26 - 2014-01-14 06:57 - 00000000 _____ C:\ProgramData\hj67t9rj3.odd
2014-01-13 20:57 - 2012-04-18 14:45 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Skype
2014-01-11 22:46 - 2012-03-14 19:08 - 00000000 ____D C:\Users\Becky\AppData\Roaming\vlc
2014-01-11 22:39 - 2014-01-11 19:50 - 1520795648 _____ C:\Users\Becky\Downloads\Veľká-svadba-(2013)-1.avi
2014-01-09 18:58 - 2009-07-26 19:41 - 00666444 _____ C:\Windows\system32\perfh005.dat
2014-01-09 18:58 - 2009-07-26 19:41 - 00140108 _____ C:\Windows\system32\perfc005.dat
2014-01-09 18:58 - 2009-07-14 06:13 - 01576554 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 16:35 - 2012-03-13 16:59 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2014-01-05 13:07 - 2014-01-05 13:06 - 00000000 ____D C:\Users\Becky\Desktop\PV
2014-01-04 20:26 - 2014-01-04 19:49 - 651751424 _____ C:\Users\Becky\Downloads\neverhood.iso
2014-01-04 19:42 - 2014-01-04 19:42 - 00000000 ____D C:\TEMPNEV
2014-01-03 17:00 - 2014-01-03 17:00 - 01489920 _____ C:\Users\Becky\Downloads\akcel.xls
2013-12-30 17:02 - 2013-12-30 17:02 - 00060928 _____ C:\Users\Becky\Downloads\L850862_131215_139096.xls
2013-12-16 21:50 - 2013-12-16 21:50 - 00027551 _____ C:\Users\Becky\Downloads\PF 2014.zip
2013-12-16 20:32 - 2013-11-11 21:50 - 00023552 _____ C:\Users\Becky\Desktop\HB2-FMMI.xls
Files to move or delete:
====================
C:\ProgramData\hj67t9rj3.odd
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 17:22
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2014 01
Ran by Becky (administrator) on BECKY-ACER5630G on 14-01-2014 19:10:41
Running from C:\Users\Becky\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(QIP.ru) C:\Users\Becky\AppData\Roaming\QipGuard\QipGuard.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(QIP.ru) C:\Program Files (x86)\QipGuard\QipGuard.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Users\Becky\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Becky\AppData\Local\Google\Chrome\Application\chrome.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Google Inc.) C:\Users\Becky\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Users\Becky\AppData\Local\MSGBOX.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2009-11-20] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1130504 2012-03-13] (Dritek System Inc.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2486296 2014-01-09] ()
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [160840 2012-04-03] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [QIP Internet Guardian] - C:\Users\Becky\AppData\Roaming\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17355912 2012-05-03] (Skype Technologies S.A.)
HKCU\...\Run: [Infium] - C:\Program Files (x86)\QIP 2012\qip.exe [7097296 2011-10-12] (QIP)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={9469 ... 2012-03-13 16:59:48&v=17.0.1.12&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Becky\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.3.0.49\AVG Secure Search_toolbar.dll (AVG Secure Search)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR RestoreOnStartup: "tabs": {
"use_compact_navigation_bar": false,
"use_vertical_tabs"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\pdf.dll ()
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Cryptoplus KB \u2013 podepisovac\u00ED modul) - C:\Users\Becky\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (AVG Security Toolbar) - C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.3.0.49_0 [2014-01-09]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-09]
==================== Services (Whitelisted) =================
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-09] (AVG Secure Search)
==================== Drivers (Whitelisted) ====================
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-14] ()
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [63264 2012-03-13] (O2Micro )
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-14 19:10 - 2014-01-14 19:11 - 00014289 _____ C:\Users\Becky\Desktop\FRST.txt
2014-01-14 19:10 - 2014-01-14 19:10 - 00000000 ____D C:\FRST
2014-01-14 19:09 - 2014-01-14 19:09 - 02075648 _____ (Farbar) C:\Users\Becky\Downloads\FRST64.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00029696 _____ C:\Users\Becky\AppData\Local\MSGBOX.EXE
2014-01-14 19:09 - 2014-01-14 19:09 - 00015327 _____ C:\Users\Becky\Desktop\LM.bat
2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload
2014-01-14 19:07 - 2014-01-14 19:07 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload
2014-01-14 19:05 - 2014-01-14 19:05 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload
2014-01-14 19:00 - 2014-01-14 19:00 - 02075648 _____ (Farbar) C:\Users\Becky\Desktop\FRST64.exe
2014-01-14 19:00 - 2014-01-14 19:00 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Desktop\FRSTLauncher.exe
2014-01-14 18:59 - 2014-01-14 18:59 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 18:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-14 18:54 - 2014-01-14 18:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:53 - 2014-01-14 18:53 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-14 18:53 - 2014-01-14 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 18:52 - 2014-01-14 18:52 - 11063632 _____ C:\Users\Becky\Downloads\cc-setup.exe
2014-01-14 18:43 - 2014-01-14 18:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 18:41 - 2014-01-14 18:41 - 00001698 _____ C:\Windows\system32\.crusader
2014-01-14 18:19 - 2014-01-14 18:42 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 06:57 - 2014-01-14 18:26 - 00000000 _____ C:\ProgramData\hj67t9rj3.odd
2014-01-11 19:50 - 2014-01-11 22:39 - 1520795648 _____ C:\Users\Becky\Downloads\Veľká-svadba-(2013)-1.avi
2014-01-05 13:06 - 2014-01-05 13:07 - 00000000 ____D C:\Users\Becky\Desktop\PV
2014-01-04 19:49 - 2014-01-04 20:26 - 651751424 _____ C:\Users\Becky\Downloads\neverhood.iso
2014-01-04 19:42 - 2014-01-04 19:42 - 00000000 ____D C:\TEMPNEV
2014-01-03 17:00 - 2014-01-03 17:00 - 01489920 _____ C:\Users\Becky\Downloads\akcel.xls
2013-12-30 17:02 - 2013-12-30 17:02 - 00060928 _____ C:\Users\Becky\Downloads\L850862_131215_139096.xls
2013-12-16 21:50 - 2013-12-16 21:50 - 00027551 _____ C:\Users\Becky\Downloads\PF 2014.zip
==================== One Month Modified Files and Folders =======
2014-01-14 19:11 - 2014-01-14 19:10 - 00014289 _____ C:\Users\Becky\Desktop\FRST.txt
2014-01-14 19:10 - 2014-01-14 19:10 - 00000000 ____D C:\FRST
2014-01-14 19:09 - 2014-01-14 19:09 - 02075648 _____ (Farbar) C:\Users\Becky\Downloads\FRST64.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00029696 _____ C:\Users\Becky\AppData\Local\MSGBOX.EXE
