Prosím o kontrolu RSIT

Zpráva

Honzabus · #1 Příspěvek od **Honzabus** » 12 lis 2014 11:43

Logfile of random's system information tool 1.10 (written by random/random)
Run by Hana_2 at 2014-11-12 11:39:23
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 378 GB (79%) free of 477 GB
Total RAM: 3767 MB (45% free)

HijackThis download failed

======Listing Processes======

"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

"C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4396.0.544253188\1494388641" --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,6,16 --disable-accelerated-video-decode --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2622 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="DomRel-Enable/disable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Bootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A2_Stable_R1/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_86/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="4396.1.791761752\1288384076" /prefetch:673131151
"C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Bootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A2_Stable_R1/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_86/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="4396.2.377121136\38225546" /prefetch:673131151
"C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/disable/EmbeddedSearch/Group2 pct:10b stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Bootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A2_Stable_R1/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_86/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/VoiceTrigger/Install/" --extension-process --enable-webrtc-hw-h264-encoding --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="4396.3.1167953674\879395857" /prefetch:673131151
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto -critical

"C:\Users\Hana_2\Downloads\RSITx64.exe" !

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job -
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job -
C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1990696707-1831518119-1969828975-1000Core.job -
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1990696707-1831518119-1969828975-1000UA.job -
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1990696707-1831518119-1969828975-1001Core.job - C:\Users\Hana_2\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1990696707-1831518119-1969828975-1001UA.job - C:\Users\Hana_2\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\ROC_JAN2013_TB_rmv.job -

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 690392]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-12-15 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll [2014-08-26 3627032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-12-15 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll [2014-08-26 3627032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-01-10 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-01-10 392984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-01-10 417560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Hana_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 116648]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2014-08-26 2640408]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2013\avgui.exe [2014-01-21 4411952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-01-10 390656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 6671064]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.ACDV"=ACDV.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-11-12 11:39:23 ----D---- C:\rsit
2014-10-16 08:26:58 ----A---- C:\Windows\system32\msi.dll
2014-10-16 08:26:56 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-10-16 08:26:52 ----A---- C:\Windows\system32\win32k.sys
2014-10-16 08:26:50 ----A---- C:\Windows\SYSWOW64\mscories.dll
2014-10-16 08:26:50 ----A---- C:\Windows\SYSWOW64\mscorier.dll
2014-10-16 08:26:50 ----A---- C:\Windows\SYSWOW64\dfshim.dll
2014-10-16 08:26:50 ----A---- C:\Windows\system32\mscories.dll
2014-10-16 08:26:50 ----A---- C:\Windows\system32\mscorier.dll
2014-10-16 08:26:50 ----A---- C:\Windows\system32\dfshim.dll
2014-10-16 08:26:47 ----A---- C:\Windows\system32\generaltel.dll
2014-10-16 08:26:46 ----A---- C:\Windows\system32\aepdu.dll
2014-10-16 08:26:46 ----A---- C:\Windows\system32\aeinv.dll
