VIRY.CZ

Dobrý podvečer,

prosím o pomoc s odvirování pc který je nakažen virem policie ČR. Dle návodu o pár příspěvků níže posílám logy z programu FRST

Předem děkuji za pomoc.
_____________________________________________________-

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2013 03
Ran by Uživatel (administrator) on 03-06-2013 19:58:22
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dinotify.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [13374568 2011-12-13] (Realtek Semiconductor)
HKLM\...\Run: [adiras] adiras.exe [x]
HKCU\...\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [1475584 2010-11-21] (Microsoft Corporation)
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-10-11] (Google Inc.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Uživatel\AppData\Roaming\skype.dat [62976 2011-11-17] () <==== ATTENTION
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG2012\avgtray.exe" [2598520 2012-11-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1226928 2013-05-21] (AVG Secure Search)
HKLM-x32\...\Run: [autoclk] autoclk.exe [x]
HKLM-x32\...\Run: [adiras] C:\Windows\adirasx64.exe [253008 2007-02-13] ()
HKLM-x32\...\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" [x]
Startup: C:\ProgramData\Start Menu\Programs\Startup\DSLMON.lnk
ShortcutTarget: DSLMON.lnk -> C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
Startup: C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk
ShortcutTarget: YoWindow.lnk -> C:\Program Files (x86)\YoWindow\yowindow.exe (Repkasoft)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG2012\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU SearchScopes: DefaultScope {B0932FFF-AE21-4EDE-9F2B-83F6CB8A291E} URL = http://search.aol.com/aol/search?s_it=t ... earchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTer ... 60773ea7cc
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={E85F ... 2012-06-04 19:57:32&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {B0932FFF-AE21-4EDE-9F2B-83F6CB8A291E} URL = http://search.aol.com/aol/search?s_it=t ... earchTerms}
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\..\Interfaces\{FBE4FCD7-1DB6-4BF1-94D1-EF0C3712CC75}: [NameServer]10.255.255.10,10.255.255.20

FireFox:
========
FF ProfilePath: C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\a1oz8vau.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://search.babylon.com/?AF=108758&babsrc=adbartrp&mntrId=7c6481530000000000003860773ea7cc&q=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @ei.VideoDownloadConverter_4z.com/Plugin - C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\5.bin\NP4zEISB.dll (VideoDownloadConverter)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Babylon - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\a1oz8vau.default\Extensions\ffxtlbr@babylon.com
FF Extension: Winamp Toolbar - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\a1oz8vau.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.43\pdf.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\U\u017Eivatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (VideoDownloadConverter Installer Plugin Stub) - C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\5.bin\NP4zEISB.dll (VideoDownloadConverter)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (AVG Safe Search) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0
CHR Extension: (AVG Security Toolbar) - C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG2012\AVGIDSAgent.exe [5174392 2012-11-02] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-21] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [127328 2012-12-10] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [307040 2012-11-08] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [384800 2013-04-11] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-21] (AVG Technologies)
S3 EfiVariable; C:\Windows\SysWOW64\Drivers\variable64.sys [18200 2011-05-19] (Windows (R) Server 2003 DDK provider)
S2 ELOADER; C:\Windows\System32\Drivers\adildrx64.sys [58264 2007-02-07] (Analog Deivces)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2012-02-06] ()
U3 a4u63l0z; C:\Windows\System32\Drivers\a4u63l0z.sys [0 ] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 633360E94804E7BAFE642017817C9413
C:\Windows\System32\DRIVERS\avgidsfiltera.sys 0F293406F64B48D5D2F0D3A1117F3A83
C:\Windows\System32\DRIVERS\avgidsha.sys CFFC3A4A638F462E0561CB368B9A7A3A
C:\Windows\System32\DRIVERS\avgldx64.sys BE8BC5D10ABA05D7F6E79D8296906C86
C:\Windows\System32\DRIVERS\avgmfx64.sys A6AEC362AAE5E2DDA7445E7690CB0F33
C:\Windows\System32\DRIVERS\avgrkx64.sys 645C7F0A0E39758A0024A9B1748273C0
C:\Windows\System32\DRIVERS\avgtdia.sys A441A655D6D9DDDDBA11994530F84981
C:\Windows\system32\drivers\avgtpx64.sys 3B5657B6C11CDA87F664DD6F7DD0702D
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\System32\DRIVERS\e1c62x64.sys 5DB7CEB8FB44ABF01614E33BAD2056E0
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\SysWOW64\Drivers\variable64.sys C569787C4B633A94D27F4D9C4E3B602B
C:\Windows\System32\Drivers\adildrx64.sys BCA6AABA425CE46D89412190A5A27B94
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys 2FDAEC4B02729C48C0FD1B0B4695995B
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 0089B53F1BEFD34B7D8CA4AB021335FA
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 150AC23F21DBDBF8488408BA944B0D65
C:\Windows\System32\DRIVERS\IntcDAud.sys AE594CC17C33AC146739494615E14851
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys B227E75AD10A142DD326B4CC8D73A6D9
C:\Windows\System32\DRIVERS\nusb3xhc.sys 55959DB860E4E484681586824D09E52C
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\Drivers\a4u63l0z.sys