2014-01-14 19:09 - 2014-01-14 19:09 - 00015327 _____ C:\Users\Becky\Desktop\LM.bat
2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload
2014-01-14 19:07 - 2014-01-14 19:07 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload
2014-01-14 19:05 - 2014-01-14 19:05 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload
2014-01-14 19:00 - 2014-01-14 19:00 - 02075648 _____ (Farbar) C:\Users\Becky\Desktop\FRST64.exe
2014-01-14 19:00 - 2014-01-14 19:00 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Desktop\FRSTLauncher.exe
2014-01-14 18:59 - 2014-01-14 18:59 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 18:58 - 2012-03-13 21:31 - 00000000 ____D C:\Windows\Panther
2014-01-14 18:58 - 2012-03-13 14:10 - 00000000 ____D C:\Users\Becky\AppData\Roaming\FileZilla
2014-01-14 18:54 - 2014-01-14 18:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:53 - 2014-01-14 18:53 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-14 18:53 - 2014-01-14 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 18:52 - 2014-01-14 18:52 - 11063632 _____ C:\Users\Becky\Downloads\cc-setup.exe
2014-01-14 18:49 - 2012-03-13 12:35 - 01880706 ____N C:\Windows\WindowsUpdate.log
2014-01-14 18:48 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 18:48 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 18:43 - 2014-01-14 18:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 18:43 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 18:42 - 2014-01-14 18:19 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 18:41 - 2014-01-14 18:41 - 00001698 _____ C:\Windows\system32\.crusader
2014-01-14 18:41 - 2012-03-13 12:44 - 00000000 ___RD C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-14 18:35 - 2012-03-13 14:38 - 00000000 ____D C:\ProgramData\MFAData
2014-01-14 18:33 - 2009-07-14 06:08 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-14 18:26 - 2014-01-14 06:57 - 00000000 _____ C:\ProgramData\hj67t9rj3.odd
2014-01-13 20:57 - 2012-04-18 14:45 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Skype
2014-01-11 22:46 - 2012-03-14 19:08 - 00000000 ____D C:\Users\Becky\AppData\Roaming\vlc
2014-01-11 22:39 - 2014-01-11 19:50 - 1520795648 _____ C:\Users\Becky\Downloads\Veľká-svadba-(2013)-1.avi
2014-01-09 18:58 - 2009-07-26 19:41 - 00666444 _____ C:\Windows\system32\perfh005.dat
2014-01-09 18:58 - 2009-07-26 19:41 - 00140108 _____ C:\Windows\system32\perfc005.dat
2014-01-09 18:58 - 2009-07-14 06:13 - 01576554 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 16:35 - 2012-03-13 16:59 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2014-01-05 13:07 - 2014-01-05 13:06 - 00000000 ____D C:\Users\Becky\Desktop\PV
2014-01-04 20:26 - 2014-01-04 19:49 - 651751424 _____ C:\Users\Becky\Downloads\neverhood.iso
2014-01-04 19:42 - 2014-01-04 19:42 - 00000000 ____D C:\TEMPNEV
2014-01-03 17:00 - 2014-01-03 17:00 - 01489920 _____ C:\Users\Becky\Downloads\akcel.xls
2013-12-30 17:02 - 2013-12-30 17:02 - 00060928 _____ C:\Users\Becky\Downloads\L850862_131215_139096.xls
2013-12-16 21:50 - 2013-12-16 21:50 - 00027551 _____ C:\Users\Becky\Downloads\PF 2014.zip
2013-12-16 20:32 - 2013-11-11 21:50 - 00023552 _____ C:\Users\Becky\Desktop\HB2-FMMI.xls
Files to move or delete:
====================
C:\ProgramData\hj67t9rj3.odd
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 17:22
==================== End Of Log ============================
- Přílohy
-
- Addition.rar
- (5.5 KiB) Staženo 60 x
Re: Vir Policie Cr + Interpol
Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna doamci verze 
Trvate na AVG, u nas neni moc obliben - vyssi zatez systemu, slabsi detekci, spise takova parodie na antivir Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Scan a nasledne Clean
- Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vir Policie Cr + Interpol
Log:
# AdwCleaner v3.017 - Report created 14/01/2014 at 20:29:53
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Becky - BECKY-ACER5630G
# Running from : C:\Users\Becky\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : vToolbarUpdater17.3.0
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Becky\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Becky\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Becky\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16421
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
-\\ Google Chrome v
[ File : C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7680 octets] - [14/01/2014 20:29:02]
AdwCleaner[S0].txt - [7338 octets] - [14/01/2014 20:29:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7398 octets] ##########
Jinak systém originál asi nebude, ale nevím jistě. Instaloval ho přítelkyni na notebook nějaký její kamarád (IT pracovník). Na AVG nelpíme.
# AdwCleaner v3.017 - Report created 14/01/2014 at 20:29:53
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Becky - BECKY-ACER5630G
# Running from : C:\Users\Becky\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : vToolbarUpdater17.3.0
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Becky\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Becky\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Becky\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16421
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
-\\ Google Chrome v
[ File : C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [7680 octets] - [14/01/2014 20:29:02]
AdwCleaner[S0].txt - [7338 octets] - [14/01/2014 20:29:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7398 octets] ##########
Jinak systém originál asi nebude, ale nevím jistě. Instaloval ho přítelkyni na notebook nějaký její kamarád (IT pracovník). Na AVG nelpíme.
Re: Vir Policie Cr + Interpol
Kamarad ma pritelkyni asi hodne rad kdyz ji da licenci na windows skoro za desitku Nebo spise bude jak vy rikate ne-original, tudiz ji ma jeste radsi, kdyz ji vedomne vystavuje riziku trestniho stihani za poruseni licencnich podminek Tentokrate to dolecime, ale priste bude pomoc s nelegalnim systemem odmitnuta - v souladu s pravidly naseho fora a chartou mezinarodni aliance ASAP jejiz jsme cleny Avg je spise parodie na antivir 
Odinstalujte Avg a pak pouzijte jeste http://download.avg.com/filedir/util/su ... 4_4116.exe Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92 Udelejte novy log z FRSTLauncheru"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vir Policie Cr + Interpol
Ad 1) Děkuji za upozornění.
Ad 2) Děkuji.
Ono tady byl ofiko systém (Win Vista), ale pro nepříjemné prostředí si ho nechala přítelkyně přeinstalovat a nějak to neřešila. Ono dneska stejně koupit notebook bez systém je hloupost, bo se systémem stojí prakticky stejně jako bez něj.
Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by Becky (administrator) on BECKY-ACER5630G on 15-01-2014 00:01:58
Running from C:\Users\Becky\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
The only official downoad link fo FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(QIP.ru) C:\Program Files (x86)\QipGuard\QipGuard.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(QIP.ru) C:\Users\Becky\AppData\Roaming\QipGuard\QipGuard.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2009-11-20] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1130504 2012-03-13] (Dritek System Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [160840 2012-04-03] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-14] (AVAST Software)
HKCU\...\Run: [QIP Internet Guardian] - C:\Users\Becky\AppData\Roaming\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17355912 2012-05-03] (Skype Technologies S.A.)
HKCU\...\Run: [Infium] - C:\Program Files (x86)\QIP 2012\qip.exe [7097296 2011-10-12] (QIP)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name - {95289393-33EA-4F8D-B952-483415B9C955} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR RestoreOnStartup: "tabs": {
"use_compact_navigation_bar": false,
"use_vertical_tabs"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\pdf.dll ()
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Cryptoplus KB \u2013 podepisovac\u00ED modul) - C:\Users\Becky\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-14]
==================== Services (Whitelisted) =================
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-14] (AVAST Software)
R2 QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-14] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-14] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-14] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-14] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-14] ()
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [63264 2012-03-13] (O2Micro )
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-15 00:01 - 2014-01-15 00:02 - 00011986 _____ C:\Users\Becky\Desktop\FRST.txt
2014-01-15 00:01 - 2014-01-15 00:01 - 00029696 _____ C:\Users\Becky\AppData\Local\MSGBOX.EXE
2014-01-15 00:01 - 2014-01-15 00:01 - 00015327 _____ C:\Users\Becky\Desktop\LM.bat
2014-01-15 00:01 - 2014-01-15 00:01 - 00000000 ____D C:\Users\Becky\Desktop\FRST-OlderVersion
2014-01-14 23:55 - 2014-01-14 23:55 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-14 23:55 - 2014-01-14 23:55 - 00000000 ____D C:\Users\Becky\AppData\Roaming\AVAST Software
2014-01-14 23:54 - 2014-01-14 23:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-14 23:54 - 2014-01-14 23:54 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-14 23:54 - 2014-01-14 23:54 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1389740096
2014-01-14 23:54 - 2014-01-14 23:54 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-14 23:53 - 2014-01-14 23:53 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-14 23:53 - 2014-01-14 23:53 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-14 23:44 - 2014-01-14 23:51 - 91417072 _____ (AVAST Software) C:\Users\Becky\Downloads\avast_free_antivirus_setup_rcn.exe
2014-01-14 23:41 - 2014-01-14 23:41 - 00000056 _____ C:\Windows\setupact.log
2014-01-14 23:41 - 2014-01-14 23:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-14 23:40 - 2014-01-14 23:40 - 00014260 _____ C:\Windows\PFRO.log
2014-01-14 23:20 - 2014-01-14 23:20 - 00000057 _____ C:\Users\Becky\Downloads\avgremover.log
2014-01-14 23:12 - 2014-01-14 23:12 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Becky\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-01-14 22:45 - 2014-01-14 22:45 - 01940480 _____ C:\Users\Becky\Downloads\DP_BEC080 oprava.ppt
2014-01-14 22:40 - 2014-01-14 22:44 - 01940480 _____ C:\Users\Becky\Desktop\DP_BEC080 oprava.ppt
2014-01-14 22:25 - 2014-01-14 22:26 - 01945600 _____ C:\Users\Becky\Downloads\DP_BEC080.ppt
2014-01-14 21:18 - 2014-01-14 21:18 - 00059666 _____ C:\Users\Becky\Documents\cc_20140114_211841.reg
2014-01-14 20:28 - 2014-01-14 20:30 - 00000000 ____D C:\AdwCleaner
2014-01-14 20:28 - 2014-01-14 20:28 - 01236282 _____ C:\Users\Becky\Downloads\adwcleaner.exe
2014-01-14 19:14 - 2014-01-14 19:14 - 00005628 _____ C:\Users\Becky\Desktop\Addition.rar
2014-01-14 19:10 - 2014-01-15 00:01 - 00000000 ____D C:\FRST
2014-01-14 19:09 - 2014-01-14 19:09 - 02075648 _____ (Farbar) C:\Users\Becky\Downloads\FRST64.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload
2014-01-14 19:07 - 2014-01-14 19:07 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload
2014-01-14 19:05 - 2014-01-14 19:05 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload
2014-01-14 19:00 - 2014-01-15 00:01 - 02076160 _____ (Farbar) C:\Users\Becky\Desktop\FRST64.exe
2014-01-14 18:59 - 2014-01-14 18:59 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 18:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-14 18:54 - 2014-01-14 18:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:53 - 2014-01-14 18:53 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-14 18:53 - 2014-01-14 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 18:52 - 2014-01-14 18:52 - 11063632 _____ C:\Users\Becky\Downloads\cc-setup.exe
2014-01-14 18:43 - 2014-01-14 18:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 18:41 - 2014-01-14 18:41 - 00001698 _____ C:\Windows\system32\.crusader
2014-01-14 18:19 - 2014-01-14 18:42 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 06:57 - 2014-01-14 18:26 - 00000000 _____ C:\ProgramData\hj67t9rj3.odd
2014-01-11 19:50 - 2014-01-11 22:39 - 1520795648 _____ C:\Users\Becky\Downloads\Veľká-svadba-(2013)-1.avi
2014-01-05 13:06 - 2014-01-05 13:07 - 00000000 ____D C:\Users\Becky\Desktop\PV
2014-01-04 19:49 - 2014-01-04 20:26 - 651751424 _____ C:\Users\Becky\Downloads\neverhood.iso
2014-01-04 19:42 - 2014-01-04 19:42 - 00000000 ____D C:\TEMPNEV
2014-01-03 17:00 - 2014-01-03 17:00 - 01489920 _____ C:\Users\Becky\Downloads\akcel.xls
