Prosim o kontrolu - Policie Čr

Zpráva

sorcer · #1 Příspěvek od **sorcer** » 18 čer 2013 22:54

Dobrý večer, prosím o kontrolu + skript. Vkládám log z FRST (problém s virem Policie ČR)

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by Administrator (administrator) on 18-06-2013 23:44:05
Running from G:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-05] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start [256056 2010-03-01] (Hewlett-Packard Company)
HKLM\...\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [101888 2010-06-09] (Leadtek Research Inc.)
HKLM\...\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1226928 2013-05-22] (AVG Secure Search)
HKLM\...\Run: [Nástroj WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM\...\Run: [Nástroj WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... e3ef6af964 [x]
HKCU\...\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash [495616 2007-07-02] (Gadwin Systems, Inc)
HKCU\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [248208 2013-03-22] (TomTom)
HKCU\...\Run: [QIP Internet Guardian] C:\Users\Administrator\AppData\Roaming\QipGuard\QipGuard.exe /p [190336 2011-07-18] (QIP.ru)
HKCU\...\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun [6812032 2011-07-18] (QIP)
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\jljm1.dat,XFG00 [143360 2013-06-18] (Microsoft Corporation) <===== ATTENTION
MountPoints2: {1d892b84-c975-11e0-a047-70f395818afc} - G:\AutoRun.exe
MountPoints2: {bfe55399-c7f0-11df-b7ce-70f395818afc} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {bfe553a1-c7f0-11df-b7ce-70f395818afc} - G:\setup_vmc_lite.exe /checkApplicationPresence
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk
ShortcutTarget: HP Print View Resource Center.lnk -> C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Hewlett-Packard)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~2\jljm1.dat (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
HKLM SearchScopes: DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
HKCU SearchScopes: DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {683D6B03-527E-4936-B090-16BA0E605099} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={C14B ... 2011-12-05 12:26:45&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e45gsnfa.default
FF Homepage: hxxp://qip.ru
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2233400 2007-03-15] ()
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 QipGuard; C:\Program Files\QipGuard\QipGuard.exe [190336 2011-07-18] (QIP.ru)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-22] (AVG Secure Search)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-06-13] (Western Digital)
S2 Winmgmt; C:\PROGRA~2\jljm1.dat [143360 2013-06-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [54112 2010-07-12] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-22] (AVG Technologies)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [922496 2008-10-31] (NXP Semiconductors Germany GmbH)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1763968 2009-12-18] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2010-10-02] ()
R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110080 2008-12-08] (ZTE Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files\CyberLink\PowerDVD8\000.fcl [61424 2008-06-27] (Cyberlink Corp.)
S3 Huawei; system32\DRIVERS\ewdcsc.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 StarOpen; No ImagePath
S3 STHDA; system32\DRIVERS\stwrt.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-18 23:42 - 2013-06-18 23:42 - 00000000 ____D C:\FRST
2013-06-18 10:50 - 2013-06-18 23:30 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-18 10:50 - 2013-06-18 23:28 - 95023320 ___AT C:\ProgramData\1mjlj.pad
2013-06-18 10:50 - 2013-06-18 10:50 - 95023320 ___AT C:\ProgramData\z6ejejr.pad
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\rjeje6z.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\jljm1.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-18 10:50 - 2013-06-18 10:50 - 00002645 ____A C:\ProgramData\1mjlj.js
2013-06-14 08:42 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 08:42 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 08:42 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 08:42 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 08:42 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 08:42 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 08:37 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-14 08:37 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-14 08:37 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 09:06 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 09:06 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 09:06 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 09:06 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 09:06 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 09:06 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 09:06 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 09:06 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-13 09:06 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-13 09:06 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 09:06 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-13 09:06 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-04 15:02 - 2013-06-18 23:30 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-05-30 18:17 - 2013-05-30 20:02 - 942704269 ____A () C:\Users\Administrator\Downloads\GTA-San-Andreas.exe
2013-05-27 20:14 - 2013-05-27 20:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Western_Digital
2013-05-27 20:12 - 2013-05-27 20:12 - 00001150 ____A C:\Users\Public\Desktop\WD SmartWare.lnk
2013-05-27 20:11 - 2013-05-27 20:14 - 00000000 ____D C:\ProgramData\Western Digital
2013-05-27 20:11 - 2013-05-27 20:12 - 00000000 ____D C:\Program Files\Western Digital
2013-05-27 20:11 - 2013-05-27 20:11 - 00001179 ____A C:\Users\Public\Desktop\Software WD Security.lnk
2013-05-27 20:11 - 2013-05-27 20:11 - 00001111 ____A C:\Users\Public\Desktop\Nástroje WD Drive Utilities.lnk
2013-05-27 20:11 - 2013-05-27 20:11 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-05-22 19:49 - 2013-05-22 19:50 - 00003714 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-05-21 13:29 - 2013-05-21 21:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-20 11:30 - 2013-05-20 11:31 - 00308353 ____A C:\Users\Administrator\Downloads\download.php