2014-10-16 08:26:43 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-10-16 08:26:43 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-10-16 08:26:43 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-10-16 08:26:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-10-16 08:26:42 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-10-16 08:26:42 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-10-16 08:26:42 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-10-16 08:26:42 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-10-16 08:26:42 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-10-16 08:26:42 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-10-16 08:26:42 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 08:26:42 ----A---- C:\Windows\system32\iernonce.dll
2014-10-16 08:26:42 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-10-16 08:26:42 ----A---- C:\Windows\system32\ie4uinit.exe
2014-10-16 08:26:41 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-10-16 08:26:41 ----A---- C:\Windows\system32\urlmon.dll
2014-10-16 08:26:41 ----A---- C:\Windows\system32\iedkcs32.dll
2014-10-16 08:26:40 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-10-16 08:26:40 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-10-16 08:26:40 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-10-16 08:26:40 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-10-16 08:26:40 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-10-16 08:26:40 ----A---- C:\Windows\system32\msfeeds.dll
2014-10-16 08:26:40 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 08:26:40 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-10-16 08:26:40 ----A---- C:\Windows\system32\dxtmsft.dll
2014-10-16 08:26:39 ----A---- C:\Windows\system32\iesetup.dll
2014-10-16 08:26:38 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-10-16 08:26:38 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-10-16 08:26:38 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-10-16 08:26:38 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-10-16 08:26:38 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-10-16 08:26:38 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-10-16 08:26:38 ----A---- C:\Windows\system32\jsproxy.dll
2014-10-16 08:26:38 ----A---- C:\Windows\system32\iertutil.dll
2014-10-16 08:26:37 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-10-16 08:26:37 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-10-16 08:26:37 ----A---- C:\Windows\system32\ieui.dll
2014-10-16 08:26:37 ----A---- C:\Windows\system32\ieframe.dll
2014-10-16 08:26:37 ----A---- C:\Windows\system32\dxtrans.dll
2014-10-16 08:26:36 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-10-16 08:26:36 ----A---- C:\Windows\system32\mshtmled.dll
2014-10-16 08:26:36 ----A---- C:\Windows\system32\jscript9diag.dll
2014-10-16 08:26:36 ----A---- C:\Windows\system32\ieUnatt.exe
2014-10-16 08:26:35 ----A---- C:\Windows\system32\wininet.dll
2014-10-16 08:26:35 ----A---- C:\Windows\system32\vbscript.dll
2014-10-16 08:26:35 ----A---- C:\Windows\system32\jscript9.dll
2014-10-16 08:26:35 ----A---- C:\Windows\system32\ieapfltr.dll
2014-10-16 08:26:34 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 08:26:34 ----A---- C:\Windows\system32\msrating.dll
2014-10-16 08:26:34 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-10-16 08:26:34 ----A---- C:\Windows\system32\mshtml.dll
2014-10-16 08:24:27 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2014-10-16 08:24:27 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2014-10-16 08:24:27 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2014-10-16 08:24:27 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2014-10-16 08:24:27 ----A---- C:\Windows\system32\tsgqec.dll
2014-10-16 08:24:27 ----A---- C:\Windows\system32\mstscax.dll
2014-10-16 08:24:27 ----A---- C:\Windows\system32\mstsc.exe
2014-10-16 08:24:27 ----A---- C:\Windows\system32\aaclient.dll
2014-10-16 08:24:26 ----A---- C:\Windows\system32\rdpcorets.dll
2014-10-16 08:24:20 ----A---- C:\Windows\SYSWOW64\rastls.dll
2014-10-16 08:24:20 ----A---- C:\Windows\system32\rastls.dll
2014-10-16 08:24:12 ----A---- C:\Windows\system32\termsrv.dll
2014-10-16 08:24:11 ----A---- C:\Windows\SYSWOW64\winsta.dll
2014-10-16 08:24:11 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-10-16 08:24:11 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-10-16 08:24:11 ----A---- C:\Windows\system32\winsta.dll
2014-10-16 08:24:11 ----A---- C:\Windows\system32\winlogon.exe
2014-10-16 08:24:11 ----A---- C:\Windows\system32\TSpkg.dll
2014-10-16 08:24:11 ----A---- C:\Windows\system32\rdpcorekmts.dll
2014-10-16 08:24:11 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2014-10-16 08:24:11 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2014-10-16 08:24:11 ----A---- C:\Windows\system32\credssp.dll
2014-10-16 08:23:41 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-10-16 08:23:41 ----A---- C:\Windows\system32\packager.dll