2013-12-30 17:02 - 2013-12-30 17:02 - 00060928 _____ C:\Users\Becky\Downloads\L850862_131215_139096.xls
2013-12-16 21:50 - 2013-12-16 21:50 - 00027551 _____ C:\Users\Becky\Downloads\PF 2014.zip
==================== One Month Modified Files and Folders =======
2014-01-15 00:02 - 2014-01-15 00:01 - 00011986 _____ C:\Users\Becky\Desktop\FRST.txt
2014-01-15 00:01 - 2014-01-15 00:01 - 00029696 _____ C:\Users\Becky\AppData\Local\MSGBOX.EXE
2014-01-15 00:01 - 2014-01-15 00:01 - 00015327 _____ C:\Users\Becky\Desktop\LM.bat
2014-01-15 00:01 - 2014-01-15 00:01 - 00000000 ____D C:\Users\Becky\Desktop\FRST-OlderVersion
2014-01-15 00:01 - 2014-01-14 19:10 - 00000000 ____D C:\FRST
2014-01-15 00:01 - 2014-01-14 19:00 - 02076160 _____ (Farbar) C:\Users\Becky\Desktop\FRST64.exe
2014-01-14 23:55 - 2014-01-14 23:55 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-14 23:55 - 2014-01-14 23:55 - 00000000 ____D C:\Users\Becky\AppData\Roaming\AVAST Software
2014-01-14 23:55 - 2014-01-14 23:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-14 23:54 - 2014-01-14 23:54 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-14 23:54 - 2014-01-14 23:54 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1389740096
2014-01-14 23:54 - 2014-01-14 23:54 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-14 23:53 - 2014-01-14 23:53 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-14 23:53 - 2014-01-14 23:53 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-14 23:51 - 2014-01-14 23:44 - 91417072 _____ (AVAST Software) C:\Users\Becky\Downloads\avast_free_antivirus_setup_rcn.exe
2014-01-14 23:47 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 23:47 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 23:46 - 2012-03-13 12:35 - 01966756 _____ C:\Windows\WindowsUpdate.log
2014-01-14 23:41 - 2014-01-14 23:41 - 00000056 _____ C:\Windows\setupact.log
2014-01-14 23:41 - 2014-01-14 23:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-14 23:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 23:40 - 2014-01-14 23:40 - 00014260 _____ C:\Windows\PFRO.log
2014-01-14 23:40 - 2012-03-13 14:38 - 00000000 ____D C:\ProgramData\MFAData
2014-01-14 23:20 - 2014-01-14 23:20 - 00000057 _____ C:\Users\Becky\Downloads\avgremover.log
2014-01-14 23:12 - 2014-01-14 23:12 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Becky\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-01-14 22:45 - 2014-01-14 22:45 - 01940480 _____ C:\Users\Becky\Downloads\DP_BEC080 oprava.ppt
2014-01-14 22:44 - 2014-01-14 22:40 - 01940480 _____ C:\Users\Becky\Desktop\DP_BEC080 oprava.ppt
2014-01-14 22:26 - 2014-01-14 22:25 - 01945600 _____ C:\Users\Becky\Downloads\DP_BEC080.ppt
2014-01-14 21:18 - 2014-01-14 21:18 - 00059666 _____ C:\Users\Becky\Documents\cc_20140114_211841.reg
2014-01-14 20:30 - 2014-01-14 20:28 - 00000000 ____D C:\AdwCleaner
2014-01-14 20:28 - 2014-01-14 20:28 - 01236282 _____ C:\Users\Becky\Downloads\adwcleaner.exe
2014-01-14 19:14 - 2014-01-14 19:14 - 00005628 _____ C:\Users\Becky\Desktop\Addition.rar
2014-01-14 19:09 - 2014-01-14 19:09 - 02075648 _____ (Farbar) C:\Users\Becky\Downloads\FRST64.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload
2014-01-14 19:07 - 2014-01-14 19:07 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload
2014-01-14 19:05 - 2014-01-14 19:05 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload
2014-01-14 18:59 - 2014-01-14 18:59 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 18:58 - 2012-03-13 21:31 - 00000000 ____D C:\Windows\Panther
2014-01-14 18:58 - 2012-03-13 14:10 - 00000000 ____D C:\Users\Becky\AppData\Roaming\FileZilla
2014-01-14 18:54 - 2014-01-14 18:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:53 - 2014-01-14 18:53 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-14 18:53 - 2014-01-14 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 18:52 - 2014-01-14 18:52 - 11063632 _____ C:\Users\Becky\Downloads\cc-setup.exe
2014-01-14 18:43 - 2014-01-14 18:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 18:42 - 2014-01-14 18:19 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 18:41 - 2014-01-14 18:41 - 00001698 _____ C:\Windows\system32\.crusader
2014-01-14 18:41 - 2012-03-13 12:44 - 00000000 ___RD C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-14 18:33 - 2009-07-14 06:08 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-14 18:26 - 2014-01-14 06:57 - 00000000 _____ C:\ProgramData\hj67t9rj3.odd
2014-01-13 20:57 - 2012-04-18 14:45 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Skype
2014-01-11 22:46 - 2012-03-14 19:08 - 00000000 ____D C:\Users\Becky\AppData\Roaming\vlc
2014-01-11 22:39 - 2014-01-11 19:50 - 1520795648 _____ C:\Users\Becky\Downloads\Veľká-svadba-(2013)-1.avi
2014-01-09 18:58 - 2009-07-26 19:41 - 00666444 _____ C:\Windows\system32\perfh005.dat
2014-01-09 18:58 - 2009-07-26 19:41 - 00140108 _____ C:\Windows\system32\perfc005.dat
2014-01-09 18:58 - 2009-07-14 06:13 - 01576554 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-05 13:07 - 2014-01-05 13:06 - 00000000 ____D C:\Users\Becky\Desktop\PV
2014-01-04 20:26 - 2014-01-04 19:49 - 651751424 _____ C:\Users\Becky\Downloads\neverhood.iso
2014-01-04 19:42 - 2014-01-04 19:42 - 00000000 ____D C:\TEMPNEV
2014-01-03 17:00 - 2014-01-03 17:00 - 01489920 _____ C:\Users\Becky\Downloads\akcel.xls
2013-12-30 17:02 - 2013-12-30 17:02 - 00060928 _____ C:\Users\Becky\Downloads\L850862_131215_139096.xls
2013-12-16 21:50 - 2013-12-16 21:50 - 00027551 _____ C:\Users\Becky\Downloads\PF 2014.zip
2013-12-16 20:32 - 2013-11-11 21:50 - 00023552 _____ C:\Users\Becky\Desktop\HB2-FMMI.xls
Files to move or delete:
====================
C:\ProgramData\hj67t9rj3.odd
Some content of TEMP:
====================
C:\Users\Becky\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 17:22
==================== End Of Log ============================
Ad 2) Děkuji.
Ono tady byl ofiko systém (Win Vista), ale pro nepříjemné prostředí si ho nechala přítelkyně přeinstalovat a nějak to neřešila. Ono dneska stejně koupit notebook bez systém je hloupost, bo se systémem stojí prakticky stejně jako bez něj.