==================== One Month Modified Files and Folders ========

2013-06-18 23:42 - 2013-06-18 23:42 - 00000000 ____D C:\FRST
2013-06-18 23:42 - 2009-07-14 06:39 - 00107556 ____A C:\Windows\setupact.log
2013-06-18 23:41 - 2009-07-14 06:34 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 23:41 - 2009-07-14 06:34 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 23:30 - 2013-06-18 10:50 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-18 23:30 - 2013-06-04 15:02 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-06-18 23:30 - 2011-02-19 13:31 - 00000000 ____D C:\Program Files\QIP 2010
2013-06-18 23:29 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 23:28 - 2013-06-18 10:50 - 95023320 ___AT C:\ProgramData\1mjlj.pad
2013-06-18 11:18 - 2010-09-18 15:26 - 01644878 ____A C:\Windows\WindowsUpdate.log
2013-06-18 10:50 - 2013-06-18 10:50 - 95023320 ___AT C:\ProgramData\z6ejejr.pad
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\rjeje6z.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\jljm1.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-18 10:50 - 2013-06-18 10:50 - 00002645 ____A C:\ProgramData\1mjlj.js
2013-06-18 10:48 - 2012-04-05 07:47 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 08:49 - 2010-09-18 15:35 - 01478586 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-17 22:20 - 2011-10-01 19:54 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-06-16 22:22 - 2010-09-25 16:15 - 00000000 ____D C:\Users\Administrator\Documents\PrintScreen Files
2013-06-16 13:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-16 12:20 - 2010-09-19 19:25 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-15 11:57 - 2012-04-05 07:47 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-15 11:57 - 2011-05-19 08:07 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-14 09:01 - 2012-10-18 09:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-14 08:44 - 2010-09-19 11:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-14 08:39 - 2010-09-18 16:51 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-08 13:42 - 2013-06-14 08:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-14 08:42 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-14 08:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-14 08:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-14 08:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-14 08:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 11:05 - 2012-08-08 12:11 - 00000000 ____D C:\ProgramData\firebird
2013-06-04 02:21 - 2011-12-05 13:27 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-05-30 20:02 - 2013-05-30 18:17 - 942704269 ____A () C:\Users\Administrator\Downloads\GTA-San-Andreas.exe
2013-05-27 20:14 - 2013-05-27 20:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Western_Digital
2013-05-27 20:14 - 2013-05-27 20:11 - 00000000 ____D C:\ProgramData\Western Digital
2013-05-27 20:12 - 2013-05-27 20:12 - 00001150 ____A C:\Users\Public\Desktop\WD SmartWare.lnk
2013-05-27 20:12 - 2013-05-27 20:11 - 00000000 ____D C:\Program Files\Western Digital
2013-05-27 20:12 - 2010-09-18 16:19 - 00018022 ____A C:\Windows\DPINST.LOG
2013-05-27 20:11 - 2013-05-27 20:11 - 00001179 ____A C:\Users\Public\Desktop\Software WD Security.lnk
2013-05-27 20:11 - 2013-05-27 20:11 - 00001111 ____A C:\Users\Public\Desktop\Nástroje WD Drive Utilities.lnk
2013-05-27 20:11 - 2013-05-27 20:11 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-05-27 20:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-05-22 19:50 - 2013-05-22 19:49 - 00003714 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-05-22 19:48 - 2012-11-09 09:03 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-05-21 21:04 - 2010-09-18 16:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\hpqLog
2013-05-21 21:03 - 2013-05-21 13:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-21 13:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\NDF
2013-05-20 11:31 - 2013-05-20 11:30 - 00308353 ____A C:\Users\Administrator\Downloads\download.php

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\1mjlj.pad
C:\ProgramData\jljm1.dat
C:\ProgramData\rjeje6z.dat
C:\ProgramData\z6ejejr.pad