======List of files/folders modified in the last 1 month======

2014-11-12 11:39:25 ----D---- C:\Windows\Temp
2014-11-12 11:39:21 ----D---- C:\Windows\Prefetch
2014-11-12 11:38:24 ----D---- C:\ProgramData\MFAData
2014-11-12 11:35:44 ----SHD---- C:\Windows\Installer
2014-11-12 11:35:32 ----D---- C:\Windows\system32\config
2014-11-12 11:33:06 ----D---- C:\Users\Hana_2\AppData\Roaming\Skype
2014-11-10 10:55:20 ----D---- C:\Windows\System32
2014-11-10 10:55:20 ----D---- C:\Windows\inf
2014-11-10 10:55:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-06 14:01:22 ----D---- C:\Windows\system32\catroot2
2014-11-06 11:07:35 ----SHD---- C:\System Volume Information
2014-10-27 10:51:58 ----D---- C:\Windows\Tasks
2014-10-18 09:14:28 ----D---- C:\Users\Hana_2\AppData\Roaming\.minecraft
2014-10-17 12:45:29 ----D---- C:\Windows\rescache
2014-10-16 12:20:22 ----D---- C:\Windows\Microsoft.NET
2014-10-16 12:16:47 ----RSD---- C:\Windows\assembly
2014-10-16 10:26:26 ----D---- C:\Windows\winsxs
2014-10-16 10:23:16 ----D---- C:\Windows\SysWOW64
2014-10-16 10:23:15 ----SD---- C:\Windows\system32\CompatTel
2014-10-16 10:23:14 ----D---- C:\Windows\SYSWOW64\en-US
2014-10-16 10:23:14 ----D---- C:\Program Files\Internet Explorer
2014-10-16 10:23:13 ----D---- C:\Windows\system32\en-US
2014-10-16 10:23:11 ----D---- C:\Program Files (x86)\Internet Explorer
2014-10-16 10:23:09 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-10-16 10:23:09 ----D---- C:\Windows\system32\cs-CZ
2014-10-16 10:23:08 ----D---- C:\Windows\system32\drivers
2014-10-16 09:11:38 ----D---- C:\ProgramData\Microsoft Help
2014-10-16 09:06:36 ----D---- C:\Windows\system32\MRT
2014-10-16 08:56:43 ----D---- C:\Windows\debug
2014-10-16 08:56:40 ----A---- C:\Windows\system32\MRT.exe
2014-10-16 08:23:54 ----D---- C:\Windows\system32\catroot