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-03 19:58 - 2013-06-03 19:58 - 00000000 ____D C:\FRST
2013-06-02 22:47 - 2013-06-03 17:37 - 00000004 ____A C:\Users\Uživatel\AppData\Roaming\skype.ini
2013-06-01 20:12 - 2013-06-01 23:39 - 00000000 ____D C:\Users\Uživatel\Desktop\Lucka
2013-06-01 18:58 - 2013-06-01 18:58 - 00007237 ____A C:\Users\Uživatel\Desktop\getsemany1.htm
2013-05-31 22:55 - 2013-06-01 10:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-31 18:01 - 2013-06-03 17:36 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-05-15 07:00 - 2013-05-05 23:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 07:00 - 2013-05-05 23:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 07:00 - 2013-05-05 21:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-15 07:00 - 2013-05-05 21:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-15 06:59 - 2013-04-05 03:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 06:59 - 2013-04-05 03:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 06:59 - 2013-04-05 03:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 06:59 - 2013-04-05 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 06:59 - 2013-04-05 02:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 06:59 - 2013-04-05 02:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 06:59 - 2013-04-05 02:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 06:59 - 2013-04-05 02:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 06:59 - 2013-04-05 02:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 06:59 - 2013-04-05 02:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 06:59 - 2013-04-05 02:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 06:59 - 2013-04-05 02:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 06:59 - 2013-04-05 02:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 06:59 - 2013-04-05 02:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 06:59 - 2013-04-05 00:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-15 06:59 - 2013-04-05 00:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-15 06:59 - 2013-04-05 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-15 06:59 - 2013-04-05 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-15 06:59 - 2013-04-05 00:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-15 06:59 - 2013-04-05 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-15 06:59 - 2013-04-04 23:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-15 06:59 - 2013-04-04 23:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-15 06:59 - 2013-04-04 23:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-15 06:59 - 2013-04-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-15 06:59 - 2013-04-04 23:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-15 06:59 - 2013-04-04 23:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-15 06:59 - 2013-04-04 23:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-15 06:59 - 2013-04-04 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-15 05:39 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 05:39 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 05:39 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 05:39 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 05:39 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 05:39 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 05:39 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 05:39 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 05:39 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 05:39 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 05:39 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 05:39 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 05:39 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 05:39 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

==================== One Month Modified Files and Folders =======

2013-06-03 19:58 - 2013-06-03 19:58 - 00000000 ____D C:\FRST
2013-06-03 19:57 - 2011-04-12 10:34 - 00634530 ____A C:\Windows\System32\perfh005.dat
2013-06-03 19:57 - 2011-04-12 10:34 - 00123120 ____A C:\Windows\System32\perfc005.dat
2013-06-03 19:57 - 2009-07-14 07:13 - 01478822 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-03 17:37 - 2013-06-02 22:47 - 00000004 ____A C:\Users\Uživatel\AppData\Roaming\skype.ini
2013-06-03 17:37 - 2012-07-14 18:25 - 00000952 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-03 17:37 - 2009-07-14 06:51 - 00123040 ____A C:\Windows\setupact.log
2013-06-03 17:36 - 2013-05-31 18:01 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-06-03 17:36 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-03 16:53 - 2012-02-01 21:21 - 01761723 ____A C:\Windows\WindowsUpdate.log
2013-06-03 16:41 - 2012-07-14 18:25 - 00000956 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-03 16:06 - 2009-07-14 06:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-03 16:06 - 2009-07-14 06:45 - 00022064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-02 21:36 - 2012-07-25 19:57 - 00000000 ____D C:\Users\Uživatel\AppData\Roaming\vlc
2013-06-02 17:04 - 2012-02-01 18:14 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-06-02 09:24 - 2012-02-01 18:13 - 00000000 ____D C:\Program Files (x86)\AVG2012
2013-06-01 23:39 - 2013-06-01 20:12 - 00000000 ____D C:\Users\Uživatel\Desktop\Lucka
2013-06-01 18:58 - 2013-06-01 18:58 - 00007237 ____A C:\Users\Uživatel\Desktop\getsemany1.htm
2013-06-01 16:47 - 2012-05-06 07:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-01 10:48 - 2013-05-31 22:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-31 18:01 - 2012-06-04 19:57 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-05-27 21:36 - 2013-02-03 22:06 - 00005726 ____A C:\Users\Uživatel\Desktop\Electronic - PLAY.CZ.url
2013-05-25 20:42 - 2012-10-11 19:25 - 00002143 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-05-21 18:54 - 2012-08-30 21:21 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-16 21:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-05-15 19:40 - 2009-07-14 06:45 - 00351720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 07:05 - 2012-02-06 20:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-15 07:03 - 2012-02-01 16:09 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-14 19:04 - 2012-06-04 19:57 - 00000855 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2013-05-14 19:04 - 2012-02-01 18:12 - 00000000 ____D C:\ProgramData\MFAData
2013-05-05 23:36 - 2013-05-15 07:00 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 23:16 - 2013-05-15 07:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 21:25 - 2013-05-15 07:00 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 21:12 - 2013-05-15 07:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