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-16 12:50

==================== End Of Log ============================

FRST - Additon

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2013
Ran by Administrator at 2013-06-18 23:45:17 Run:
Running from G:\
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 7.1.8)
Acronis Disk Director Suite (Version: 10.0.2161)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.6) - Czech (Version: 10.1.6)
AIMP2
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)
Ashampoo Burning Studio 2010 (Version: 9.1.0)
ATI Catalyst Install Manager (Version: 3.0.778.0)
AVG 2011 (Version: 10.0.1432)
AVG 2011 (Version: 10.0.3199)
AVG Security Toolbar (Version: 15.2.0.5)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0805.358.5180)
Catalyst Control Center InstallProxy (Version: 2010.0805.358.5180)
Catalyst Control Center Localization All (Version: 2010.0805.358.5180)
CCC Help Czech (Version: 2010.0805.0357.5180)
CCC Help Danish (Version: 2010.0805.0357.5180)
CCC Help Dutch (Version: 2010.0805.0357.5180)
CCC Help English (Version: 2010.0805.0357.5180)
CCC Help Finnish (Version: 2010.0805.0357.5180)
CCC Help French (Version: 2010.0805.0357.5180)
CCC Help German (Version: 2010.0805.0357.5180)
CCC Help Greek (Version: 2010.0805.0357.5180)
CCC Help Hungarian (Version: 2010.0805.0357.5180)
CCC Help Chinese Standard (Version: 2010.0805.0357.5180)
CCC Help Chinese Traditional (Version: 2010.0805.0357.5180)
CCC Help Italian (Version: 2010.0805.0357.5180)
CCC Help Japanese (Version: 2010.0805.0357.5180)
CCC Help Korean (Version: 2010.0805.0357.5180)
CCC Help Norwegian (Version: 2010.0805.0357.5180)
CCC Help Polish (Version: 2010.0805.0357.5180)
CCC Help Portuguese (Version: 2010.0805.0357.5180)
CCC Help Russian (Version: 2010.0805.0357.5180)
CCC Help Spanish (Version: 2010.0805.0357.5180)
CCC Help Swedish (Version: 2010.0805.0357.5180)
CCC Help Thai (Version: 2010.0805.0357.5180)
CCC Help Turkish (Version: 2010.0805.0357.5180)
ccc-core-static (Version: 2010.0805.358.5180)
ccc-utility (Version: 2010.0805.358.5180)
Codec-TS SDK
CyberLink PowerDVD 8 (Version: 8.0.1730)
De-interlace SDK
FastStone Image Viewer 4.2 (Version: 4.2)
FlatOut Demo (Version: 1.01.0000)
Gadwin PrintScreen (Version: 4.2)
GOM Player (Version: 2.1.49.5139)
HP 3D DriveGuard (Version: 4.0.4.1)
HP HotKey Support (Version: 3.5.15.1)
HP Print View Software
HP Print View Software (Version: 2.0.1.0)
HP Update (Version: 4.000.009.002)
HP Webcam Driver (Version: 5.8.50012.0)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Java(TM) 6 Update 16 (Version: 6.0.160)
kinder v2
LSI HDA Modem (Version: 2.2.98)
MailStore Home 7.0.7.7671 (Version: 7.0.7.7671)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Slovak) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Czech) 2007 (Version: 12.0.4518.1025)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MozBackup 1.4.10
Mozilla Firefox 21.0 (x86 cs) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 12.0.1 (x86 cs) (Version: 12.0.1)
Nástroje WD Drive Utilities (Version: 1.0.1.5)
OpenOffice.org 3.2 (Version: 3.2.9505)
Opera 11.00 (Version: 11.00)
Opera 12.02 (Version: 12.02.1578)
Paint.NET v3.5.8 (Version: 3.58.0)
QIP 2010 3.1.5890 (Version: 3.1.5890)
QIP Infium 3.0.9042 (Version: 3.0.9042)
QIP Internet Guardian
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30109)
Skype Toolbars (Version: 5.0.4126)
Skype™ 6.1 (Version: 6.1.129)
Software WD Security (Version: 1.0.1.5)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
TMPGEnc 4.0 XPress Special Trial Version (Version: 4.7.1.284)
TomTom HOME (Version: 2.9.5)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Total Commander (Remove or Repair) (Version: 7.55)
TT-SB SDK
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
WD SmartWare (Version: 1.6.2.6)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinFast Multimedia Driver Installation (Version: )
WinFast PVR2 (Version: 2.0.3.33)
WinRAR
Zoner Photo Studio 14 (Version: 14.0.1.3)

==================== Restore Points =========================

Could not list Restore Points.