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2013-07-20 71480]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2013-07-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2013-07-01 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2013-10-23 45880]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2013-11-25 246072]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2013-07-20 206648]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2014-04-15 240952]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2014-08-12 50976]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-12-16 2768384]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-01-10 12311904]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 ewusbnet;HUAWEI USB-NDIS miniport; C:\Windows\system32\DRIVERS\ewusbnet.sys [2009-07-23 132608]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2009-07-23 116992]
S3 hwusbfake;Huawei DataCard USB Fake; C:\Windows\system32\DRIVERS\ewusbfake.sys [2009-07-23 113792]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2013-10-23 1432080]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 VMCService;Vodafone Mobile Connect Service; C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [2009-09-18 9216]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [2014-08-12 1820184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-25 267440]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-09-19 111616]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-04-18 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

děkuji

#2 Příspěvek od **altrok** » 12 lis 2014 12:11

Dobry den

Jedna se o pracovni PC? Je Vas OS legalni? Nejvyssi licence OS u beznych domacich uzivatelu opravdu bezna neni

Honzabus · #3 Příspěvek od **Honzabus** » 22 lis 2014 15:01

děkuji a omlouvám se za dlouhou prodlevu. Je to počítač jedné paní (starší paní, domácí PC). Nevím o verzi OS nic. Zeptám se... díky

#4 Příspěvek od **altrok** » 22 lis 2014 18:29

Ok, mezitim Vas poprosim o jeden podrobnejsi sken, at se podivame, kde havet sidli.

Ulozte na plochu OTL http://oldtimer.geekstogo.com/OTL.exe

kliknete pravym na ikonu OTL a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
zatrhnete moznosti Pro vsechny uzivatele, Kontrola na havet "LOP", Kontrola na havěť "Purity"
do okna dole (Custom Scans/Fixes) zkopirujte script, ktery je nize
zbytek ponechte, jak je a kliknete na Prohledat
vysledne logy (OTL.txt a Extras.txt) budou dlouhe, takze je rozdelte do vice prispevku (odpovedi)

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Honzabus · #5 Příspěvek od **Honzabus** » 26 lis 2014 12:30

Děkuji vkládám report, ale provedl jsem sken jen "rychlý" protože klasický sken se zasekl a nic nevyjelo ven.
Děkuji ještě jednou...
J.R.

OTL logfile created on: 26.11.2014 12:20:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hana_2\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,68 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 45,60% Memory free
7,36 Gb Paging File | 5,59 Gb Available in Paging File | 76,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 370,55 Gb Free Space | 79,58% Space Free | Partition Type: NTFS

Computer Name: HANA-PC | User Name: Hana_2 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.11.26 11:38:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hana_2\Desktop\OTL.exe
PRC - [2014.11.04 00:31:08 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2014.08.26 15:18:19 | 002,640,408 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.07.03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

========== Modules (No Company Name) ==========

MOD - [2014.10.22 05:04:57 | 008,910,664 | ---- | M] () -- C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014.10.22 05:04:51 | 001,042,760 | ---- | M] () -- C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014.10.22 05:04:49 | 000,211,272 | ---- | M] () -- C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014.10.22 05:04:48 | 001,681,224 | ---- | M] () -- C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014.08.26 15:18:19 | 002,640,408 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2014.08.12 06:59:29 | 000,519,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
MOD - [2013.09.05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

========== Services (SafeList) ==========

SRV:64bit: - [2014.11.06 04:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013.05.27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (nsi)
SRV:64bit: - [2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (NlaSvc)
SRV:64bit: - [2009.07.14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\svchost.exe -- (lmhosts)
SRV - [2014.11.12 15:00:04 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.11.04 00:31:26 | 001,432,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Unknown] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2014.10.17 15:35:20 | 004,942,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Unknown] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014.08.12 06:59:29 | 001,820,184 | ---- | M] (AVG Secure Search) [Auto | Unknown] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe -- (vToolbarUpdater18.1.9)
SRV - [2014.03.20 23:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Unknown] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.11.20 01:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Unknown] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Unknown] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.09.18 16:48:28 | 000,009,216 | ---- | M] (Vodafone) [Auto | Unknown] -- C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014.11.04 00:30:04 | 000,209,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Unknown] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014.10.17 15:34:46 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014.08.12 06:59:29 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.11.25 01:48:36 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Unknown] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013.10.23 01:05:08 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Unknown] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013.07.20 00:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Unknown] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013.07.20 00:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Unknown] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013.07.01 00:45:28 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Unknown] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.09.04 09:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.10 21:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.12.16 13:16:24 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Unknown] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.05.15 04:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.09.17 18:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.23 10:57:20 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.07.23 10:57:20 | 000,116,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.07.23 10:57:20 | 000,113,792 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Unknown] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1990696707-1831518119-1969828975-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1990696707-1831518119-1969828975-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-1990696707-1831518119-1969828975-1001\..\SearchScopes\{2F9350A7-F857-47C4-A1D6-C5E12A7031CA}: "URL" = http://www.webhledani.cz/results.aspx?i ... earchTerms}
IE - HKU\S-1-5-21-1990696707-1831518119-1969828975-1001\..\SearchScopes\{92C217B6-DBE4-45C9-A930-89CE1944532E}: "URL" = http://websearch.ask.com/redirect?clien ... 5B5EF5F1BB
IE - HKU\S-1-5-21-1990696707-1831518119-1969828975-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={46EA ... 2012-10-11 14:21:19&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1990696707-1831518119-1969828975-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Hana_2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Hana_2\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Hana_2\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.5.0.2