Files to move or delete:
====================
C:\Users\Uživatel\AppData\Roaming\skype.dat
C:\Users\Uživatel\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Spr vce spouçtŘnˇ syst‚mu Windows
--------------------
identifik tor {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {614714b5-4d09-11e1-8ded-ca19ad18c389}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {614714b7-4d09-11e1-8ded-ca19ad18c389}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {614714b5-4d09-11e1-8ded-ca19ad18c389}
nx OptIn

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {614714b7-4d09-11e1-8ded-ca19ad18c389}
device ramdisk=[C:]\Recovery\614714b7-4d09-11e1-8ded-ca19ad18c389\Winre.wim,{614714b8-4d09-11e1-8ded-ca19ad18c389}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\614714b7-4d09-11e1-8ded-ca19ad18c389\Winre.wim,{614714b8-4d09-11e1-8ded-ca19ad18c389}
systemroot \windows
nx OptIn
winpe Yes

Obnovenˇ z hibernace
---------------------
identifik tor {614714b5-4d09-11e1-8ded-ca19ad18c389}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Testov nˇ pamŘti syst‚mu Windows
---------------------
identifik tor {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Diagnostika pamŘti syst‚mu Windows
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes

Nastavenˇ slu§by EMS
------------
identifik tor {emssettings}
bootems Yes

Nastavenˇ ladicˇho programu
-----------------
identifik tor {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Chyby pamŘti RAM
-----------
identifik tor {badmemory}

Glob lnˇ nastavenˇ
---------------
identifik tor {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Nastavenˇ spouçtŘcˇho zavadŘźe
--------------------
identifik tor {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Nastavenˇ hypervisoru
-------------------
identifik tor {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Nastavenˇ zavadŘźe obnovenˇ
----------------------
identifik tor {resumeloadersettings}
inherit {globalsettings}

Parametry zaýˇzenˇ
--------------
identifik tor {614714b8-4d09-11e1-8ded-ca19ad18c389}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\614714b7-4d09-11e1-8ded-ca19ad18c389\boot.sdi



Last Boot: 2013-06-03 16:36

==================== End Of Log ============================

_________________________________________________

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2013 03
Ran by Uživatel at 2013-06-03 19:58:58 Run:
Running from E:\
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.2) - Czech (Version: 10.1.2)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)
Ashampoo Burning Studio 2012 v10.0.15 (Version: 10.0.15)
AVG 2012 (Version: 12.0.3184)
AVG 2012 (Version: 12.1.2242)
AVG 2012 (Version: 2012.1.2242)
AVG Security Toolbar (Version: 15.2.0.5)
Babylon toolbar on IE
Borland Database Engine Setup
BS.Player PRO (Version: 2.57.1051)
Canon MovieEdit Task for ZoomBrowser EX (Version: 3.2.0.34)
Canon Utilities CameraWindow (Version: 7.3.0.4)
Canon Utilities CameraWindow DC (Version: 7.4.1.10)
Canon Utilities CameraWindow DC 8 (Version: 8.0.0.19)
Canon Utilities MyCamera (Version: 7.3.0.5)
Canon Utilities PhotoStitch (Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (Version: 6.4.0.7)
Canon ZoomBrowser EX Memory Card Utility (Version: 1.2.2.11)
DAEMON Tools Toolbar (Version: 1.0.8.0552)
Download Updater (AOL Inc.)
GIMP 2.6.11 (Version: 2.6.11)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Chrome (Version: 27.0.1453.94)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
INJEVY (Version: 1.01.0000)
Intel(R) Control Center (Version: 1.2.1.1007)
Intel(R) Management Engine Components (Version: 7.0.0.1118)
Intel(R) Network Connections 16.8.46.0 (Version: 16.8.46.0)
Intel(R) Processor Graphics (Version: 8.15.10.2559)
Intel(R) Rapid Storage Technology (Version: 10.6.0.1002)
IrfanView (remove only) (Version: 4.32)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 30 (Version: 6.0.300)
K-Lite Codec Pack 5.7.0 (64-bit) (Version: 5.7.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Slovak) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Czech) 2007 (Version: 12.0.4518.1025)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft VC9 runtime libraries (Version: 2.0.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 21.0 (x86 cs) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Realtek High Definition Audio Driver (Version: 6.0.1.6526)
Renesas Electronics USB 3.0 Host Controller Driver (Version: 2.1.28.0)
SAGEM F@st 800-840 (Version: 4.06.000)
TeamViewer 7 (Version: 7.0.12541)
Theophilos 3
Total Commander (Remove or Repair) (Version: 7.57a)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 2.0.3 (Version: 2.0.3)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
YoWindow
Zoner Photo Studio 13 (Version: 13.0.1.6)

==================== Restore Points =========================

10-04-2013 12:36:41 Windows Update
17-04-2013 17:12:25 Naplánovaný kontrolní bod
24-04-2013 16:00:13 Windows Update
03-05-2013 17:34:12 Naplánovaný kontrolní bod
12-05-2013 06:13:03 Naplánovaný kontrolní bod
15-05-2013 04:58:42 Windows Update
23-05-2013 17:37:04 Naplánovaný kontrolní bod
31-05-2013 18:14:52 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/03/2013 07:57:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2013 05:05:29 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Služba Šifrování neinicializovala záložní objekt System Writer systému VSS.


Details:
Could not query the status of the EventSystem service.

System Error:
Probíhá vypnutí systému.
.

Error: (06/03/2013 05:01:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2013 04:01:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/03/2013 04:51:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2013 11:00:21 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2013 10:53:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2013 10:18:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2013 10:07:04 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/02/2013 05:05:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/03/2013 07:57:04 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (06/03/2013 07:57:05 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (06/03/2013 07:57:04 PM) (Source: DCOM) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (06/03/2013 07:57:04 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (06/03/2013 07:56:29 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (06/03/2013 07:56:29 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba seznamu sítí závisí na službě Sledování umístění v síti (NLA), která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (06/03/2013 07:56:29 PM) (Source: DCOM) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}

Error: (06/03/2013 07:56:09 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WinHTTP WPAD závisí na službě Klient DHCP, která neuspěla při spuštění v důsledku následující chyby:
%%1068

Error: (06/03/2013 07:56:03 PM) (Source: Service Control Manager) (User: )
Description: Zavedení následujícího ovladače pro spouštění počítače nebo systému se nezdařilo:
AFD
Avgldx64
Avgmfx64
Avgtdia
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
Wanarpv6
WfpLwf

Error: (06/03/2013 07:56:03 PM) (Source: Service Control Manager) (User: )
Description: Služba Sledování umístění v síti (NLA) závisí na službě Služba rozhraní síťového úložiště, která neuspěla při spuštění v důsledku následující chyby:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 8099.4 MB
Available physical RAM: 6933.29 MB
Total Pagefile: 16196.99 MB
Available Pagefile: 15047.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:820.03 GB) NTFS (Disk=0 Partition=2)
Drive e: () (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT (Disk=1 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 048B9613)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0E)

==================== End Of Log ============================

Zdravim a pekny vecer preji
Vas log se studuje a pracuje se na nem .
Prosim o strpeni!

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Uživatel\AppData\Roaming\skype.dat [62976 2011-11-17] () <==== ATTENTION 
  CMD: del "C:\Users\Uživatel\AppData\Roaming\skype.dat"
  CMD: del "C:\Users\Uživatel\AppData\Roaming\skype.ini"
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

• Kliknete na Fix
• Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

Bingo

To bylo rychlé!!! Bude třeba ještě nějak pročist? Děkuju

Ano bude, je tam toho spousty, toto byl jen krok, at muzete do normalniho rezimu

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Prohledat
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce

Tak tady jsou ty LOGy.
No je to strejdův PC. Nechci do toho moc hraba, jen to základní co bude nutné s odvirováním. Doporučím mu výměnu za Avast.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by U§ivatel on po 03.06.2013 at 21:05:02,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.babylonesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylontoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\dnu.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortapp.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escorteng.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\esrv.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\b
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\babylon.dskbnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylnapp.appcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\escort.escrtbtn.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B0932FFF-AE21-4EDE-9F2B-83F6CB8A291E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\installmate"
Successfully deleted: [Folder] "C:\Users\U§ivatel\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\U§ivatel\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Program Files (x86)\babylontoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\daemon tools toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"



~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\U§ivatel\AppData\Roaming\mozilla\firefox\profiles\a1oz8vau.default\user.js
Successfully deleted: [Folder] C:\Users\U§ivatel\AppData\Roaming\mozilla\firefox\profiles\a1oz8vau.default\winamptoolbardata
Successfully deleted: [Folder] C:\Users\U§ivatel\AppData\Roaming\mozilla\firefox\profiles\a1oz8vau.default\extensions\ffxtlbr@babylon.com
Successfully deleted the following from C:\Users\U§ivatel\AppData\Roaming\mozilla\firefox\profiles\a1oz8vau.default\prefs.js

user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=108758");
user_pref("extensions.BabylonToolbar.bbDpng", 3);
user_pref("extensions.BabylonToolbar.dfltSrch", false);
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.id", "7c6481530000000000003860773ea7cc");
user_pref("extensions.BabylonToolbar.instlDay", "15396");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.lastDP", 3);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1710:06:42");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "21.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 108846462);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1710:06:42");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=108758");
user_pref("extensions.BabylonToolbar_i.hardId", "7c6481530000000000003860773ea7cc");
user_pref("extensions.BabylonToolbar_i.id", "7c6481530000000000003860773ea7cc");
user_pref("extensions.BabylonToolbar_i.instlDay", "15396");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?AF=108758&babsrc=NT_ss&mntrId=7c6481530000000000003860773ea7cc");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:06:42");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("keyword.URL", "hxxp://search.babylon.com/?AF=108758&babsrc=adbartrp&mntrId=7c6481530000000000003860773ea7cc&q=");