==================== Scheduled Tasks (whitelisted) =============

Task: {158EB308-82BF-424D-9CD6-002DE7D2BCAC} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{EFF8B5BC-5444-4D1D-88D5-FC72F2E4C526}.exe No File
Task: {362D9C1C-3096-42FE-A608-62B26BD833D0} - System32\Tasks\Online aktualizační program HP => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08] (Hewlett-Packard)
Task: {3FF4C9F7-BCF7-440A-8A54-AB742A6E6CD5} - System32\Tasks\Program k provádění aktualizací online Adobe => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {512E6ACA-53E8-49E5-A702-5793DAB155CF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-18] (Microsoft Corporation)
Task: {7CB552CD-4098-42D6-A4B6-1E49265E82EA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15] (Adobe Systems Incorporated)
Task: {89D8EAF9-3B9B-4877-89C2-E5DD560E34AA} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {B77FA7AC-EC0F-438D-BD64-6C1ED51FF3FA} - System32\Tasks\{4C3CE1CC-3A03-4431-B23A-45B67D1E9F22} => C:\Program Files\Skype\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {EA73834B-BDED-4B90-B27F-A2E91174C5DD} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {EFDF64AB-2010-4C28-8239-251D1FAF2DB8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {F301328E-5F4D-492B-B758-048B87D8A129} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {F458E142-DF2B-4FE8-B618-439B6683FEE1} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============

Could not list Devices.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2013 00:52:09 PM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota * atributu language v prvku assemblyIdentity je neplatná.

Error: (06/15/2013 00:23:56 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: WDBackupEngine.exe, verze: 1.6.1.2, časové razítko: 0x4fda26d7
Název chybujícího modulu: System.Data.SQLite.dll, verze: 1.0.78.0, časové razítko: 0x4f227a54
Kód výjimky: 0xc0000005
Posun chyby: 0x0004d20a
ID chybujícího procesu: 0xcd4
Čas spuštění chybující aplikace: 0xWDBackupEngine.exe0
Cesta k chybující aplikaci: WDBackupEngine.exe1
Cesta k chybujícímu modulu: WDBackupEngine.exe2
ID zprávy: WDBackupEngine.exe3

Error: (06/15/2013 00:23:38 PM) (Source: .NET Runtime) (User: )
Description: Aplikace: WDBackupEngine.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.AccessViolationException
Zásobník:
na System.Data.SQLite.UnsafeNativeMethods.sqlite3_column_int64(IntPtr, Int32)
na System.Data.SQLite.SQLite3.GetInt64(System.Data.SQLite.SQLiteStatement, Int32)
na System.Data.SQLite.SQLiteDataReader.GetInt64(Int32)
na BackupManifest.GetFile(System.Data.IDataReader)
na BackupEngine.CheckSource(System.String, System.Data.IDataReader, Boolean)
na BackupEngine.CheckSource(System.String)
na BackupEngine.VerifySourcesThreadProc()
na System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (06/15/2013 00:06:36 PM) (Source: Application Hang) (User: )
Description: Program CD2_Sid.exe verze 1.0.0.1 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1e7c

Čas spuštění: 01ce69af81b0aaf8

Čas ukončení: 60000

Cesta k aplikaci: F:\CD2_Sid.exe

ID hlášení: 15a80fc4-d5a3-11e2-97bb-70f395818afc

Error: (06/07/2013 11:31:48 PM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota * atributu language v prvku assemblyIdentity je neplatná.

Error: (06/04/2013 03:01:56 PM) (Source: VSS) (User: )
Description: Chyba služby Stínová kopie svazků: Neočekávaná chyba DeviceIoControl(\\?\Volume{ef3faa2f-c327-11df-8af7-806e6f6e6963} - 00000174,0x0053c008,00D92B80,0,00D93B88,4096,[0]). hr = 0x80070079, Časový limit semaforu vypršel.
.

Operace:
Probíhá zpracování události EndPrepareSnapshots

Kontext:
Kontext spuštění: System Provider

Error: (06/03/2013 03:49:29 PM) (Source: VSS) (User: )
Description: Chyba služby Stínová kopie svazků: Neočekávaná chyba DeviceIoControl(\\?\Volume{ef3faa2f-c327-11df-8af7-806e6f6e6963} - 00000178,0x0053c008,00D92B68,0,00D93B70,4096,[0]). hr = 0x80070079, Časový limit semaforu vypršel.
.