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Hana_2\AppData\Local\Google\Chrome\Application\38.0.2125.111\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\Hana_2\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: No name found = C:\Users\Hana_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Hana_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Hana_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Hana_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcncagkkhfoombgbihckkccmkjemhohl\11.87.5.11025_0\
CHR - Extension: No name found = C:\Users\Hana_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hefdopkjddeacfpjlhnnikdibknmdepg\11.87.5.11556_0\
CHR - Extension: No name found = C:\Users\Hana_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: No name found = C:\Users\Hana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Hana_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1990696707-1831518119-1969828975-1001\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-1990696707-1831518119-1969828975-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1990696707-1831518119-1969828975-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32FFEB8A-69CA-4B2C-96AD-C741A19F289E}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D956D534-3C74-41F3-93A8-59314796DF06}: DhcpNameServer = 217.77.165.81 217.77.161.131
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.06 21:34:28 | 000,000,052 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{324004d2-885a-11e1-a954-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{324004d2-885a-11e1-a954-806e6f6e6963}\Shell\AutoRun\command - "" = D:\anglictina.exe -- [2006.02.07 13:00:14 | 001,137,294 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{9984572f-88a2-11e1-a74c-74de2b6fc957}\Shell - "" = AutoRun
O33 - MountPoints2\{9984572f-88a2-11e1-a74c-74de2b6fc957}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9984577c-88a2-11e1-a74c-74de2b6fc957}\Shell - "" = AutoRun
O33 - MountPoints2\{9984577c-88a2-11e1-a74c-74de2b6fc957}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.11.26 11:38:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Hana_2\Desktop\OTL.exe
[2014.11.19 15:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2014.11.14 09:28:01 | 000,000,000 | -HSD | C] -- C:\Users\Hana_2\AppData\Local\EmieBrowserModeList
[2014.11.12 11:39:23 | 000,000,000 | ---D | C] -- C:\rsit
[2014.11.04 00:30:04 | 000,209,720 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.11.26 12:09:59 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1990696707-1831518119-1969828975-1000UA.job
[2014.11.26 11:59:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.11.26 11:39:00 | 000,000,966 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1990696707-1831518119-1969828975-1001UA.job
[2014.11.26 11:38:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Hana_2\Desktop\OTL.exe
[2014.11.26 11:03:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.11.26 09:30:32 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.11.26 09:30:32 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.11.26 09:23:31 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2014.11.26 09:23:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014.11.26 09:23:31 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2014.11.26 09:23:18 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys
[2014.11.25 18:04:05 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1990696707-1831518119-1969828975-1001Core.job
[2014.11.25 18:03:59 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1990696707-1831518119-1969828975-1000Core.job
[2014.11.20 04:56:12 | 000,408,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014.11.19 15:28:05 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2014.11.10 10:55:20 | 001,584,626 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.11.10 10:55:20 | 000,669,132 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2014.11.10 10:55:20 | 000,654,480 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.11.10 10:55:20 | 000,141,760 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2014.11.10 10:55:20 | 000,122,352 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.11.04 00:30:04 | 000,209,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2014.10.29 08:50:03 | 000,002,372 | ---- | M] () -- C:\Users\Hana_2\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.01.31 03:57:55 | 001,560,276 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.16 12:26:11 | 000,003,584 | ---- | C] () -- C:\Users\Hana_2\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.28 13:16:16 | 000,130,238 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014.06.25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.01.30 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013.01.30 16:59:58 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013.06.11 12:35:04 | 000,000,000 | ---D | M] -- C:\Users\Hana\AppData\Roaming\.minecraft
[2012.04.17 14:13:25 | 000,000,000 | ---D | M] -- C:\Users\Hana\AppData\Roaming\ACD Systems
[2013.08.29 13:09:11 | 000,000,000 | ---D | M] -- C:\Users\Hana\AppData\Roaming\AVG2013
[2012.04.17 13:53:19 | 000,000,000 | ---D | M] -- C:\Users\Hana\AppData\Roaming\GHISLER
[2012.11.16 16:21:08 | 000,000,000 | ---D | M] -- C:\Users\Hana\AppData\Roaming\OpenCandy
[2013.08.29 13:04:22 | 000,000,000 | ---D | M] -- C:\Users\Hana\AppData\Roaming\TuneUp Software
[2014.01.04 14:22:52 | 000,000,000 | ---D | M] -- C:\Users\Hana\AppData\Roaming\Unity
[2012.04.17 16:45:06 | 000,000,000 | ---D | M] -- C:\Users\Hana\AppData\Roaming\Vodafone
[2012.04.17 15:16:45 | 000,000,000 | ---D | M] -- C:\Users\Hana\AppData\Roaming\wargaming.net
[2014.11.15 08:13:13 | 000,000,000 | ---D | M] -- C:\Users\Hana_2\AppData\Roaming\.minecraft
[2012.04.17 16:35:14 | 000,000,000 | ---D | M] -- C:\Users\Hana_2\AppData\Roaming\ACD Systems
[2013.08.29 13:10:38 | 000,000,000 | ---D | M] -- C:\Users\Hana_2\AppData\Roaming\AVG2013
[2012.05.15 18:49:36 | 000,000,000 | ---D | M] -- C:\Users\Hana_2\AppData\Roaming\GHISLER
[2014.09.04 06:28:01 | 000,000,000 | ---D | M] -- C:\Users\Hana_2\AppData\Roaming\IDM
[2014.02.15 10:03:47 | 000,000,000 | ---D | M] -- C:\Users\Hana_2\AppData\Roaming\skyz
[2013.12.15 09:23:17 | 000,000,000 | ---D | M] -- C:\Users\Hana_2\AppData\Roaming\TuneUp Software
[2013.08.29 10:08:56 | 000,000,000 | ---D | M] -- C:\Users\Hana_2\AppData\Roaming\Unity
[2012.04.17 16:49:02 | 000,000,000 | ---D | M] -- C:\Users\Hana_2\AppData\Roaming\Vodafone