Log:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by Becky (administrator) on BECKY-ACER5630G on 15-01-2014 00:01:58
Running from C:\Users\Becky\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal
The only official downoad link fo FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(QIP.ru) C:\Program Files (x86)\QipGuard\QipGuard.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(QIP.ru) C:\Users\Becky\AppData\Roaming\QipGuard\QipGuard.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\PING.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2012-03-13] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [200704 2009-11-20] ()
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1130504 2012-03-13] (Dritek System Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [160840 2012-04-03] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-14] (AVAST Software)
HKCU\...\Run: [QIP Internet Guardian] - C:\Users\Becky\AppData\Roaming\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17355912 2012-05-03] (Skype Technologies S.A.)
HKCU\...\Run: [Infium] - C:\Program Files (x86)\QIP 2012\qip.exe [7097296 2011-10-12] (QIP)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: No Name - {95289393-33EA-4F8D-B952-483415B9C955} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR RestoreOnStartup: "tabs": {
"use_compact_navigation_bar": false,
"use_vertical_tabs"
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Becky\AppData\Local\Google\Chrome\Application\15.0.874.102\pdf.dll ()
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U5) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Cryptoplus KB \u2013 podepisovac\u00ED modul) - C:\Users\Becky\AppData\Roaming\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
CHR Plugin: (Java Deployment Toolkit 7.0.50.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-14]
==================== Services (Whitelisted) =================
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-14] (AVAST Software)
R2 QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-01-14] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-14] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-14] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-14] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-14] ()
R3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [63264 2012-03-13] (O2Micro )
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [103224 2009-12-03] (WIBU-SYSTEMS AG)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-15 00:01 - 2014-01-15 00:02 - 00011986 _____ C:\Users\Becky\Desktop\FRST.txt
2014-01-15 00:01 - 2014-01-15 00:01 - 00029696 _____ C:\Users\Becky\AppData\Local\MSGBOX.EXE
2014-01-15 00:01 - 2014-01-15 00:01 - 00015327 _____ C:\Users\Becky\Desktop\LM.bat
2014-01-15 00:01 - 2014-01-15 00:01 - 00000000 ____D C:\Users\Becky\Desktop\FRST-OlderVersion
2014-01-14 23:55 - 2014-01-14 23:55 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-14 23:55 - 2014-01-14 23:55 - 00000000 ____D C:\Users\Becky\AppData\Roaming\AVAST Software
2014-01-14 23:54 - 2014-01-14 23:55 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-14 23:54 - 2014-01-14 23:54 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-14 23:54 - 2014-01-14 23:54 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1389740096
2014-01-14 23:54 - 2014-01-14 23:54 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-14 23:53 - 2014-01-14 23:53 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-14 23:53 - 2014-01-14 23:53 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-14 23:44 - 2014-01-14 23:51 - 91417072 _____ (AVAST Software) C:\Users\Becky\Downloads\avast_free_antivirus_setup_rcn.exe
2014-01-14 23:41 - 2014-01-14 23:41 - 00000056 _____ C:\Windows\setupact.log
2014-01-14 23:41 - 2014-01-14 23:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-14 23:40 - 2014-01-14 23:40 - 00014260 _____ C:\Windows\PFRO.log
2014-01-14 23:20 - 2014-01-14 23:20 - 00000057 _____ C:\Users\Becky\Downloads\avgremover.log
2014-01-14 23:12 - 2014-01-14 23:12 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Becky\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-01-14 22:45 - 2014-01-14 22:45 - 01940480 _____ C:\Users\Becky\Downloads\DP_BEC080 oprava.ppt
2014-01-14 22:40 - 2014-01-14 22:44 - 01940480 _____ C:\Users\Becky\Desktop\DP_BEC080 oprava.ppt
2014-01-14 22:25 - 2014-01-14 22:26 - 01945600 _____ C:\Users\Becky\Downloads\DP_BEC080.ppt
2014-01-14 21:18 - 2014-01-14 21:18 - 00059666 _____ C:\Users\Becky\Documents\cc_20140114_211841.reg
2014-01-14 20:28 - 2014-01-14 20:30 - 00000000 ____D C:\AdwCleaner
2014-01-14 20:28 - 2014-01-14 20:28 - 01236282 _____ C:\Users\Becky\Downloads\adwcleaner.exe
2014-01-14 19:14 - 2014-01-14 19:14 - 00005628 _____ C:\Users\Becky\Desktop\Addition.rar
2014-01-14 19:10 - 2014-01-15 00:01 - 00000000 ____D C:\FRST
2014-01-14 19:09 - 2014-01-14 19:09 - 02075648 _____ (Farbar) C:\Users\Becky\Downloads\FRST64.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload
2014-01-14 19:07 - 2014-01-14 19:07 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload
2014-01-14 19:05 - 2014-01-14 19:05 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload
2014-01-14 19:00 - 2014-01-15 00:01 - 02076160 _____ (Farbar) C:\Users\Becky\Desktop\FRST64.exe
2014-01-14 18:59 - 2014-01-14 18:59 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 18:58 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-14 18:54 - 2014-01-14 18:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:53 - 2014-01-14 18:53 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-14 18:53 - 2014-01-14 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 18:52 - 2014-01-14 18:52 - 11063632 _____ C:\Users\Becky\Downloads\cc-setup.exe
2014-01-14 18:43 - 2014-01-14 18:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 18:41 - 2014-01-14 18:41 - 00001698 _____ C:\Windows\system32\.crusader
2014-01-14 18:19 - 2014-01-14 18:42 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 06:57 - 2014-01-14 18:26 - 00000000 _____ C:\ProgramData\hj67t9rj3.odd
2014-01-11 19:50 - 2014-01-11 22:39 - 1520795648 _____ C:\Users\Becky\Downloads\Veľká-svadba-(2013)-1.avi
2014-01-05 13:06 - 2014-01-05 13:07 - 00000000 ____D C:\Users\Becky\Desktop\PV
2014-01-04 19:49 - 2014-01-04 20:26 - 651751424 _____ C:\Users\Becky\Downloads\neverhood.iso