Operace:
Probíhá zpracování události EndPrepareSnapshots

Kontext:
Kontext spuštění: System Provider

Error: (06/02/2013 07:13:03 AM) (Source: VSS) (User: )
Description: Chyba služby Stínová kopie svazků: Neočekávaná chyba DeviceIoControl(\\?\Volume{ef3faa2f-c327-11df-8af7-806e6f6e6963} - 00000180,0x0053c008,00D92190,0,00D90180,4096,[0]). hr = 0x80070079, Časový limit semaforu vypršel.
.

Operace:
Probíhá zpracování události EndPrepareSnapshots

Kontext:
Kontext spuštění: System Provider

Error: (05/29/2013 02:36:19 PM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota * atributu language v prvku assemblyIdentity je neplatná.

Error: (05/28/2013 06:40:53 AM) (Source: VSS) (User: )
Description: Chyba služby Stínová kopie svazků: Neočekávaná chyba DeviceIoControl(\\?\Volume{ef3faa2f-c327-11df-8af7-806e6f6e6963} - 00000060,0x0053c008,00C83E40,0,00C85E50,4096,[0]). hr = 0x80070079, Časový limit semaforu vypršel.
.

Operace:
Probíhá zpracování události EndPrepareSnapshots

Kontext:
Kontext spuštění: System Provider

System errors:
=============
Error: (06/18/2013 11:47:18 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:46:48 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:46:18 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:45:48 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:45:18 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:44:48 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:44:18 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:43:48 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:43:18 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:42:48 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Microsoft Office Sessions:
=========================
Error: (08/01/2012 01:15:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/22/2012 00:21:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/24/2011 01:56:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3575 seconds with 360 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 3055.43 MB
Available physical RAM: 2146.07 MB
Total Pagefile: 6109.15 MB
Available Pagefile: 4855.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.1 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:50.5 GB) (Free:12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRACOVNI) (Fixed) (Total:272.83 GB) (Free:241.47 GB) NTFS
Drive e: (DATA) (Fixed) (Total:272.83 GB) (Free:183.74 GB) NTFS
Drive g: (PENDRIVE) (Removable) (Total:3.72 GB) (Free:1.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 99F3445E)
Partition 1: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=546 GB) - (Type=05)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

#2 Příspěvek od **vyosek** » 19 čer 2013 07:44

Zdravim a pekny den preji

Vas log se studuje Obrázek

a pracuje se na nem Obrázek

.
Prosim o strpeni! Obrázek

#3 Příspěvek od **vyosek** » 19 čer 2013 07:49

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... jctVk9YVUw"&"inst=NzctNzUwNDUxNjEyLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=55"&"ver=2012.0.1809"&"mid=0beda036d56947d18866a1bad365630f-295e8afe83ae297d9ff84ed9468a2de3ef6af964 [x]
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1226928 2013-05-22] (AVG Secure Search)
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\jljm1.dat,XFG00 [143360 2013-06-18] (Microsoft Corporation) <===== ATTENTION
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~2\jljm1.dat (Microsoft Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
HKLM SearchScopes: DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
HKCU SearchScopes: DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {683D6B03-527E-4936-B090-16BA0E605099} URL = http://www.webhledani.cz/results.aspx?i=42&tp=ie&q={searchTerms}
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={C14BE25A-A35D-4A1A-B043-1B0C1BC8A884}&mid=0beda036d56947d18866a1bad365630f-295e8afe83ae297d9ff84ed9468a2de3ef6af964&lang=cz&ds=AVG&pr=pa&d=2011-12-05 12:26:45&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
FF Homepage: hxxp://qip.ru
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 QipGuard; C:\Program Files\QipGuard\QipGuard.exe [190336 2011-07-18] (QIP.ru)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-22] (AVG Secure Search)
C:\Program Files\Common Files\AVG Secure Search
S2 Winmgmt; C:\PROGRA~2\jljm1.dat [143360 2013-06-18] (Microsoft Corporation)
S3 StarOpen; No ImagePath
2013-06-18 10:50 - 2013-06-18 23:30 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-18 10:50 - 2013-06-18 23:28 - 95023320 ___AT C:\ProgramData\1mjlj.pad
2013-06-18 10:50 - 2013-06-18 10:50 - 95023320 ___AT C:\ProgramData\z6ejejr.pad
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\rjeje6z.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\jljm1.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-18 10:50 - 2013-06-18 10:50 - 00002645 ____A C:\ProgramData\1mjlj.js
2013-06-18 23:30 - 2013-06-04 15:02 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-05-22 19:50 - 2013-05-22 19:49 - 00003714 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
C:\Program Files\QipGuard
C:\Program Files\AVG\AVG10\Toolbar
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
C:\Program Files\AVG Secure Search

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

Kliknete na Fix
Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

sorcer · #4 Příspěvek od **sorcer** » 19 čer 2013 17:39

Děkuji.