========== Purity Check ==========

< End of report >

Honzabus · #6 Příspěvek od **Honzabus** » 26 lis 2014 12:33

Ještě Extras ... jsem zapomněl.

OTL Extras logfile created on: 26.11.2014 12:20:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hana_2\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,68 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 45,60% Memory free
7,36 Gb Paging File | 5,59 Gb Available in Paging File | 76,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 370,55 Gb Free Space | 79,58% Space Free | Partition Type: NTFS

Computer Name: HANA-PC | User Name: Hana_2 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1990696707-1831518119-1969828975-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Hana_2] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DDCBDE-1190-4FF1-9CF0-895870924028}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1490AA5F-F4C2-41D0-B356-B43A62067FF8}" = lport=139 | protocol=6 | dir=in | app=system |
"{1AC7B3E7-203B-488B-B56B-FE2A9F08B172}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E91685C-724A-4A00-8041-7A87183D2E6F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2DE8CBA0-D161-458C-ACCA-7D818F44452A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{311E88D8-AAB7-4EB1-96C0-26824DAA0A8B}" = rport=137 | protocol=17 | dir=out | app=system |
"{47EE360F-0B32-4EA8-9993-B9FEEC3D40E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{58E68963-C73C-4E12-A377-E273E8DE7606}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BDAB8C6-7A55-48A4-90BB-51FC2EC3C1DA}" = lport=445 | protocol=6 | dir=in | app=system |
"{72E95D3E-F9F8-415F-93D7-1303E1C499D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{89090D04-41A2-412C-AD34-D9F6E57DE899}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94550FE6-2F58-4608-885A-5B26824D2468}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{972070D1-35BD-4EEB-989E-8CB2901239E0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A552DC26-EEE6-4FCE-8845-C308749A4695}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B8A63352-1854-4CF8-A31A-6EACE9FD072D}" = rport=139 | protocol=6 | dir=out | app=system |
"{BBD89DCB-964A-469B-BFB6-869A17FCE63A}" = lport=137 | protocol=17 | dir=in | app=system |
"{C93DC9E7-9BEE-4A5B-B501-6888CF474C6F}" = rport=445 | protocol=6 | dir=out | app=system |
"{CF511D75-5D9B-4E36-9DFF-1A8A6967A727}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D2E9F620-7486-4E2E-BC48-7CFB58BC1599}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D851D8FE-7CE4-450D-B71A-F9294B91B6D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC9D878A-65D6-4BD7-B0BC-ADA376DCAB87}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E1E52AA1-4BCB-4EB5-B9AB-236A6FE24AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8998FC-6E3A-4BE9-9C8D-55C82B383070}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28F1B610-D618-423F-AA6D-B5963228BE1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AFE7075-53A0-4DEC-B8DC-87065262783B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{33D8CB93-4B1E-4962-8730-F8B6BDEB0531}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{36CF1B66-7CCD-47C4-82EE-095B1DDC488A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39E80DD6-38C1-46F9-B48C-E07545B6F809}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B4A2970-BDC5-4777-8C56-0646A162D68D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3DB7699F-6798-4069-9E7D-CDB186F78750}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3DE12D77-67FA-49C3-A93D-A6D7995C4ECC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45082F49-6452-47FB-AD15-A7AEAE16F1A0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{4E6CB1F9-C120-4B07-854B-4F1372D0740D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{52A09D4D-AA0F-48F0-B253-915D4987EE4B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{548B9211-604B-408B-97DE-48FB836FE499}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59818B5E-6105-4237-AAA2-5C45AE20FD74}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5AE121C9-5968-4705-913F-FBE18B650A6E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{61E7FBF6-3A80-4ADE-B435-CF74A0F5F137}" = protocol=58 | dir=in | app=system |
"{668BB78C-1BBC-461C-AF96-71B6F33813A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{694D344E-3CDA-4EE1-9252-BBCFD609117F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{7EFD4BE6-0E64-4D98-B8CE-14CA43A3ADC8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{88FC11A3-15F6-4C89-B3E1-C5BEA1BB769F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8BDC8177-2453-4417-AF1A-E2C7289218B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{96937218-6273-4AAC-BEC3-D5990ED0C29D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A9C4B5BD-9DDB-4937-BE45-AF4264BDD152}" = protocol=6 | dir=out | app=system |
"{AAAAFAAF-FAE4-47EB-BFF0-C5076A6988C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6CFB60F-B31E-47FC-9969-1D18D23C4383}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BDFBA2BC-D8B4-445B-9EF5-45949EC09CF8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C7E1AF82-5679-42AC-ADCB-D6F101C7DA82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF415C05-8249-4C52-8376-580B5698C988}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D2383EA9-67B2-41E7-8EFE-E363CF02F80D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D7FCA865-4D44-424D-B3C2-A0303674E424}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E16C61DE-486A-404F-898D-E42EFE9A5CA4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E8D862B2-A26C-447A-B0AA-16BCFBA70F4B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{FB71452E-B471-4C67-9EEB-EDFEF8874CF2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FDBB7770-231E-4220-8EA7-6053A7D555ED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"TCP Query User{25CBFB7E-1A4A-492B-80EC-ADE4FAF0565E}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{34AA9F20-935F-401F-A70C-F1812AFD3CF5}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{52A94E0D-3C8E-47DF-BDA0-6BBB49025C38}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{9B8F2F29-4270-4B8C-9235-50579B0C0AB7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{4B8FECC4-507C-4560-809B-850F3BCF7B52}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{9B67D713-EDC5-40A1-A49E-E098694BE530}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{BADE2441-B2ED-49D7-8AAF-76530D4E0F7D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{E44B8401-7A98-4AFD-9456-70687D6714EE}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12079D47-A4AB-4AE5-A957-C2062D328F35}" = AVG 2013
"{1CCAE2CF-0B8B-4772-89B2-3DB5C9703261}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{50813B8C-FCBB-3C61-8039-EAAA93029066}" = Microsoft .NET Framework 4.5.1 (CSY)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"AVG" = AVG 2013
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR 4.20 beta 2 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6428D19C-67AF-44FB-9496-E255C5D1E553}_is1" = Minecraft Tweaker, ver. 1.4.2_2.8
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Czech
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Easy English CZ" = Easy English CZ
"GTA Liberty City Stories PC Edition beta 3.1.1" = GTA Liberty City Stories PC Edition beta 3.1.1
"Minecraft Cracked" = Minecraft Cracked
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Subway Surfers 1.0" = Subway Surfers 1.0
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.6
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1990696707-1831518119-1969828975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GTA San Andreas" = GTA San Andreas
"optimizer_chrome" = Widevine Media Optimizer Chrome 6.0.0
"UnityWebPlayer" = Unity Web Player

< End of report >

Honzabus · #7 Příspěvek od **Honzabus** » 26 lis 2014 12:33

Ještě Extras ... jsem zapomněl.

OTL Extras logfile created on: 26.11.2014 12:20:55 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Hana_2\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,68 Gb Total Physical Memory | 1,68 Gb Available Physical Memory | 45,60% Memory free
7,36 Gb Paging File | 5,59 Gb Available in Paging File | 76,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 370,55 Gb Free Space | 79,58% Space Free | Partition Type: NTFS

Computer Name: HANA-PC | User Name: Hana_2 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1990696707-1831518119-1969828975-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.Hana_2] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 10.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\10.0\ACDSeeQV10.exe" "%1" (ACD Systems)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DDCBDE-1190-4FF1-9CF0-895870924028}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1490AA5F-F4C2-41D0-B356-B43A62067FF8}" = lport=139 | protocol=6 | dir=in | app=system |
"{1AC7B3E7-203B-488B-B56B-FE2A9F08B172}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E91685C-724A-4A00-8041-7A87183D2E6F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{2DE8CBA0-D161-458C-ACCA-7D818F44452A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{311E88D8-AAB7-4EB1-96C0-26824DAA0A8B}" = rport=137 | protocol=17 | dir=out | app=system |
"{47EE360F-0B32-4EA8-9993-B9FEEC3D40E3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{58E68963-C73C-4E12-A377-E273E8DE7606}" = lport=138 | protocol=17 | dir=in | app=system |
"{6BDAB8C6-7A55-48A4-90BB-51FC2EC3C1DA}" = lport=445 | protocol=6 | dir=in | app=system |
"{72E95D3E-F9F8-415F-93D7-1303E1C499D7}" = rport=138 | protocol=17 | dir=out | app=system |
"{89090D04-41A2-412C-AD34-D9F6E57DE899}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94550FE6-2F58-4608-885A-5B26824D2468}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{972070D1-35BD-4EEB-989E-8CB2901239E0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A552DC26-EEE6-4FCE-8845-C308749A4695}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B8A63352-1854-4CF8-A31A-6EACE9FD072D}" = rport=139 | protocol=6 | dir=out | app=system |
"{BBD89DCB-964A-469B-BFB6-869A17FCE63A}" = lport=137 | protocol=17 | dir=in | app=system |
"{C93DC9E7-9BEE-4A5B-B501-6888CF474C6F}" = rport=445 | protocol=6 | dir=out | app=system |
"{CF511D75-5D9B-4E36-9DFF-1A8A6967A727}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D2E9F620-7486-4E2E-BC48-7CFB58BC1599}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D851D8FE-7CE4-450D-B71A-F9294B91B6D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC9D878A-65D6-4BD7-B0BC-ADA376DCAB87}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E1E52AA1-4BCB-4EB5-B9AB-236A6FE24AAD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8998FC-6E3A-4BE9-9C8D-55C82B383070}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28F1B610-D618-423F-AA6D-B5963228BE1F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2AFE7075-53A0-4DEC-B8DC-87065262783B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{33D8CB93-4B1E-4962-8730-F8B6BDEB0531}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{36CF1B66-7CCD-47C4-82EE-095B1DDC488A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39E80DD6-38C1-46F9-B48C-E07545B6F809}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3B4A2970-BDC5-4777-8C56-0646A162D68D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3DB7699F-6798-4069-9E7D-CDB186F78750}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3DE12D77-67FA-49C3-A93D-A6D7995C4ECC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{45082F49-6452-47FB-AD15-A7AEAE16F1A0}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{4E6CB1F9-C120-4B07-854B-4F1372D0740D}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{52A09D4D-AA0F-48F0-B253-915D4987EE4B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{548B9211-604B-408B-97DE-48FB836FE499}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{59818B5E-6105-4237-AAA2-5C45AE20FD74}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5AE121C9-5968-4705-913F-FBE18B650A6E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{61E7FBF6-3A80-4ADE-B435-CF74A0F5F137}" = protocol=58 | dir=in | app=system |
"{668BB78C-1BBC-461C-AF96-71B6F33813A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{694D344E-3CDA-4EE1-9252-BBCFD609117F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{7EFD4BE6-0E64-4D98-B8CE-14CA43A3ADC8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{88FC11A3-15F6-4C89-B3E1-C5BEA1BB769F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8BDC8177-2453-4417-AF1A-E2C7289218B2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{96937218-6273-4AAC-BEC3-D5990ED0C29D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A9C4B5BD-9DDB-4937-BE45-AF4264BDD152}" = protocol=6 | dir=out | app=system |
"{AAAAFAAF-FAE4-47EB-BFF0-C5076A6988C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B6CFB60F-B31E-47FC-9969-1D18D23C4383}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BDFBA2BC-D8B4-445B-9EF5-45949EC09CF8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C7E1AF82-5679-42AC-ADCB-D6F101C7DA82}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF415C05-8249-4C52-8376-580B5698C988}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D2383EA9-67B2-41E7-8EFE-E363CF02F80D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D7FCA865-4D44-424D-B3C2-A0303674E424}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E16C61DE-486A-404F-898D-E42EFE9A5CA4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E8D862B2-A26C-447A-B0AA-16BCFBA70F4B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{FB71452E-B471-4C67-9EEB-EDFEF8874CF2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FDBB7770-231E-4220-8EA7-6053A7D555ED}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"TCP Query User{25CBFB7E-1A4A-492B-80EC-ADE4FAF0565E}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{34AA9F20-935F-401F-A70C-F1812AFD3CF5}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{52A94E0D-3C8E-47DF-BDA0-6BBB49025C38}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{9B8F2F29-4270-4B8C-9235-50579B0C0AB7}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{4B8FECC4-507C-4560-809B-850F3BCF7B52}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{9B67D713-EDC5-40A1-A49E-E098694BE530}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{BADE2441-B2ED-49D7-8AAF-76530D4E0F7D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{E44B8401-7A98-4AFD-9456-70687D6714EE}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12079D47-A4AB-4AE5-A957-C2062D328F35}" = AVG 2013
"{1CCAE2CF-0B8B-4772-89B2-3DB5C9703261}" = AVG 2013
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{50813B8C-FCBB-3C61-8039-EAAA93029066}" = Microsoft .NET Framework 4.5.1 (CSY)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0405-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Czech) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029" = Microsoft .NET Framework 4.5.1 (čeština)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
"AVG" = AVG 2013
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR 4.20 beta 2 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.20
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6428D19C-67AF-44FB-9496-E255C5D1E553}_is1" = Minecraft Tweaker, ver. 1.4.2_2.8
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{90140000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2010
"{90140000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2010
"{90140000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2010
"{90140000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2010
"{90140000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2010
"{90140000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2010
"{90140000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2010
"{90140000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2010
"{90140000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2010
"{90140000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2010
"{90140000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2010
"{90140000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Czech
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"AVG Secure Search" = AVG Security Toolbar
"Easy English CZ" = Easy English CZ
"GTA Liberty City Stories PC Edition beta 3.1.1" = GTA Liberty City Stories PC Edition beta 3.1.1
"Minecraft Cracked" = Minecraft Cracked
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Subway Surfers 1.0" = Subway Surfers 1.0
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.6
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1990696707-1831518119-1969828975-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"GTA San Andreas" = GTA San Andreas
"optimizer_chrome" = Widevine Media Optimizer Chrome 6.0.0
"UnityWebPlayer" = Unity Web Player

< End of report >

#8 Příspěvek od **altrok** » 26 lis 2014 17:15

V ramci cisteni Vam budou vyprazdneny docasne adresare (vcetne Kose).

Ulozte na plochu AdwCleaner https://toolslib.net/downloads/viewdown ... dwcleaner/

ukoncete vsechny programy
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Scan, pote na Clean
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\AdwCleaner [Sx].txt), jehoz obsah mi zkopirujte do pristi odpovedi

Nainstalujte MBAM a udelejte vlastni sken vsech disku - http://forum.viry.cz/viewtopic.php?f=29&t=137928

Upozorneni: tento sken zabere od 30 minut po nekolik hodin

Honzabus · #9 Příspěvek od **Honzabus** » 10 pro 2014 12:48

vkládám AWD děkuji

# AdwCleaner v4.103 - Report created 10/12/2014 at 12:14:26
# Updated 01/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Hana_2 - HANA-PC
# Running from : C:\Users\Hana_2\Desktop\adwcleaner_4.103.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Ask
[!] Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\Yahoo! Companion
[!] Folder Deleted : C:\Program Files (x86)\AVG Secure Search
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Hana\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Hana_2\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\Hana_2\AppData\LocalLow\AVG Secure Search

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Search\ask.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{92C217B6-DBE4-45C9-A930-89CE1944532E}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Google Chrome v

[C:\Users\Hana_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.avg.com/search?cid={46EA7C5C-6918-4E6C-8049-6F587AA95860}&mid=1db13cf327fe4bb1bcc8c8c21ebf1a72-3b3aaa4dd83d65ecf5eaf9a141829002a3e0089a&lang=cs&ds=AVG&pr=pr&d=2012-10-11 14:21:19&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
[C:\Users\Hana_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.tb.ask.com/search/GGmain.jhtml?searchfor={searchTerms}&st=kwd&ptb=A78BB883-55FC-4316-8B25-070C743E92E6&n=780c25b3&ind=2014062003&p2=^HJ^xdm310^YYA^cz&si=pconvCh

*************************

AdwCleaner[R].txt - [11068 octets] - [03/12/2014 11:29:00]
AdwCleaner[S].txt - [3463 octets] - [10/12/2014 12:14:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S].txt - [3522 octets] ##########

#10 Příspěvek od **altrok** » 10 pro 2014 13:52

Pokracujte prosim vlastnim skenem vsech disku pomoci MBAM. Presny postup je popsany v mem predeslem prispevku.

VIRY.CZ

Prosím o kontrolu RSIT

Prosím o kontrolu RSIT

Re: Prosím o kontrolu RSIT

Re: Prosím o kontrolu RSIT

Re: Prosím o kontrolu RSIT

Re: Prosím o kontrolu RSIT

Re: Prosím o kontrolu RSIT

Re: Prosím o kontrolu RSIT

Re: Prosím o kontrolu RSIT

Re: Prosím o kontrolu RSIT

Re: Prosím o kontrolu RSIT