2014-01-04 19:42 - 2014-01-04 19:42 - 00000000 ____D C:\TEMPNEV
2014-01-03 17:00 - 2014-01-03 17:00 - 01489920 _____ C:\Users\Becky\Downloads\akcel.xls
2013-12-30 17:02 - 2013-12-30 17:02 - 00060928 _____ C:\Users\Becky\Downloads\L850862_131215_139096.xls
2013-12-16 21:50 - 2013-12-16 21:50 - 00027551 _____ C:\Users\Becky\Downloads\PF 2014.zip
==================== One Month Modified Files and Folders =======
2014-01-15 00:02 - 2014-01-15 00:01 - 00011986 _____ C:\Users\Becky\Desktop\FRST.txt
2014-01-15 00:01 - 2014-01-15 00:01 - 00029696 _____ C:\Users\Becky\AppData\Local\MSGBOX.EXE
2014-01-15 00:01 - 2014-01-15 00:01 - 00015327 _____ C:\Users\Becky\Desktop\LM.bat
2014-01-15 00:01 - 2014-01-15 00:01 - 00000000 ____D C:\Users\Becky\Desktop\FRST-OlderVersion
2014-01-15 00:01 - 2014-01-14 19:10 - 00000000 ____D C:\FRST
2014-01-15 00:01 - 2014-01-14 19:00 - 02076160 _____ (Farbar) C:\Users\Becky\Desktop\FRST64.exe
2014-01-14 23:55 - 2014-01-14 23:55 - 00001966 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-01-14 23:55 - 2014-01-14 23:55 - 00000000 ____D C:\Users\Becky\AppData\Roaming\AVAST Software
2014-01-14 23:55 - 2014-01-14 23:54 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-14 23:54 - 2014-01-14 23:54 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-14 23:54 - 2014-01-14 23:54 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00082744 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys.1389740096
2014-01-14 23:54 - 2014-01-14 23:54 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2014-01-14 23:54 - 2014-01-14 23:54 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-14 23:53 - 2014-01-14 23:53 - 00000000 ____D C:\ProgramData\AVAST Software
2014-01-14 23:53 - 2014-01-14 23:53 - 00000000 ____D C:\Program Files\AVAST Software
2014-01-14 23:51 - 2014-01-14 23:44 - 91417072 _____ (AVAST Software) C:\Users\Becky\Downloads\avast_free_antivirus_setup_rcn.exe
2014-01-14 23:47 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-14 23:47 - 2009-07-14 05:45 - 00010016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 23:46 - 2012-03-13 12:35 - 01966756 _____ C:\Windows\WindowsUpdate.log
2014-01-14 23:41 - 2014-01-14 23:41 - 00000056 _____ C:\Windows\setupact.log
2014-01-14 23:41 - 2014-01-14 23:41 - 00000000 _____ C:\Windows\setuperr.log
2014-01-14 23:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-14 23:40 - 2014-01-14 23:40 - 00014260 _____ C:\Windows\PFRO.log
2014-01-14 23:40 - 2012-03-13 14:38 - 00000000 ____D C:\ProgramData\MFAData
2014-01-14 23:20 - 2014-01-14 23:20 - 00000057 _____ C:\Users\Becky\Downloads\avgremover.log
2014-01-14 23:12 - 2014-01-14 23:12 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Becky\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-01-14 22:45 - 2014-01-14 22:45 - 01940480 _____ C:\Users\Becky\Downloads\DP_BEC080 oprava.ppt
2014-01-14 22:44 - 2014-01-14 22:40 - 01940480 _____ C:\Users\Becky\Desktop\DP_BEC080 oprava.ppt
2014-01-14 22:26 - 2014-01-14 22:25 - 01945600 _____ C:\Users\Becky\Downloads\DP_BEC080.ppt
2014-01-14 21:18 - 2014-01-14 21:18 - 00059666 _____ C:\Users\Becky\Documents\cc_20140114_211841.reg
2014-01-14 20:30 - 2014-01-14 20:28 - 00000000 ____D C:\AdwCleaner
2014-01-14 20:28 - 2014-01-14 20:28 - 01236282 _____ C:\Users\Becky\Downloads\adwcleaner.exe
2014-01-14 19:14 - 2014-01-14 19:14 - 00005628 _____ C:\Users\Becky\Desktop\Addition.rar
2014-01-14 19:09 - 2014-01-14 19:09 - 02075648 _____ (Farbar) C:\Users\Becky\Downloads\FRST64.exe
2014-01-14 19:09 - 2014-01-14 19:09 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload
2014-01-14 19:07 - 2014-01-14 19:07 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload
2014-01-14 19:05 - 2014-01-14 19:05 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload
2014-01-14 18:59 - 2014-01-14 18:59 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-14 18:58 - 2014-01-14 18:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-14 18:58 - 2012-03-13 21:31 - 00000000 ____D C:\Windows\Panther
2014-01-14 18:58 - 2012-03-13 14:10 - 00000000 ____D C:\Users\Becky\AppData\Roaming\FileZilla
2014-01-14 18:54 - 2014-01-14 18:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:53 - 2014-01-14 18:53 - 00002772 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-01-14 18:53 - 2014-01-14 18:53 - 00000000 ____D C:\Program Files\CCleaner
2014-01-14 18:52 - 2014-01-14 18:52 - 11063632 _____ C:\Users\Becky\Downloads\cc-setup.exe
2014-01-14 18:43 - 2014-01-14 18:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 18:42 - 2014-01-14 18:19 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 18:41 - 2014-01-14 18:41 - 00001698 _____ C:\Windows\system32\.crusader
2014-01-14 18:41 - 2012-03-13 12:44 - 00000000 ___RD C:\Users\Becky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-14 18:33 - 2009-07-14 06:08 - 00032534 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-14 18:26 - 2014-01-14 06:57 - 00000000 _____ C:\ProgramData\hj67t9rj3.odd
2014-01-13 20:57 - 2012-04-18 14:45 - 00000000 ____D C:\Users\Becky\AppData\Roaming\Skype
2014-01-11 22:46 - 2012-03-14 19:08 - 00000000 ____D C:\Users\Becky\AppData\Roaming\vlc
2014-01-11 22:39 - 2014-01-11 19:50 - 1520795648 _____ C:\Users\Becky\Downloads\Veľká-svadba-(2013)-1.avi
2014-01-09 18:58 - 2009-07-26 19:41 - 00666444 _____ C:\Windows\system32\perfh005.dat
2014-01-09 18:58 - 2009-07-26 19:41 - 00140108 _____ C:\Windows\system32\perfc005.dat
2014-01-09 18:58 - 2009-07-14 06:13 - 01576554 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-05 13:07 - 2014-01-05 13:06 - 00000000 ____D C:\Users\Becky\Desktop\PV
2014-01-04 20:26 - 2014-01-04 19:49 - 651751424 _____ C:\Users\Becky\Downloads\neverhood.iso
2014-01-04 19:42 - 2014-01-04 19:42 - 00000000 ____D C:\TEMPNEV
2014-01-03 17:00 - 2014-01-03 17:00 - 01489920 _____ C:\Users\Becky\Downloads\akcel.xls
2013-12-30 17:02 - 2013-12-30 17:02 - 00060928 _____ C:\Users\Becky\Downloads\L850862_131215_139096.xls
2013-12-16 21:50 - 2013-12-16 21:50 - 00027551 _____ C:\Users\Becky\Downloads\PF 2014.zip
2013-12-16 20:32 - 2013-11-11 21:50 - 00023552 _____ C:\Users\Becky\Desktop\HB2-FMMI.xls
Files to move or delete:
====================
C:\ProgramData\hj67t9rj3.odd
Some content of TEMP:
====================
C:\Users\Becky\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-09 17:22
==================== End Of Log ============================