Normální režim nabíhá bez potíží.

FRST FIXLOG

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-06-2013
Ran by Administrator at 2013-06-19 18:34:58 Run:2
Running from G:\
Boot Mode: Safe Mode (minimal)

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe => Value not found.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk not found.
C:\PROGRA~2\jljm1.dat not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} => Value not found.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Value not found.
HKCR\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Key deleted successfully.
HKCR\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{683D6B03-527E-4936-B090-16BA0E605099} => Key not found.
HKCR\CLSID\{683D6B03-527E-4936-B090-16BA0E605099} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKCR\PROTOCOLS\Handler\viprotocol => Key not found.
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found.
Firefox homepage deleted successfully.
AVG Security Toolbar Service => Service not found.
QipGuard => Service not found.
vToolbarUpdater15.2.0 => Service not found.
C:\Program Files\Common Files\AVG Secure Search => File/Directory not found.
Winmgmt => Service restored successfully.
StarOpen => Service not found.
C:\ProgramData\kjhy64.txt => File/Directory not found.
C:\ProgramData\1mjlj.pad => File/Directory not found.
C:\ProgramData\z6ejejr.pad => File/Directory not found.
C:\ProgramData\rjeje6z.dat => File/Directory not found.
C:\ProgramData\jljm1.dat => File/Directory not found.
C:\ProgramData\rundll32.exe => File/Directory not found.
C:\ProgramData\1mjlj.js => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
C:\Program Files\Mozilla Firefoxavg-secure-search.xml => Moved successfully.
C:\Program Files\QipGuard => Moved successfully.
C:\Program Files\AVG\AVG10\Toolbar => Moved successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll => Moved successfully.
C:\Program Files\AVG Secure Search => Moved successfully.

==== End of Fixlog ====

#5 Příspěvek od **vyosek** » 19 čer 2013 18:13

Poprosim o log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

sorcer · #6 Příspěvek od **sorcer** » 19 čer 2013 18:56

RSIT lze spustit, ale proběhně jen do 75% a pak vyskočí chybové hlášení.

A to i když jej spouštím jako správce.
I v nouzovém režimu.
I když jej přejmenuji.

Chybovové hlášení:

AutoIt Error
Line -1:
Error: Variable used without being declared.

Níže posílám log z nedokončeného RSITU.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2013-06-19 19:53:02
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 12 GB (24%) free of 52 GB
Total RAM: 3055 MB (64% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-05 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-03 1791272]
"QLBController"=C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2010-06-09 101888]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2012-08-01 2345592]
"Nástroj WD Drive Unlocker"=C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [2012-06-13 1688008]
"Nástroj WD Quick View"=C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [2012-06-14 5235128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2007-07-02 495616]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2013-03-22 248208]
"QIP Internet Guardian"=C:\Users\Administrator\AppData\Roaming\QipGuard\QipGuard.exe [2011-07-18 190336]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2011-07-18 6812032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-06-27 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2010-09-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-08-11 2920448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-06-07 1195520]