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on po 03.06.2013 at 21:07:51,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




# AdwCleaner v2.301 - Log vytvooen 03/06/2013 v 21:15:21
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : Uživatel - PC-CCS
# Spuštin systém : Normální
# Spuštino z : C:\Users\Uživatel\Desktop\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files (x86)\AVG Secure Search
Složka Nalezeno : C:\Program Files (x86)\Common Files\AVG Secure Search
Složka Nalezeno : C:\ProgramData\AVG Secure Search
Složka Nalezeno : C:\Users\UIVATE~1\AppData\Local\Temp\avg@toolbar
Složka Nalezeno : C:\Users\UIVATE~1\AppData\Local\Temp\BabylonToolbar
Složka Nalezeno : C:\Users\Uživatel\AppData\Local\AVG Secure Search
Složka Nalezeno : C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Složka Nalezeno : C:\Users\Uživatel\AppData\LocalLow\AVG Secure Search
Složka Nalezeno : C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\a1oz8vau.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Soubor Nalezeno : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Hodnota Nalezeno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Hodnota Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Klíe Nalezeno : HKCU\Software\AVG Secure Search
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\Software\AVG Secure Search
Klíe Nalezeno : HKLM\Software\AVG Security Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\a1oz8vau.default\prefs.js

Nalezeno : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7");

-\\ Google Chrome v27.0.1453.94

Soubor : C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [12514 octets] - [03/06/2013 21:15:21]

########## EOF - C:\AdwCleaner[R1].txt - [12575 octets] ##########

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Smazat
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?t=81939

Prvni log. Jdu na druhy.

# AdwCleaner v2.301 - Log vytvooen 03/06/2013 v 19:36:46
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : Uživatel - PC-CCS
# Spuštin systém : Normální
# Spuštino z : C:\Users\Uživatel\Desktop\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files (x86)\AVG Secure Search
Složka Vymazáno : C:\ProgramData\AVG Secure Search
Složka Vymazáno : C:\Users\UIVATE~1\AppData\Local\Temp\avg@toolbar
Složka Vymazáno : C:\Users\UIVATE~1\AppData\Local\Temp\BabylonToolbar
Složka Vymazáno : C:\Users\Uživatel\AppData\Local\AVG Secure Search
Složka Vymazáno : C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Složka Vymazáno : C:\Users\Uživatel\AppData\LocalLow\AVG Secure Search
Složka Vymazáno : C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\a1oz8vau.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Soubor Vymazáno : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Vymazáno poi restartu : C:\Program Files (x86)\Common Files\AVG Secure Search

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Hodnota Vymazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Hodnota Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Klíe Vymazáno : HKCU\Software\AVG Secure Search
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\Software\AVG Secure Search
Klíe Vymazáno : HKLM\Software\AVG Security Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\a1oz8vau.default\prefs.js

Vymazáno : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\10.0.0.7");

-\\ Google Chrome v27.0.1453.94

Soubor : C:\Users\Uživatel\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [12585 octets] - [03/06/2013 21:15:21]
AdwCleaner[S1].txt - [12579 octets] - [03/06/2013 19:36:46]

########## EOF - C:\AdwCleaner[S1].txt - [12640 octets] ##########

log z RSIT. Díky za pomoc!!


Logfile of random's system information tool 1.09 (written by random/random)
Run by Uživatel at 2013-06-03 19:45:00
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 840 GB (88%) free of 954 GB
Total RAM: 8099 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:45:04, on 3.6.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Windows\adiras.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\YoWindow\yowindow.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG2012\avgtray.exe
C:\Windows\autoclk.exe
C:\Program Files\trend micro\Uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG2012\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [adiras] C:\Windows\adirasx64.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: YoWindow.lnk = C:\Program Files (x86)\YoWindow\yowindow.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG2012\avgpp.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG2012\avgwdsvc.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Úložná technologie Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8890 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
C:\PROGRA~2\AVG2012\avgrsa.exe /boot
C:\Program Files (x86)\AVG2012\avgcsrva.exe /pipeName=76da4873-1511-4c47-9ea9-c14a16fdf518 /coreSdkOptions=286 /logConfFile="C:\ProgramData\AVG2012\temp\7ef8a436-2a5d-494b-b8f9-ff6c6cdf2243-1f8-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files (x86)\AVG2012\" /registryPath="SYSTEM\CurrentControlSet\Services\Avg\Avg2012" /tempPath="C:\ProgramData\AVG2012\temp\"
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\AVG2012\avgwdsvc.exe"
C:\Windows\SysWow64\IntelCpHeciSvc.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe"
"C:\Program Files (x86)\AVG2012\AVGIDSAgent.exe"
"C:\Program Files (x86)\AVG2012\avgnsa.exe"
"C:\Program Files (x86)\AVG2012\avgemca.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d70d41d4-2a6d-4593-8cc5-e28e69f5bc8a -SystemEventPortName:HostProcess-1fdc72ac-4020-4e84-93d1-2446f280f623 -IoCancelEventPortName:HostProcess-5f3af01c-cc5f-4714-8879-53e19015b310 -NonStateChangingEventPortName:HostProcess-10003c2c-f683-4fe4-9843-a35702853ce4 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5ccab61c-9b1b-42b1-848e-8ed5afc38287 -DeviceGroupId:WpdFsGroup
"taskhost.exe"
taskeng.exe {3E2987D9-C15B-45CF-84FE-052FF1B98517}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\adiras.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\YoWindow\yowindow.exe" -mt
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\AVG2012\avgtray.exe"
"C:\Windows\autoclk.exe"
"C:\Windows\adirasx64.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Users\Uživatel\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528

======Scheduled tasks folder======

C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\a1oz8vau.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@ei.VideoDownloadConverter_4z.com/Plugin]
"Description"=VideoDownloadConverter Plugin
"Path"=C:\Program Files (x86)\VideoDownloadConverter_4zEI\Installr\5.bin\NP4zEISB.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.3]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll


C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
NPOFF12.DLL
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Users\Uživatel\AppData\Roaming\Mozilla\Firefox\Profiles\a1oz8vau.default\searchplugins\
aol-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}]
AVG Do Not Track - C:\Program Files (x86)\AVG2012\avgdtiea.dll [2012-10-15 1393272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG2012\avgssiea.dll [2012-10-15 1968248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-12-15 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG2012\avgssie.dll [2012-10-15 1417336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-02-01 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-12-15 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-02-01 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-12-15 253584]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-12-15 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-12-13 13374568]
"adiras"=C:\Windows\adiras.exe [2007-02-13 194128]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-12-14 172144]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-12-14 399984]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-12-14 441968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-10-11 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\Windows\system32\hkcmd.exe [2012-12-14 399984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\Windows\system32\igfxtray.exe [2012-12-14 172144]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2011-05-20 284440]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-09-16 115048]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"AVG_TRAY"=C:\Program Files (x86)\AVG2012\avgtray.exe [2012-11-19 2598520]
"autoclk"=C:\Windows\autoclk.exe [2006-02-15 176128]
"adiras"=C:\Windows\adirasx64.exe [2007-02-13 253008]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
DSLMON.lnk - C:\Program Files (x86)\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Users\Uživatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
YoWindow.lnk - C:\Program Files (x86)\YoWindow\yowindow.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-12-14 442880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-06-03 21:25:42 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-06-03 21:25:42 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-06-03 21:25:42 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-06-03 21:25:42 ----A---- C:\Windows\system32\schannel.dll
2013-06-03 21:25:42 ----A---- C:\Windows\system32\lsasrv.dll
2013-06-03 21:25:42 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-06-03 21:25:42 ----A---- C:\Windows\system32\drivers\cng.sys
2013-06-03 21:25:41 ----A---- C:\Windows\SYSWOW64\qdvd.dll
2013-06-03 21:25:41 ----A---- C:\Windows\system32\qdvd.dll
2013-06-03 21:15:21 ----A---- C:\AdwCleaner[R1].txt
2013-06-03 21:05:01 ----D---- C:\Windows\ERUNT
2013-06-03 21:04:54 ----D---- C:\JRT
2013-06-03 19:58:06 ----D---- C:\FRST
2013-06-03 19:45:00 ----D---- C:\rsit
2013-06-03 19:45:00 ----D---- C:\Program Files\trend micro
2013-06-03 19:36:46 ----A---- C:\AdwCleaner[S1].txt
2013-06-03 19:30:02 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-06-03 19:30:02 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-06-03 19:30:02 ----A---- C:\Windows\SYSWOW64\msls31.dll
2013-06-03 19:30:02 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2013-06-03 19:30:02 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-06-03 19:30:02 ----A---- C:\Windows\system32\elshyph.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\wextract.exe
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\url.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\occache.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\msrating.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\mshta.exe
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\inseng.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2013-06-03 19:30:01 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2013-06-03 19:30:00 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2013-06-03 19:30:00 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-06-03 19:30:00 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-06-03 19:30:00 ----A---- C:\Windows\SYSWOW64\icardie.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\wininet.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\wextract.exe
2013-06-03 19:30:00 ----A---- C:\Windows\system32\webcheck.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\vbscript.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\urlmon.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\url.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-03 19:30:00 ----A---- C:\Windows\system32\pngfilt.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\occache.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\msrating.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\msls31.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\mshtmlmedia.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\mshtmled.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\mshtml.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\mshta.exe
2013-06-03 19:30:00 ----A---- C:\Windows\system32\msfeedssync.exe
2013-06-03 19:30:00 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\licmgr10.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\jscript.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\inseng.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\imgutil.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\iexpress.exe
2013-06-03 19:30:00 ----A---- C:\Windows\system32\ieUnatt.exe
2013-06-03 19:30:00 ----A---- C:\Windows\system32\iesetup.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\iertutil.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\iernonce.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\iepeers.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\iedkcs32.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\ieapfltr.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\ieapfltr.dat
2013-06-03 19:30:00 ----A---- C:\Windows\system32\ie4uinit.exe
2013-06-03 19:30:00 ----A---- C:\Windows\system32\icardie.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\dxtrans.dll
2013-06-03 19:30:00 ----A---- C:\Windows\system32\dxtmsft.dll
2013-06-03 19:29:59 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-06-03 19:29:59 ----A---- C:\Windows\system32\mshtmler.dll
2013-06-03 19:29:59 ----A---- C:\Windows\system32\jscript9.dll
2013-06-03 19:29:59 ----A---- C:\Windows\system32\ieui.dll
2013-06-03 19:29:59 ----A---- C:\Windows\system32\iesysprep.dll
2013-06-03 19:29:59 ----A---- C:\Windows\system32\ieframe.dll
2013-06-03 19:29:59 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-06-03 19:28:18 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-03 19:28:18 ----A---- C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-03 19:28:18 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-06-03 19:28:16 ----A---- C:\Windows\system32\drivers\TsUsbGD.sys
2013-06-03 19:28:16 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2013-06-03 19:28:15 ----A---- C:\Windows\SYSWOW64\wksprtPS.dll
2013-06-03 19:28:15 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2013-06-03 19:28:15 ----A---- C:\Windows\SYSWOW64\rdpendp_winip.dll
2013-06-03 19:28:15 ----A---- C:\Windows\SYSWOW64\MsRdpWebAccess.dll
2013-06-03 19:28:15 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2013-06-03 19:28:15 ----A---- C:\Windows\system32\wksprtPS.dll
2013-06-03 19:28:15 ----A---- C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-06-03 19:28:15 ----A---- C:\Windows\system32\tsgqec.dll
2013-06-03 19:28:15 ----A---- C:\Windows\system32\drivers\TsUsbFlt.sys
2013-06-03 19:28:15 ----A---- C:\Windows\system32\aaclient.dll
2013-06-03 19:28:14 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2013-06-03 19:28:14 ----A---- C:\Windows\SYSWOW64\mstsc.exe
2013-06-03 19:28:14 ----A---- C:\Windows\system32\wksprt.exe
2013-06-03 19:28:14 ----A---- C:\Windows\system32\TSWbPrxy.exe
2013-06-03 19:28:14 ----A---- C:\Windows\system32\rdpudd.dll
2013-06-03 19:28:14 ----A---- C:\Windows\system32\rdpendp_winip.dll
2013-06-03 19:28:14 ----A---- C:\Windows\system32\rdpcorets.dll
2013-06-03 19:28:14 ----A---- C:\Windows\system32\mstscax.dll
2013-06-03 19:28:14 ----A---- C:\Windows\system32\mstsc.exe
2013-06-03 19:28:14 ----A---- C:\Windows\system32\MsRdpWebAccess.dll
2013-06-03 17:04:08 ----A---- C:\Windows\ntbtlog.txt
2013-05-31 22:55:26 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-05-15 05:39:28 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-15 05:39:28 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-15 05:39:28 ----A---- C:\Windows\system32\cdd.dll
2013-05-15 05:39:26 ----A---- C:\Windows\SYSWOW64\shell32.dll
2013-05-15 05:39:26 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2013-05-15 05:39:26 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-05-15 05:39:26 ----A---- C:\Windows\system32\shell32.dll
2013-05-15 05:39:26 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-15 05:39:26 ----A---- C:\Windows\system32\consent.exe
2013-05-15 05:39:26 ----A---- C:\Windows\system32\authui.dll
2013-05-15 05:39:26 ----A---- C:\Windows\system32\appinfo.dll
2013-05-15 05:39:20 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-15 05:39:20 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-15 05:39:19 ----A---- C:\Windows\system32\win32k.sys

======List of files/folders modified in the last 1 month======

2013-06-03 21:06:54 ----D---- C:\Windows\Prefetch
2013-06-03 21:06:06 ----HD---- C:\ProgramData
2013-06-03 21:02:31 ----D---- C:\Windows\system32\drivers\AVG
2013-06-03 21:02:31 ----D---- C:\Program Files (x86)\AVG2012
2013-06-03 20:57:28 ----D---- C:\Windows\system32\NDF
2013-06-03 19:45:00 ----RD---- C:\Program Files
2013-06-03 19:44:17 ----D---- C:\Windows\System32
2013-06-03 19:44:17 ----D---- C:\Windows\inf
2013-06-03 19:44:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-03 19:43:42 ----SHD---- C:\Windows\Installer
2013-06-03 19:43:41 ----D---- C:\Program Files (x86)\Microsoft Office
2013-06-03 19:43:37 ----SHD---- C:\System Volume Information
2013-06-03 19:41:50 ----D---- C:\Windows\SysWOW64
2013-06-03 19:41:37 ----D---- C:\Windows\Temp
2013-06-03 19:41:29 ----A---- C:\Windows\SYSWOW64\log.txt
2013-06-03 19:40:59 ----D---- C:\Windows
2013-06-03 19:39:54 ----D---- C:\Windows\winsxs
2013-06-03 19:39:14 ----D---- C:\Windows\system32\config
2013-06-03 19:37:29 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-06-03 19:37:29 ----D---- C:\Windows\system32\cs-CZ
2013-06-03 19:37:29 ----D---- C:\Program Files\Internet Explorer
2013-06-03 19:37:29 ----D---- C:\Program Files (x86)\Internet Explorer
2013-06-03 19:37:28 ----D---- C:\Windows\SYSWOW64\migration
2013-06-03 19:37:28 ----D---- C:\Windows\SYSWOW64\en-US
2013-06-03 19:37:28 ----D---- C:\Windows\system32\migration
2013-06-03 19:37:28 ----D---- C:\Windows\system32\en-US
2013-06-03 19:37:28 ----D---- C:\Windows\PolicyDefinitions
2013-06-03 19:37:27 ----D---- C:\Windows\SYSWOW64\wbem
2013-06-03 19:37:27 ----D---- C:\Windows\system32\wbem
2013-06-03 19:37:27 ----D---- C:\Windows\system32\drivers\en-US
2013-06-03 19:37:27 ----D---- C:\Windows\system32\drivers
2013-06-03 19:37:26 ----D---- C:\Windows\system32\DriverStore
2013-06-03 19:37:25 ----D---- C:\Windows\SYSWOW64\drivers
2013-06-03 19:36:58 ----D---- C:\Program Files (x86)
2013-06-03 19:36:57 ----D---- C:\ProgramData\AVG Secure Search
2013-06-03 19:32:54 ----D---- C:\Windows\Logs
2013-06-03 19:32:33 ----D---- C:\Windows\system32\catroot
2013-06-03 19:32:00 ----D---- C:\Windows\system32\catroot2
2013-06-03 19:28:07 ----D---- C:\Program Files\Common Files
2013-06-03 19:28:06 ----D---- C:\Program Files (x86)\Intel
2013-06-03 19:28:06 ----D---- C:\Program Files (x86)\Common Files
2013-06-02 23:23:48 ----D---- C:\Windows\system32\wdi
2013-06-02 21:36:24 ----D---- C:\Users\Uživatel\AppData\Roaming\vlc
2013-06-01 16:47:25 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-31 18:01:15 ----D---- C:\Windows\Tasks
2013-05-31 18:01:15 ----D---- C:\Windows\system32\Tasks
2013-05-16 21:13:22 ----D---- C:\Windows\rescache
2013-05-16 20:37:25 ----RSD---- C:\Windows\assembly
2013-05-16 20:37:25 ----D---- C:\Windows\Microsoft.NET
2013-05-15 19:38:21 ----D---- C:\Windows\AppPatch
2013-05-15 07:05:17 ----D---- C:\ProgramData\Microsoft Help
2013-05-15 07:03:41 ----A---- C:\Windows\system32\MRT.exe
2013-05-14 19:04:36 ----D---- C:\ProgramData\MFAData

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-05-20 557848]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-02-06 871408]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-04-11 384800]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-05-21 45856]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C; C:\Windows\system32\DRIVERS\e1c62x64.sys [2011-11-30 358576]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2012-12-14 5353888]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-12-13 4718952]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
R3 MEIx64;Intel(R) Management Engine Interface ; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-10-25 96768]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-10-25 213504]
S2 ELOADER;General Purpose USB Driver (adildrx64.sys); C:\Windows\System32\Drivers\adildrx64.sys [2007-02-07 58264]
S3 a1rwm22j;a1rwm22j; C:\Windows\system32\drivers\a1rwm22j.sys []
S3 EfiVariable;Efi Variable Service; \??\C:\Windows\SysWOW64\Drivers\variable64.sys [2011-05-19 18200]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG2012\AVGIDSAgent.exe [2012-11-02 5174392]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [2011-11-09 189608]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-05 325656]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-21 1015984]
R3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-12-14 277616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14 116648]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-11 194032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-31 117144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-01 1255736]

-----------------EOF-----------------

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "swg"=-
  [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
  "Adobe ARM"=-
  "SunJavaUpdateSched"=-
  "WinampAgent"=-
  
  :files
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

LOG z OTL

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Uživatel
->Temp folder emptied: 12459998 bytes
->Temporary Internet Files folder emptied: 5600161 bytes
->Java cache emptied: 5489913 bytes
->FireFox cache emptied: 87512787 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15845658 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50702 bytes
RecycleBin emptied: 4378864 bytes

Total Files Cleaned = 125,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Uživatel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Uživatel
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 06042013_154213

Files\Folders moved on Reboot...
C:\Users\Uživatel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Uživatel\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Preventivně jsem projel ještě CCleanerem.

Díky za pomoc.

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Díky za pomoc, posílám na účet nějakou tu korunu... zasloužíte si to!!

Nemate zac, rad jsem pomohl Zase nekdy

Za podporu fora jmenem celeho tymu dekuji

A na zaklade Pravidla o zamykani temat