- Přílohy
-
- Addition.rar
- (5.41 KiB) Staženo 69 x
Re: Vir Policie Cr + Interpol
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [160840 2012-04-03] (Geek Software GmbH) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.) HKCU\...\Run: [QIP Internet Guardian] - C:\Users\Becky\AppData\Roaming\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17355912 2012-05-03] (Skype Technologies S.A.) HKCU\...\Run: [Infium] - C:\Program Files (x86)\QIP 2012\qip.exe [7097296 2011-10-12] (QIP) HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} BHO-x32: No Name - {95289393-33EA-4F8D-B952-483415B9C955} - No File Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll No File CHR Plugin: (Default Plug-in) - default_plugin No File R2 QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru) S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x] S3 tsusbhub; system32\drivers\tsusbhub.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] 2014-01-15 00:01 - 2014-01-15 00:01 - 00029696 _____ C:\Users\Becky\AppData\Local\MSGBOX.EXE 2014-01-15 00:01 - 2014-01-15 00:01 - 00015327 _____ C:\Users\Becky\Desktop\LM.bat 2014-01-15 00:01 - 2014-01-15 00:01 - 00000000 ____D C:\Users\Becky\Desktop\FRST-OlderVersion 2014-01-14 23:44 - 2014-01-14 23:51 - 91417072 _____ (AVAST Software) C:\Users\Becky\Downloads\avast_free_antivirus_setup_rcn.exe 2014-01-14 23:20 - 2014-01-14 23:20 - 00000057 _____ C:\Users\Becky\Downloads\avgremover.log 2014-01-14 23:12 - 2014-01-14 23:12 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Becky\Downloads\avg_remover_stf_x64_2014_4116.exe 2014-01-14 20:28 - 2014-01-14 20:28 - 01236282 _____ C:\Users\Becky\Downloads\adwcleaner.exe 2014-01-14 19:14 - 2014-01-14 19:14 - 00005628 _____ C:\Users\Becky\Desktop\Addition.rar 2014-01-14 19:09 - 2014-01-14 19:09 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe 2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload 2014-01-14 19:07 - 2014-01-14 19:07 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload 2014-01-14 19:05 - 2014-01-14 19:05 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload 2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload 2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload 2014-01-14 18:54 - 2014-01-14 18:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe 2014-01-14 18:52 - 2014-01-14 18:52 - 11063632 _____ C:\Users\Becky\Downloads\cc-setup.exe 2014-01-14 18:43 - 2014-01-14 18:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys 2014-01-14 18:41 - 2014-01-14 18:41 - 00001698 _____ C:\Windows\system32\.crusader 2014-01-14 18:19 - 2014-01-14 18:42 - 00000000 ____D C:\ProgramData\HitmanPro 2014-01-14 06:57 - 2014-01-14 18:26 - 00000000 _____ C:\ProgramData\hj67t9rj3.odd C:\Users\Becky\AppData\Roaming\QipGuard C:\Program Files (x86)\QipGuard C:\Program Files (x86)\Common Files\AVG Secure Search Hosts: CMD: shutdown /r /f /t 2 End- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vir Policie Cr + Interpol
Log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2014
Ran by Becky at 2014-01-16 12:52:14 Run:1
Running from C:\Users\Becky\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [160840 2012-04-03] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKCU\...\Run: [QIP Internet Guardian] - C:\Users\Becky\AppData\Roaming\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17355912 2012-05-03] (Skype Technologies S.A.)
HKCU\...\Run: [Infium] - C:\Program Files (x86)\QIP 2012\qip.exe [7097296 2011-10-12] (QIP)
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
BHO-x32: No Name - {95289393-33EA-4F8D-B952-483415B9C955} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
R2 QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
2014-01-15 00:01 - 2014-01-15 00:01 - 00029696 _____ C:\Users\Becky\AppData\Local\MSGBOX.EXE
2014-01-15 00:01 - 2014-01-15 00:01 - 00015327 _____ C:\Users\Becky\Desktop\LM.bat
2014-01-15 00:01 - 2014-01-15 00:01 - 00000000 ____D C:\Users\Becky\Desktop\FRST-OlderVersion
2014-01-14 23:44 - 2014-01-14 23:51 - 91417072 _____ (AVAST Software) C:\Users\Becky\Downloads\avast_free_antivirus_setup_rcn.exe
2014-01-14 23:20 - 2014-01-14 23:20 - 00000057 _____ C:\Users\Becky\Downloads\avgremover.log
2014-01-14 23:12 - 2014-01-14 23:12 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Becky\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-01-14 20:28 - 2014-01-14 20:28 - 01236282 _____ C:\Users\Becky\Downloads\adwcleaner.exe
2014-01-14 19:14 - 2014-01-14 19:14 - 00005628 _____ C:\Users\Becky\Desktop\Addition.rar
2014-01-14 19:09 - 2014-01-14 19:09 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload
2014-01-14 19:07 - 2014-01-14 19:07 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload
2014-01-14 19:05 - 2014-01-14 19:05 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload
2014-01-14 18:54 - 2014-01-14 18:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:52 - 2014-01-14 18:52 - 11063632 _____ C:\Users\Becky\Downloads\cc-setup.exe
2014-01-14 18:43 - 2014-01-14 18:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 18:41 - 2014-01-14 18:41 - 00001698 _____ C:\Windows\system32\.crusader
2014-01-14 18:19 - 2014-01-14 18:42 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 06:57 - 2014-01-14 18:26 - 00000000 _____ C:\ProgramData\hj67t9rj3.odd
C:\Users\Becky\AppData\Roaming\QipGuard
C:\Program Files (x86)\QipGuard
C:\Program Files (x86)\Common Files\AVG Secure Search
Hosts:
CMD: shutdown /r /f /t 2
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PDFPrint => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Infium => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key not found.
HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL => Moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll not found.
QipGuard => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Becky\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\Users\Becky\Desktop\LM.bat => Moved successfully.
C:\Users\Becky\Desktop\FRST-OlderVersion => Moved successfully.
C:\Users\Becky\Downloads\avast_free_antivirus_setup_rcn.exe => Moved successfully.
C:\Users\Becky\Downloads\avgremover.log => Moved successfully.
C:\Users\Becky\Downloads\avg_remover_stf_x64_2014_4116.exe => Moved successfully.
C:\Users\Becky\Downloads\adwcleaner.exe => Moved successfully.
C:\Users\Becky\Desktop\Addition.rar => Moved successfully.
"C:\Users\Becky\Downloads\FRSTLauncher.exe" => File/Directory not found.
C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload => Moved successfully.
C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload => Moved successfully.
C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload => Moved successfully.
C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload => Moved successfully.
C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload => Moved successfully.
C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe => Moved successfully.
C:\Users\Becky\Downloads\cc-setup.exe => Moved successfully.
C:\Windows\system32\Drivers\hitmanpro37.sys => Moved successfully.
C:\Windows\system32\.crusader => Moved successfully.
C:\ProgramData\HitmanPro => Moved successfully.
C:\ProgramData\hj67t9rj3.odd => Moved successfully.
C:\Users\Becky\AppData\Roaming\QipGuard => Moved successfully.
C:\Program Files (x86)\QipGuard => Moved successfully.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= shutdown /r /f /t 2 =========
========= End of CMD: =========
The system needs a manual reboot.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2014
Ran by Becky at 2014-01-16 12:52:14 Run:1
Running from C:\Users\Becky\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [160840 2012-04-03] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKCU\...\Run: [QIP Internet Guardian] - C:\Users\Becky\AppData\Roaming\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17355912 2012-05-03] (Skype Technologies S.A.)
HKCU\...\Run: [Infium] - C:\Program Files (x86)\QIP 2012\qip.exe [7097296 2011-10-12] (QIP)
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
URLSearchHook: HKCU - Default Value = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
BHO-x32: No Name - {95289393-33EA-4F8D-B952-483415B9C955} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
R2 QipGuard; C:\Program Files (x86)\QipGuard\QipGuard.exe [191440 2011-10-12] (QIP.ru)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
2014-01-15 00:01 - 2014-01-15 00:01 - 00029696 _____ C:\Users\Becky\AppData\Local\MSGBOX.EXE
2014-01-15 00:01 - 2014-01-15 00:01 - 00015327 _____ C:\Users\Becky\Desktop\LM.bat
2014-01-15 00:01 - 2014-01-15 00:01 - 00000000 ____D C:\Users\Becky\Desktop\FRST-OlderVersion
2014-01-14 23:44 - 2014-01-14 23:51 - 91417072 _____ (AVAST Software) C:\Users\Becky\Downloads\avast_free_antivirus_setup_rcn.exe
2014-01-14 23:20 - 2014-01-14 23:20 - 00000057 _____ C:\Users\Becky\Downloads\avgremover.log
2014-01-14 23:12 - 2014-01-14 23:12 - 03386520 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Becky\Downloads\avg_remover_stf_x64_2014_4116.exe
2014-01-14 20:28 - 2014-01-14 20:28 - 01236282 _____ C:\Users\Becky\Downloads\adwcleaner.exe
2014-01-14 19:14 - 2014-01-14 19:14 - 00005628 _____ C:\Users\Becky\Desktop\Addition.rar
2014-01-14 19:09 - 2014-01-14 19:09 - 00112640 _____ (forum.viry.cz) C:\Users\Becky\Downloads\FRSTLauncher.exe
2014-01-14 19:08 - 2014-01-14 19:08 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload
2014-01-14 19:07 - 2014-01-14 19:07 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload
2014-01-14 19:05 - 2014-01-14 19:05 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload
2014-01-14 19:04 - 2014-01-14 19:04 - 00000000 _____ C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload
2014-01-14 18:54 - 2014-01-14 18:54 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-14 18:52 - 2014-01-14 18:52 - 11063632 _____ C:\Users\Becky\Downloads\cc-setup.exe
2014-01-14 18:43 - 2014-01-14 18:43 - 00032512 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-14 18:41 - 2014-01-14 18:41 - 00001698 _____ C:\Windows\system32\.crusader
2014-01-14 18:19 - 2014-01-14 18:42 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-14 06:57 - 2014-01-14 18:26 - 00000000 _____ C:\ProgramData\hj67t9rj3.odd
C:\Users\Becky\AppData\Roaming\QipGuard
C:\Program Files (x86)\QipGuard
C:\Program Files (x86)\Common Files\AVG Secure Search
Hosts:
CMD: shutdown /r /f /t 2
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PDFPrint => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Infium => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCR\PROTOCOLS\Handler\linkscanner => Key deleted successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\linkscanner => Key not found.
HKCR\Wow6432Node\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => Key not found.
C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL => Moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\\npsitesafety.dll not found.
QipGuard => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Users\Becky\AppData\Local\MSGBOX.EXE => Moved successfully.
C:\Users\Becky\Desktop\LM.bat => Moved successfully.
C:\Users\Becky\Desktop\FRST-OlderVersion => Moved successfully.
C:\Users\Becky\Downloads\avast_free_antivirus_setup_rcn.exe => Moved successfully.
C:\Users\Becky\Downloads\avgremover.log => Moved successfully.
C:\Users\Becky\Downloads\avg_remover_stf_x64_2014_4116.exe => Moved successfully.
C:\Users\Becky\Downloads\adwcleaner.exe => Moved successfully.
C:\Users\Becky\Desktop\Addition.rar => Moved successfully.
"C:\Users\Becky\Downloads\FRSTLauncher.exe" => File/Directory not found.
C:\Users\Becky\Downloads\Nepotvrzeno 92574.crdownload => Moved successfully.
C:\Users\Becky\Downloads\Nepotvrzeno 75015.crdownload => Moved successfully.
C:\Users\Becky\Downloads\Nepotvrzeno 87139.crdownload => Moved successfully.
C:\Users\Becky\Downloads\Nepotvrzeno 4080.crdownload => Moved successfully.
C:\Users\Becky\Downloads\Nepotvrzeno 13750.crdownload => Moved successfully.
C:\Users\Becky\Downloads\mbam-setup-1.75.0.1300.exe => Moved successfully.
C:\Users\Becky\Downloads\cc-setup.exe => Moved successfully.
C:\Windows\system32\Drivers\hitmanpro37.sys => Moved successfully.
C:\Windows\system32\.crusader => Moved successfully.
C:\ProgramData\HitmanPro => Moved successfully.
C:\ProgramData\hj67t9rj3.odd => Moved successfully.
C:\Users\Becky\AppData\Roaming\QipGuard => Moved successfully.
C:\Program Files (x86)\QipGuard => Moved successfully.
"C:\Program Files (x86)\Common Files\AVG Secure Search" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= shutdown /r /f /t 2 =========
========= End of CMD: =========
The system needs a manual reboot.
==== End of Fixlog ====
Re: Vir Policie Cr + Interpol
Jak se chova PC??
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Vir Policie Cr + Interpol
Řekl bych , že standardně.
Máme ještě něco udělat?
Máme ještě něco udělat?
Přispějete na provoz fóra?