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HP Print View Resource Center.lnk - C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d892b84-c975-11e0-a047-70f395818afc}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfe55399-c7f0-11df-b7ce-70f395818afc}]
shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfe553a1-c7f0-11df-b7ce-70f395818afc}]
shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-06-19 19:40:44 ----D---- C:\rsit
2013-06-19 19:40:44 ----D---- C:\Program Files\trend micro
2013-06-18 23:42:58 ----D---- C:\FRST
2013-06-18 23:27:49 ----A---- C:\Windows\ntbtlog.txt
2013-06-14 08:42:31 ----A---- C:\Windows\system32\urlmon.dll
2013-06-14 08:42:31 ----A---- C:\Windows\system32\ieui.dll
2013-06-14 08:42:29 ----A---- C:\Windows\system32\ieframe.dll
2013-06-14 08:42:28 ----A---- C:\Windows\system32\mshtml.dll
2013-06-14 08:42:28 ----A---- C:\Windows\system32\iertutil.dll
2013-06-14 08:37:38 ----A---- C:\Windows\system32\jscript.dll
2013-06-14 08:37:37 ----A---- C:\Windows\system32\jscript9.dll
2013-06-14 08:37:36 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-14 08:37:36 ----A---- C:\Windows\system32\iesetup.dll
2013-06-14 08:37:35 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-14 08:37:35 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-14 08:37:35 ----A---- C:\Windows\system32\iesysprep.dll
2013-06-14 08:37:35 ----A---- C:\Windows\system32\iernonce.dll
2013-06-14 08:37:35 ----A---- C:\Windows\system32\ie4uinit.exe
2013-06-14 08:37:32 ----A---- C:\Windows\system32\wininet.dll
2013-06-13 09:06:48 ----A---- C:\Windows\system32\d3d11.dll
2013-06-13 09:06:46 ----A---- C:\Windows\system32\cryptdlg.dll
2013-06-13 09:06:43 ----A---- C:\Windows\system32\win32spl.dll
2013-06-13 09:06:41 ----A---- C:\Windows\system32\certutil.exe
2013-06-13 09:06:40 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-13 09:06:40 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-13 09:06:40 ----A---- C:\Windows\system32\crypt32.dll
2013-06-13 09:06:40 ----A---- C:\Windows\system32\certenc.dll
2013-06-13 09:06:36 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-06-13 09:06:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-06-13 09:06:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-05-27 20:11:31 ----D---- C:\Program Files\Western Digital
2013-05-27 20:11:31 ----D---- C:\Program Files\Common Files\Western Digital
2013-05-27 20:11:06 ----D---- C:\ProgramData\Western Digital
2013-05-21 13:29:16 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2013-06-19 19:50:30 ----D---- C:\Windows\Temp
2013-06-19 19:50:30 ----A---- C:\Windows\system32\log.txt
2013-06-19 19:50:23 ----SHD---- C:\System Volume Information
2013-06-19 19:48:25 ----D---- C:\Windows\System32
2013-06-19 19:48:21 ----A---- C:\Windows\system32\DTVWizard_LOG.txt
2013-06-19 19:48:20 ----D---- C:\Program Files\QIP 2010
2013-06-19 19:47:07 ----D---- C:\Windows\system32\config
2013-06-19 19:40:44 ----RD---- C:\Program Files
2013-06-19 19:39:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-19 19:39:20 ----D---- C:\Windows\inf
2013-06-19 18:34:58 ----HD---- C:\ProgramData
2013-06-19 18:34:58 ----D---- C:\Windows\Tasks
2013-06-19 18:32:47 ----D---- C:\Program Files\Common Files
2013-06-18 23:51:25 ----D---- C:\Windows\Prefetch
2013-06-18 23:50:07 ----D---- C:\Program Files\Opera
2013-06-18 23:49:07 ----D---- C:\Windows\system32\catroot
2013-06-18 23:43:03 ----D---- C:\Windows
2013-06-18 11:04:02 ----D---- C:\Windows\system32\catroot2
2013-06-16 13:00:09 ----D---- C:\Windows\rescache
2013-06-16 12:20:05 ----D---- C:\Program Files\Mozilla Thunderbird
2013-06-15 12:25:35 ----D---- C:\Windows\system32\wdi
2013-06-15 11:57:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-06-14 09:03:21 ----D---- C:\Windows\winsxs
2013-06-14 09:01:26 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-06-14 09:00:00 ----D---- C:\Windows\system32\cs-CZ
2013-06-14 09:00:00 ----D---- C:\Program Files\Internet Explorer
2013-06-14 08:59:59 ----D---- C:\Windows\system32\drivers
2013-06-14 08:44:26 ----SHD---- C:\Windows\Installer
2013-06-14 08:44:06 ----HD---- C:\Config.Msi
2013-06-14 08:44:06 ----D---- C:\ProgramData\Microsoft Help
2013-06-14 08:39:52 ----A---- C:\Windows\system32\MRT.exe
2013-06-07 11:05:52 ----D---- C:\ProgramData\firebird
2013-06-04 15:02:15 ----D---- C:\Windows\system32\Tasks
2013-05-27 20:11:33 ----D---- C:\Windows\system32\DriverStore
2013-05-21 21:04:30 ----D---- C:\Users\Administrator\AppData\Roaming\hpqLog
2013-05-21 13:34:32 ----D---- C:\Windows\system32\NDF

#7 Příspěvek od **vyosek** » 19 čer 2013 18:57

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

sorcer · #8 Příspěvek od **sorcer** » 19 čer 2013 19:05

Na AVG rozhodně netrvám.

# AdwCleaner v2.303 - Log vytvooen 19/06/2013 v 20:04:46
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (32 bits)
# Uživatel : Administrator - PETRA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Administrator\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\ProgramData\AVG Secure Search
Složka Nalezeno : C:\ProgramData\AVG Security Toolbar
Složka Nalezeno : C:\Users\Administrator\AppData\Local\AVG Secure Search
Složka Nalezeno : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
Složka Nalezeno : C:\Users\Administrator\AppData\Roaming\OpenCandy
Soubor Nalezeno : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Hodnota Nalezeno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Klíe Nalezeno : HKCU\Software\AVG Secure Search
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\Software\AVG Secure Search
Klíe Nalezeno : HKLM\Software\AVG Security Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\S
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Klíe Nalezeno : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16611

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.qip.ru/ie
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e45gsnfa.default\prefs.js

[OK] Soubor je eistý.

-\\ Opera v12.15.1748.0

Soubor : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini

Nalezeno : Home URL=hxxp://qip.ru

*************************

AdwCleaner[R1].txt - [5561 octets] - [19/06/2013 20:04:46]

########## EOF - C:\AdwCleaner[R1].txt - [5621 octets] ##########

#9 Příspěvek od **vyosek** » 19 čer 2013 19:35

Avg je spise parodie na antivir

Odinstalujte Avg

Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

Ulozte nejlepe na Plochu
Spustte tradicne dvouklikem a postupujte dle pokynu utility
Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

sorcer · #10 Příspěvek od **sorcer** » 19 čer 2013 21:21

AdwCleaner

# AdwCleaner v2.303 - Log vytvooen 19/06/2013 v 22:08:57
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (32 bits)
# Uživatel : Administrator - PETRA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Administrator\Desktop\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\ProgramData\AVG Secure Search
Složka Vymazáno : C:\ProgramData\AVG Security Toolbar
Složka Vymazáno : C:\Users\Administrator\AppData\Local\AVG Secure Search
Složka Vymazáno : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
Složka Vymazáno : C:\Users\Administrator\AppData\Roaming\OpenCandy
Soubor Vymazáno : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Hodnota Vymazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Klíe Vymazáno : HKCU\Software\AVG Secure Search
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\Software\AVG Secure Search
Klíe Vymazáno : HKLM\Software\AVG Security Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\S
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Klíe Vymazáno : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16611

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.qip.ru/ie --> hxxp://www.google.com
Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e45gsnfa.default\prefs.js

[OK] Soubor je eistý.

-\\ Opera v12.15.1748.0

Soubor : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [5690 octets] - [19/06/2013 20:04:46]
AdwCleaner[S1].txt - [5592 octets] - [19/06/2013 22:08:57]

########## EOF - C:\AdwCleaner[S1].txt - [5652 octets] ##########

S_Check

Results of screen317's Security Check version 0.99.66
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 16
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (21.0)
Mozilla Thunderbird 12.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast setup avast.setup
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#11 Příspěvek od **vyosek** » 20 čer 2013 07:31

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

Ulozte nejlepe na Plochu
U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
Kliknete na Scan
Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

sorcer · #12 Příspěvek od **sorcer** » 20 čer 2013 09:23

FSS

Farbar Service Scanner Version: 16-06-2013
Ran by Administrator (administrator) on 20-06-2013 at 10:22:31
Running from "C:\Users\Administrator\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-13 09:06] - [2013-05-08 07:38] - 1293672 ____A (Microsoft Corporation) D32FDAC73FCD76B85389C39BC1087F2A

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-13 09:06] - [2013-05-13 06:45] - 0140288 ____A (Microsoft Corporation) 3897DFF247D9ED0006190349DE264E14

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#13 Příspěvek od **vyosek** » 20 čer 2013 09:48

Jak se chova PC

sorcer · #14 Příspěvek od **sorcer** » 20 čer 2013 09:49

Dosud žándné komplikace.

Myslíte že je již čisté ?

#15 Příspěvek od **vyosek** » 20 čer 2013 09:49

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Prosim o kontrolu - Policie Čr

Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr