VIRY.CZ

Dobrý večer, prosím o kontrolu + skript. Vkládám log z FRST (problém s virem Policie ČR)

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2013
Ran by Administrator (administrator) on 18-06-2013 23:44:05
Running from G:\
Windows 7 Home Premium Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-05] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-03] (Synaptics Incorporated)
HKLM\...\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start [256056 2010-03-01] (Hewlett-Packard Company)
HKLM\...\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [101888 2010-06-09] (Leadtek Research Inc.)
HKLM\...\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1226928 2013-05-22] (AVG Secure Search)
HKLM\...\Run: [Nástroj WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-06-13] (Western Digital)
HKLM\...\Run: [Nástroj WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... e3ef6af964 [x]
HKCU\...\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash [495616 2007-07-02] (Gadwin Systems, Inc)
HKCU\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [248208 2013-03-22] (TomTom)
HKCU\...\Run: [QIP Internet Guardian] C:\Users\Administrator\AppData\Roaming\QipGuard\QipGuard.exe /p [190336 2011-07-18] (QIP.ru)
HKCU\...\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun [6812032 2011-07-18] (QIP)
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\jljm1.dat,XFG00 [143360 2013-06-18] (Microsoft Corporation) <===== ATTENTION
MountPoints2: {1d892b84-c975-11e0-a047-70f395818afc} - G:\AutoRun.exe
MountPoints2: {bfe55399-c7f0-11df-b7ce-70f395818afc} - G:\setup_vmc_lite.exe /checkApplicationPresence
MountPoints2: {bfe553a1-c7f0-11df-b7ce-70f395818afc} - G:\setup_vmc_lite.exe /checkApplicationPresence
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP Print View Resource Center.lnk
ShortcutTarget: HP Print View Resource Center.lnk -> C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe (Hewlett-Packard)
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~2\jljm1.dat (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /syncC:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
HKLM SearchScopes: DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
HKCU SearchScopes: DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {683D6B03-527E-4936-B090-16BA0E605099} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={C14B ... 2011-12-05 12:26:45&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO: Skype Plug-In - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e45gsnfa.default
FF Homepage: hxxp://qip.ru
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2233400 2007-03-15] ()
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 avgfws; C:\Program Files\AVG\AVG10\avgfws.exe [2708024 2011-03-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
R2 hpHotkeyMonitor; C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [264248 2010-03-01] (Hewlett-Packard Company)
R2 QipGuard; C:\Program Files\QipGuard\QipGuard.exe [190336 2011-07-18] (QIP.ru)
R2 UleadBurningHelper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [49152 2004-12-13] (Ulead Systems, Inc.)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-22] (AVG Secure Search)
R2 WDBackup; C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe [1151424 2012-06-14] (Western Digital )
R2 WDDriveService; C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-06-13] (Western Digital)
S2 Winmgmt; C:\PROGRA~2\jljm1.dat [143360 2013-06-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [54112 2010-07-12] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [134480 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [22992 2011-02-22] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [24144 2011-02-10] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\Windows\System32\DRIVERS\AVGIDSShim.Sys [21968 2011-02-10] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [255968 2012-11-12] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [34896 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [32592 2011-03-16] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [297168 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-05-22] (AVG Technologies)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [922496 2008-10-31] (NXP Semiconductors Germany GmbH)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1763968 2009-12-18] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2010-10-02] ()
R3 ULCDRHlp; C:\Windows\System32\Drivers\ULCDRHlp.sys [27392 2004-12-23] (Ulead Systems, Inc.)
S3 ZTEusbnet; C:\Windows\System32\DRIVERS\ZTEusbnet.sys [110080 2008-12-08] (ZTE Corporation)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files\CyberLink\PowerDVD8\000.fcl [61424 2008-06-27] (Cyberlink Corp.)
S3 Huawei; system32\DRIVERS\ewdcsc.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]
S3 StarOpen; No ImagePath
S3 STHDA; system32\DRIVERS\stwrt.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-18 23:42 - 2013-06-18 23:42 - 00000000 ____D C:\FRST
2013-06-18 10:50 - 2013-06-18 23:30 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-18 10:50 - 2013-06-18 23:28 - 95023320 ___AT C:\ProgramData\1mjlj.pad
2013-06-18 10:50 - 2013-06-18 10:50 - 95023320 ___AT C:\ProgramData\z6ejejr.pad
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\rjeje6z.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\jljm1.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-18 10:50 - 2013-06-18 10:50 - 00002645 ____A C:\ProgramData\1mjlj.js
2013-06-14 08:42 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-14 08:42 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-14 08:42 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-14 08:42 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-14 08:42 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-14 08:42 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-14 08:37 - 2013-05-17 03:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-14 08:37 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-14 08:37 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-14 08:37 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-13 09:06 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-13 09:06 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-13 09:06 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-13 09:06 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-13 09:06 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-13 09:06 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-13 09:06 - 2013-05-08 07:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-13 09:06 - 2013-05-06 07:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-06-13 09:06 - 2013-05-06 07:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-06-13 09:06 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-13 09:06 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-13 09:06 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-04 15:02 - 2013-06-18 23:30 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-05-30 18:17 - 2013-05-30 20:02 - 942704269 ____A () C:\Users\Administrator\Downloads\GTA-San-Andreas.exe
2013-05-27 20:14 - 2013-05-27 20:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Western_Digital
2013-05-27 20:12 - 2013-05-27 20:12 - 00001150 ____A C:\Users\Public\Desktop\WD SmartWare.lnk
2013-05-27 20:11 - 2013-05-27 20:14 - 00000000 ____D C:\ProgramData\Western Digital
2013-05-27 20:11 - 2013-05-27 20:12 - 00000000 ____D C:\Program Files\Western Digital
2013-05-27 20:11 - 2013-05-27 20:11 - 00001179 ____A C:\Users\Public\Desktop\Software WD Security.lnk
2013-05-27 20:11 - 2013-05-27 20:11 - 00001111 ____A C:\Users\Public\Desktop\Nástroje WD Drive Utilities.lnk
2013-05-27 20:11 - 2013-05-27 20:11 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-05-22 19:49 - 2013-05-22 19:50 - 00003714 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-05-21 13:29 - 2013-05-21 21:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-20 11:30 - 2013-05-20 11:31 - 00308353 ____A C:\Users\Administrator\Downloads\download.php

==================== One Month Modified Files and Folders ========

2013-06-18 23:42 - 2013-06-18 23:42 - 00000000 ____D C:\FRST
2013-06-18 23:42 - 2009-07-14 06:39 - 00107556 ____A C:\Windows\setupact.log
2013-06-18 23:41 - 2009-07-14 06:34 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-18 23:41 - 2009-07-14 06:34 - 00015008 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-18 23:30 - 2013-06-18 10:50 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-18 23:30 - 2013-06-04 15:02 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-06-18 23:30 - 2011-02-19 13:31 - 00000000 ____D C:\Program Files\QIP 2010
2013-06-18 23:29 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-18 23:28 - 2013-06-18 10:50 - 95023320 ___AT C:\ProgramData\1mjlj.pad
2013-06-18 11:18 - 2010-09-18 15:26 - 01644878 ____A C:\Windows\WindowsUpdate.log
2013-06-18 10:50 - 2013-06-18 10:50 - 95023320 ___AT C:\ProgramData\z6ejejr.pad
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\rjeje6z.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\jljm1.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-18 10:50 - 2013-06-18 10:50 - 00002645 ____A C:\ProgramData\1mjlj.js
2013-06-18 10:48 - 2012-04-05 07:47 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-18 08:49 - 2010-09-18 15:35 - 01478586 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-17 22:20 - 2011-10-01 19:54 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-06-16 22:22 - 2010-09-25 16:15 - 00000000 ____D C:\Users\Administrator\Documents\PrintScreen Files
2013-06-16 13:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-16 12:20 - 2010-09-19 19:25 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2013-06-15 11:57 - 2012-04-05 07:47 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-15 11:57 - 2011-05-19 08:07 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-14 09:01 - 2012-10-18 09:04 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-14 08:44 - 2010-09-19 11:00 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-14 08:39 - 2010-09-18 16:51 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-08 13:42 - 2013-06-14 08:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 13:40 - 2013-06-14 08:42 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 13:40 - 2013-06-14 08:42 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 13:40 - 2013-06-14 08:42 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 13:40 - 2013-06-14 08:42 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:13 - 2013-06-14 08:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-07 11:05 - 2012-08-08 12:11 - 00000000 ____D C:\ProgramData\firebird
2013-06-04 02:21 - 2011-12-05 13:27 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-05-30 20:02 - 2013-05-30 18:17 - 942704269 ____A () C:\Users\Administrator\Downloads\GTA-San-Andreas.exe
2013-05-27 20:14 - 2013-05-27 20:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\Western_Digital
2013-05-27 20:14 - 2013-05-27 20:11 - 00000000 ____D C:\ProgramData\Western Digital
2013-05-27 20:12 - 2013-05-27 20:12 - 00001150 ____A C:\Users\Public\Desktop\WD SmartWare.lnk
2013-05-27 20:12 - 2013-05-27 20:11 - 00000000 ____D C:\Program Files\Western Digital
2013-05-27 20:12 - 2010-09-18 16:19 - 00018022 ____A C:\Windows\DPINST.LOG
2013-05-27 20:11 - 2013-05-27 20:11 - 00001179 ____A C:\Users\Public\Desktop\Software WD Security.lnk
2013-05-27 20:11 - 2013-05-27 20:11 - 00001111 ____A C:\Users\Public\Desktop\Nástroje WD Drive Utilities.lnk
2013-05-27 20:11 - 2013-05-27 20:11 - 00000000 ____D C:\Program Files\Common Files\Western Digital
2013-05-27 20:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-05-22 19:50 - 2013-05-22 19:49 - 00003714 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-05-22 19:48 - 2012-11-09 09:03 - 00037664 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-05-21 21:04 - 2010-09-18 16:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\hpqLog
2013-05-21 21:03 - 2013-05-21 13:29 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-21 13:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\NDF
2013-05-20 11:31 - 2013-05-20 11:30 - 00308353 ____A C:\Users\Administrator\Downloads\download.php

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\1mjlj.pad
C:\ProgramData\jljm1.dat
C:\ProgramData\rjeje6z.dat
C:\ProgramData\z6ejejr.pad

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-16 12:50

==================== End Of Log ============================

FRST - Additon

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2013
Ran by Administrator at 2013-06-18 23:45:17 Run:
Running from G:\
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 7.1.8)
Acronis Disk Director Suite (Version: 10.0.2161)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.6) - Czech (Version: 10.1.6)
AIMP2
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)
Ashampoo Burning Studio 2010 (Version: 9.1.0)
ATI Catalyst Install Manager (Version: 3.0.778.0)
AVG 2011 (Version: 10.0.1432)
AVG 2011 (Version: 10.0.3199)
AVG Security Toolbar (Version: 15.2.0.5)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0805.358.5180)
Catalyst Control Center InstallProxy (Version: 2010.0805.358.5180)
Catalyst Control Center Localization All (Version: 2010.0805.358.5180)
CCC Help Czech (Version: 2010.0805.0357.5180)
CCC Help Danish (Version: 2010.0805.0357.5180)
CCC Help Dutch (Version: 2010.0805.0357.5180)
CCC Help English (Version: 2010.0805.0357.5180)
CCC Help Finnish (Version: 2010.0805.0357.5180)
CCC Help French (Version: 2010.0805.0357.5180)
CCC Help German (Version: 2010.0805.0357.5180)
CCC Help Greek (Version: 2010.0805.0357.5180)
CCC Help Hungarian (Version: 2010.0805.0357.5180)
CCC Help Chinese Standard (Version: 2010.0805.0357.5180)
CCC Help Chinese Traditional (Version: 2010.0805.0357.5180)
CCC Help Italian (Version: 2010.0805.0357.5180)
CCC Help Japanese (Version: 2010.0805.0357.5180)
CCC Help Korean (Version: 2010.0805.0357.5180)
CCC Help Norwegian (Version: 2010.0805.0357.5180)
CCC Help Polish (Version: 2010.0805.0357.5180)
CCC Help Portuguese (Version: 2010.0805.0357.5180)
CCC Help Russian (Version: 2010.0805.0357.5180)
CCC Help Spanish (Version: 2010.0805.0357.5180)
CCC Help Swedish (Version: 2010.0805.0357.5180)
CCC Help Thai (Version: 2010.0805.0357.5180)
CCC Help Turkish (Version: 2010.0805.0357.5180)
ccc-core-static (Version: 2010.0805.358.5180)
ccc-utility (Version: 2010.0805.358.5180)
Codec-TS SDK
CyberLink PowerDVD 8 (Version: 8.0.1730)
De-interlace SDK
FastStone Image Viewer 4.2 (Version: 4.2)
FlatOut Demo (Version: 1.01.0000)
Gadwin PrintScreen (Version: 4.2)
GOM Player (Version: 2.1.49.5139)
HP 3D DriveGuard (Version: 4.0.4.1)
HP HotKey Support (Version: 3.5.15.1)
HP Print View Software
HP Print View Software (Version: 2.0.1.0)
HP Update (Version: 4.000.009.002)
HP Webcam Driver (Version: 5.8.50012.0)
Intel(R) Management Engine Components (Version: 6.0.0.1179)
Java(TM) 6 Update 16 (Version: 6.0.160)
kinder v2
LSI HDA Modem (Version: 2.2.98)
MailStore Home 7.0.7.7671 (Version: 7.0.7.7671)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Slovak) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Czech) 2007 (Version: 12.0.4518.1025)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MozBackup 1.4.10
Mozilla Firefox 21.0 (x86 cs) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
Mozilla Thunderbird 12.0.1 (x86 cs) (Version: 12.0.1)
Nástroje WD Drive Utilities (Version: 1.0.1.5)
OpenOffice.org 3.2 (Version: 3.2.9505)
Opera 11.00 (Version: 11.00)
Opera 12.02 (Version: 12.02.1578)
Paint.NET v3.5.8 (Version: 3.58.0)
QIP 2010 3.1.5890 (Version: 3.1.5890)
QIP Infium 3.0.9042 (Version: 3.0.9042)
QIP Internet Guardian
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30109)
Skype Toolbars (Version: 5.0.4126)
Skype™ 6.1 (Version: 6.1.129)
Software WD Security (Version: 1.0.1.5)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
TMPGEnc 4.0 XPress Special Trial Version (Version: 4.7.1.284)
TomTom HOME (Version: 2.9.5)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Total Commander (Remove or Repair) (Version: 7.55)
TT-SB SDK
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
WD SmartWare (Version: 1.6.2.6)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinFast Multimedia Driver Installation (Version: )
WinFast PVR2 (Version: 2.0.3.33)
WinRAR
Zoner Photo Studio 14 (Version: 14.0.1.3)

==================== Restore Points =========================

Could not list Restore Points.

==================== Scheduled Tasks (whitelisted) =============

Task: {158EB308-82BF-424D-9CD6-002DE7D2BCAC} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{EFF8B5BC-5444-4D1D-88D5-FC72F2E4C526}.exe No File
Task: {362D9C1C-3096-42FE-A608-62B26BD833D0} - System32\Tasks\Online aktualizační program HP => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08] (Hewlett-Packard)
Task: {3FF4C9F7-BCF7-440A-8A54-AB742A6E6CD5} - System32\Tasks\Program k provádění aktualizací online Adobe => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {512E6ACA-53E8-49E5-A702-5793DAB155CF} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2010-09-18] (Microsoft Corporation)
Task: {7CB552CD-4098-42D6-A4B6-1E49265E82EA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-15] (Adobe Systems Incorporated)
Task: {89D8EAF9-3B9B-4877-89C2-E5DD560E34AA} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
Task: {B77FA7AC-EC0F-438D-BD64-6C1ED51FF3FA} - System32\Tasks\{4C3CE1CC-3A03-4431-B23A-45B67D1E9F22} => C:\Program Files\Skype\Phone\Skype.exe [2013-01-08] (Skype Technologies S.A.)
Task: {EA73834B-BDED-4B90-B27F-A2E91174C5DD} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {EFDF64AB-2010-4C28-8239-251D1FAF2DB8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {F301328E-5F4D-492B-B758-048B87D8A129} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-11] (Microsoft Corporation)
Task: {F458E142-DF2B-4FE8-B618-439B6683FEE1} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)

==================== Faulty Device Manager Devices =============

Could not list Devices.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/16/2013 00:52:09 PM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota * atributu language v prvku assemblyIdentity je neplatná.

Error: (06/15/2013 00:23:56 PM) (Source: Application Error) (User: )
Description: Název chybující aplikace: WDBackupEngine.exe, verze: 1.6.1.2, časové razítko: 0x4fda26d7
Název chybujícího modulu: System.Data.SQLite.dll, verze: 1.0.78.0, časové razítko: 0x4f227a54
Kód výjimky: 0xc0000005
Posun chyby: 0x0004d20a
ID chybujícího procesu: 0xcd4
Čas spuštění chybující aplikace: 0xWDBackupEngine.exe0
Cesta k chybující aplikaci: WDBackupEngine.exe1
Cesta k chybujícímu modulu: WDBackupEngine.exe2
ID zprávy: WDBackupEngine.exe3

Error: (06/15/2013 00:23:38 PM) (Source: .NET Runtime) (User: )
Description: Aplikace: WDBackupEngine.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.AccessViolationException
Zásobník:
na System.Data.SQLite.UnsafeNativeMethods.sqlite3_column_int64(IntPtr, Int32)
na System.Data.SQLite.SQLite3.GetInt64(System.Data.SQLite.SQLiteStatement, Int32)
na System.Data.SQLite.SQLiteDataReader.GetInt64(Int32)
na BackupManifest.GetFile(System.Data.IDataReader)
na BackupEngine.CheckSource(System.String, System.Data.IDataReader, Boolean)
na BackupEngine.CheckSource(System.String)
na BackupEngine.VerifySourcesThreadProc()
na System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Threading.ThreadHelper.ThreadStart()

Error: (06/15/2013 00:06:36 PM) (Source: Application Hang) (User: )
Description: Program CD2_Sid.exe verze 1.0.0.1 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 1e7c

Čas spuštění: 01ce69af81b0aaf8

Čas ukončení: 60000

Cesta k aplikaci: F:\CD2_Sid.exe

ID hlášení: 15a80fc4-d5a3-11e2-97bb-70f395818afc

Error: (06/07/2013 11:31:48 PM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota * atributu language v prvku assemblyIdentity je neplatná.

Error: (06/04/2013 03:01:56 PM) (Source: VSS) (User: )
Description: Chyba služby Stínová kopie svazků: Neočekávaná chyba DeviceIoControl(\\?\Volume{ef3faa2f-c327-11df-8af7-806e6f6e6963} - 00000174,0x0053c008,00D92B80,0,00D93B88,4096,[0]). hr = 0x80070079, Časový limit semaforu vypršel.
.

Operace:
Probíhá zpracování události EndPrepareSnapshots

Kontext:
Kontext spuštění: System Provider

Error: (06/03/2013 03:49:29 PM) (Source: VSS) (User: )
Description: Chyba služby Stínová kopie svazků: Neočekávaná chyba DeviceIoControl(\\?\Volume{ef3faa2f-c327-11df-8af7-806e6f6e6963} - 00000178,0x0053c008,00D92B68,0,00D93B70,4096,[0]). hr = 0x80070079, Časový limit semaforu vypršel.
.

Operace:
Probíhá zpracování události EndPrepareSnapshots

Kontext:
Kontext spuštění: System Provider

Error: (06/02/2013 07:13:03 AM) (Source: VSS) (User: )
Description: Chyba služby Stínová kopie svazků: Neočekávaná chyba DeviceIoControl(\\?\Volume{ef3faa2f-c327-11df-8af7-806e6f6e6963} - 00000180,0x0053c008,00D92190,0,00D90180,4096,[0]). hr = 0x80070079, Časový limit semaforu vypršel.
.

Operace:
Probíhá zpracování události EndPrepareSnapshots

Kontext:
Kontext spuštění: System Provider

Error: (05/29/2013 02:36:19 PM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro assemblyIdentity1 se nezdařilo. Chyba v souboru manifestu nebo zásady assemblyIdentity2 na řádku assemblyIdentity3.
Hodnota * atributu language v prvku assemblyIdentity je neplatná.

Error: (05/28/2013 06:40:53 AM) (Source: VSS) (User: )
Description: Chyba služby Stínová kopie svazků: Neočekávaná chyba DeviceIoControl(\\?\Volume{ef3faa2f-c327-11df-8af7-806e6f6e6963} - 00000060,0x0053c008,00C83E40,0,00C85E50,4096,[0]). hr = 0x80070079, Časový limit semaforu vypršel.
.

Operace:
Probíhá zpracování události EndPrepareSnapshots

Kontext:
Kontext spuštění: System Provider

System errors:
=============
Error: (06/18/2013 11:47:18 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:46:48 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:46:18 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:45:48 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:45:18 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:44:48 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:44:18 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:43:48 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:43:18 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (06/18/2013 11:42:48 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Microsoft Office Sessions:
=========================
Error: (08/01/2012 01:15:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/22/2012 00:21:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/24/2011 01:56:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3575 seconds with 360 seconds of active time. This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 3055.43 MB
Available physical RAM: 2146.07 MB
Total Pagefile: 6109.15 MB
Available Pagefile: 4855.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.1 MB

==================== Drives ================================

Drive c: (SYSTEM) (Fixed) (Total:50.5 GB) (Free:12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRACOVNI) (Fixed) (Total:272.83 GB) (Free:241.47 GB) NTFS
Drive e: (DATA) (Fixed) (Total:272.83 GB) (Free:183.74 GB) NTFS
Drive g: (PENDRIVE) (Removable) (Total:3.72 GB) (Free:1.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 99F3445E)
Partition 1: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=546 GB) - (Type=05)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)

==================== End Of Log ============================

Zdravim a pekny den preji

Vas log se studuje Obrázek

a pracuje se na nem Obrázek

.
Prosim o strpeni! Obrázek

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

HKLM\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... jctVk9YVUw"&"inst=NzctNzUwNDUxNjEyLVNUMTJPSSsxLUREVCswLUVVTEErMS1TVDEyQVBQKzE"&"prod=55"&"ver=2012.0.1809"&"mid=0beda036d56947d18866a1bad365630f-295e8afe83ae297d9ff84ed9468a2de3ef6af964 [x]
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1226928 2013-05-22] (AVG Secure Search)
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\jljm1.dat,XFG00 [143360 2013-06-18] (Microsoft Corporation) <===== ATTENTION
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~2\jljm1.dat (Microsoft Corporation)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
HKLM SearchScopes: DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKLM - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
HKCU SearchScopes: DefaultScope {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {683D6B03-527E-4936-B090-16BA0E605099} URL = http://www.webhledani.cz/results.aspx?i=42&tp=ie&q={searchTerms}
SearchScopes: HKCU - {95289393-33EA-4F8D-B952-483415B9C955} URL = http://search.qip.ru/?query={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={C14BE25A-A35D-4A1A-B043-1B0C1BC8A884}&mid=0beda036d56947d18866a1bad365630f-295e8afe83ae297d9ff84ed9468a2de3ef6af964&lang=cz&ds=AVG&pr=pa&d=2011-12-05 12:26:45&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} URL = http://search.qip.ru/search?query={searchTerms}&from=IE
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU -No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
FF Homepage: hxxp://qip.ru
S3 AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
R2 QipGuard; C:\Program Files\QipGuard\QipGuard.exe [190336 2011-07-18] (QIP.ru)
R2 vToolbarUpdater15.2.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-22] (AVG Secure Search)
C:\Program Files\Common Files\AVG Secure Search
S2 Winmgmt; C:\PROGRA~2\jljm1.dat [143360 2013-06-18] (Microsoft Corporation)
S3 StarOpen; No ImagePath
2013-06-18 10:50 - 2013-06-18 23:30 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-18 10:50 - 2013-06-18 23:28 - 95023320 ___AT C:\ProgramData\1mjlj.pad
2013-06-18 10:50 - 2013-06-18 10:50 - 95023320 ___AT C:\ProgramData\z6ejejr.pad
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\rjeje6z.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00143360 ____A (Microsoft Corporation) C:\ProgramData\jljm1.dat
2013-06-18 10:50 - 2013-06-18 10:50 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-18 10:50 - 2013-06-18 10:50 - 00002645 ____A C:\ProgramData\1mjlj.js
2013-06-18 23:30 - 2013-06-04 15:02 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-05-22 19:50 - 2013-05-22 19:49 - 00003714 ____A C:\Program Files\Mozilla Firefoxavg-secure-search.xml
C:\Program Files\QipGuard
C:\Program Files\AVG\AVG10\Toolbar
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
C:\Program Files\AVG Secure Search

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

Kliknete na Fix
Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

Děkuji.

Normální režim nabíhá bez potíží.

FRST FIXLOG

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-06-2013
Ran by Administrator at 2013-06-19 18:34:58 Run:2
Running from G:\
Boot Mode: Safe Mode (minimal)

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\vProt => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe => Value not found.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk not found.
C:\PROGRA~2\jljm1.dat not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} => Value not found.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Value not found.
HKCR\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} => Key deleted successfully.
HKCR\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{683D6B03-527E-4936-B090-16BA0E605099} => Key not found.
HKCR\CLSID\{683D6B03-527E-4936-B090-16BA0E605099} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKCR\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKCR\CLSID\{95289393-33EA-4F8D-B952-483415B9C955} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Value not found.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
HKCR\PROTOCOLS\Handler\viprotocol => Key not found.
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Key not found.
Firefox homepage deleted successfully.
AVG Security Toolbar Service => Service not found.
QipGuard => Service not found.
vToolbarUpdater15.2.0 => Service not found.
C:\Program Files\Common Files\AVG Secure Search => File/Directory not found.
Winmgmt => Service restored successfully.
StarOpen => Service not found.
C:\ProgramData\kjhy64.txt => File/Directory not found.
C:\ProgramData\1mjlj.pad => File/Directory not found.
C:\ProgramData\z6ejejr.pad => File/Directory not found.
C:\ProgramData\rjeje6z.dat => File/Directory not found.
C:\ProgramData\jljm1.dat => File/Directory not found.
C:\ProgramData\rundll32.exe => File/Directory not found.
C:\ProgramData\1mjlj.js => Moved successfully.
C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
C:\Program Files\Mozilla Firefoxavg-secure-search.xml => Moved successfully.
C:\Program Files\QipGuard => Moved successfully.
C:\Program Files\AVG\AVG10\Toolbar => Moved successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll => Moved successfully.
C:\Program Files\AVG Secure Search => Moved successfully.

==== End of Fixlog ====

Poprosim o log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

RSIT lze spustit, ale proběhně jen do 75% a pak vyskočí chybové hlášení.

A to i když jej spouštím jako správce.
I v nouzovém režimu.
I když jej přejmenuji.

Chybovové hlášení:

AutoIt Error
Line -1:
Error: Variable used without being declared.

Níže posílám log z nedokončeného RSITU.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2013-06-19 19:53:02
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 12 GB (24%) free of 52 GB
Total RAM: 3055 MB (64% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-05 98304]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-03 1791272]
"QLBController"=C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]
"WinFastDTV"=C:\Program Files\WinFast\WFDTV\DTVSchdl.exe [2010-06-09 101888]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2012-08-01 2345592]
"Nástroj WD Drive Unlocker"=C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe [2012-06-13 1688008]
"Nástroj WD Quick View"=C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe [2012-06-14 5235128]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Gadwin PrintScreen"=C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe [2007-07-02 495616]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2013-03-22 248208]
"QIP Internet Guardian"=C:\Users\Administrator\AppData\Roaming\QipGuard\QipGuard.exe [2011-07-18 190336]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2011-07-18 6812032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2008-06-27 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18705664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2010-09-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-08-11 2920448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-06-07 1195520]

C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
HP Print View Resource Center.lnk - C:\Program Files\Hewlett-Packard\HP Print View Software\HP Print View Resource Center\HPPrintViewResourceCenter.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1d892b84-c975-11e0-a047-70f395818afc}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfe55399-c7f0-11df-b7ce-70f395818afc}]
shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bfe553a1-c7f0-11df-b7ce-70f395818afc}]
shell\AutoRun\command - G:\setup_vmc_lite.exe /checkApplicationPresence

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-06-19 19:40:44 ----D---- C:\rsit
2013-06-19 19:40:44 ----D---- C:\Program Files\trend micro
2013-06-18 23:42:58 ----D---- C:\FRST
2013-06-18 23:27:49 ----A---- C:\Windows\ntbtlog.txt
2013-06-14 08:42:31 ----A---- C:\Windows\system32\urlmon.dll
2013-06-14 08:42:31 ----A---- C:\Windows\system32\ieui.dll
2013-06-14 08:42:29 ----A---- C:\Windows\system32\ieframe.dll
2013-06-14 08:42:28 ----A---- C:\Windows\system32\mshtml.dll
2013-06-14 08:42:28 ----A---- C:\Windows\system32\iertutil.dll
2013-06-14 08:37:38 ----A---- C:\Windows\system32\jscript.dll
2013-06-14 08:37:37 ----A---- C:\Windows\system32\jscript9.dll
2013-06-14 08:37:36 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-14 08:37:36 ----A---- C:\Windows\system32\iesetup.dll
2013-06-14 08:37:35 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-06-14 08:37:35 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-14 08:37:35 ----A---- C:\Windows\system32\iesysprep.dll
2013-06-14 08:37:35 ----A---- C:\Windows\system32\iernonce.dll
2013-06-14 08:37:35 ----A---- C:\Windows\system32\ie4uinit.exe
2013-06-14 08:37:32 ----A---- C:\Windows\system32\wininet.dll
2013-06-13 09:06:48 ----A---- C:\Windows\system32\d3d11.dll
2013-06-13 09:06:46 ----A---- C:\Windows\system32\cryptdlg.dll
2013-06-13 09:06:43 ----A---- C:\Windows\system32\win32spl.dll
2013-06-13 09:06:41 ----A---- C:\Windows\system32\certutil.exe
2013-06-13 09:06:40 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-13 09:06:40 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-13 09:06:40 ----A---- C:\Windows\system32\crypt32.dll
2013-06-13 09:06:40 ----A---- C:\Windows\system32\certenc.dll
2013-06-13 09:06:36 ----A---- C:\Windows\system32\WindowsCodecs.dll
2013-06-13 09:06:34 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-06-13 09:06:34 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-05-27 20:11:31 ----D---- C:\Program Files\Western Digital
2013-05-27 20:11:31 ----D---- C:\Program Files\Common Files\Western Digital
2013-05-27 20:11:06 ----D---- C:\ProgramData\Western Digital
2013-05-21 13:29:16 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2013-06-19 19:50:30 ----D---- C:\Windows\Temp
2013-06-19 19:50:30 ----A---- C:\Windows\system32\log.txt
2013-06-19 19:50:23 ----SHD---- C:\System Volume Information
2013-06-19 19:48:25 ----D---- C:\Windows\System32
2013-06-19 19:48:21 ----A---- C:\Windows\system32\DTVWizard_LOG.txt
2013-06-19 19:48:20 ----D---- C:\Program Files\QIP 2010
2013-06-19 19:47:07 ----D---- C:\Windows\system32\config
2013-06-19 19:40:44 ----RD---- C:\Program Files
2013-06-19 19:39:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-19 19:39:20 ----D---- C:\Windows\inf
2013-06-19 18:34:58 ----HD---- C:\ProgramData
2013-06-19 18:34:58 ----D---- C:\Windows\Tasks
2013-06-19 18:32:47 ----D---- C:\Program Files\Common Files
2013-06-18 23:51:25 ----D---- C:\Windows\Prefetch
2013-06-18 23:50:07 ----D---- C:\Program Files\Opera
2013-06-18 23:49:07 ----D---- C:\Windows\system32\catroot
2013-06-18 23:43:03 ----D---- C:\Windows
2013-06-18 11:04:02 ----D---- C:\Windows\system32\catroot2
2013-06-16 13:00:09 ----D---- C:\Windows\rescache
2013-06-16 12:20:05 ----D---- C:\Program Files\Mozilla Thunderbird
2013-06-15 12:25:35 ----D---- C:\Windows\system32\wdi
2013-06-15 11:57:09 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-06-14 09:03:21 ----D---- C:\Windows\winsxs
2013-06-14 09:01:26 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-06-14 09:00:00 ----D---- C:\Windows\system32\cs-CZ
2013-06-14 09:00:00 ----D---- C:\Program Files\Internet Explorer
2013-06-14 08:59:59 ----D---- C:\Windows\system32\drivers
2013-06-14 08:44:26 ----SHD---- C:\Windows\Installer
2013-06-14 08:44:06 ----HD---- C:\Config.Msi
2013-06-14 08:44:06 ----D---- C:\ProgramData\Microsoft Help
2013-06-14 08:39:52 ----A---- C:\Windows\system32\MRT.exe
2013-06-07 11:05:52 ----D---- C:\ProgramData\firebird
2013-06-04 15:02:15 ----D---- C:\Windows\system32\Tasks
2013-05-27 20:11:33 ----D---- C:\Windows\system32\DriverStore
2013-05-21 21:04:30 ----D---- C:\Users\Administrator\AppData\Roaming\hpqLog
2013-05-21 13:34:32 ----D---- C:\Windows\system32\NDF

Trvate na antiviru AVG - u nas neni moc obliben - vysoka zatez systemu, slabsi detekce

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Na AVG rozhodně netrvám.

# AdwCleaner v2.303 - Log vytvooen 19/06/2013 v 20:04:46
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (32 bits)
# Uživatel : Administrator - PETRA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Administrator\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\ProgramData\AVG Secure Search
Složka Nalezeno : C:\ProgramData\AVG Security Toolbar
Složka Nalezeno : C:\Users\Administrator\AppData\Local\AVG Secure Search
Složka Nalezeno : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
Složka Nalezeno : C:\Users\Administrator\AppData\Roaming\OpenCandy
Soubor Nalezeno : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Hodnota Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Hodnota Nalezeno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Klíe Nalezeno : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Klíe Nalezeno : HKCU\Software\AVG Secure Search
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\Software\AVG Secure Search
Klíe Nalezeno : HKLM\Software\AVG Security Toolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\S
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Klíe Nalezeno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Klíe Nalezeno : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Klíe Nalezeno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Klíe Nalezeno : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16611

[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.qip.ru/ie
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e45gsnfa.default\prefs.js

[OK] Soubor je eistý.

-\\ Opera v12.15.1748.0

Soubor : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini

Nalezeno : Home URL=hxxp://qip.ru

*************************

AdwCleaner[R1].txt - [5561 octets] - [19/06/2013 20:04:46]

########## EOF - C:\AdwCleaner[R1].txt - [5621 octets] ##########

Avg je spise parodie na antivir

Odinstalujte Avg

Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe

Ulozte nejlepe na Plochu
Spustte tradicne dvouklikem a postupujte dle pokynu utility
Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte

AdwCleaner

# AdwCleaner v2.303 - Log vytvooen 19/06/2013 v 22:08:57
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (32 bits)
# Uživatel : Administrator - PETRA-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\Administrator\Desktop\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\ProgramData\AVG Secure Search
Složka Vymazáno : C:\ProgramData\AVG Security Toolbar
Složka Vymazáno : C:\Users\Administrator\AppData\Local\AVG Secure Search
Složka Vymazáno : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
Složka Vymazáno : C:\Users\Administrator\AppData\Roaming\OpenCandy
Soubor Vymazáno : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Hodnota Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Hodnota Vymazáno : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Klíe Vymazáno : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Klíe Vymazáno : HKCU\Software\AVG Secure Search
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\Software\AVG Secure Search
Klíe Vymazáno : HKLM\Software\AVG Security Toolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\S
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Klíe Vymazáno : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Klíe Vymazáno : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Klíe Vymazáno : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Klíe Vymazáno : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v10.0.9200.16611

Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://search.qip.ru/ie --> hxxp://www.google.com
Zaminino : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://search.qip.ru/ie --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\e45gsnfa.default\prefs.js

[OK] Soubor je eistý.

-\\ Opera v12.15.1748.0

Soubor : C:\Users\Administrator\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [5690 octets] - [19/06/2013 20:04:46]
AdwCleaner[S1].txt - [5592 octets] - [19/06/2013 22:08:57]

########## EOF - C:\AdwCleaner[S1].txt - [5652 octets] ##########

S_Check

Results of screen317's Security Check version 0.99.66
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 16
Java version out of Date!
Adobe Flash Player 11.7.700.224
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (21.0)
Mozilla Thunderbird 12.0.1 Thunderbird out of Date!
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast setup avast.setup
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

Ulozte nejlepe na Plochu
U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
Kliknete na Scan
Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

FSS

Farbar Service Scanner Version: 16-06-2013
Ran by Administrator (administrator) on 20-06-2013 at 10:22:31
Running from "C:\Users\Administrator\Desktop"
Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-13 09:06] - [2013-05-08 07:38] - 1293672 ____A (Microsoft Corporation) D32FDAC73FCD76B85389C39BC1087F2A

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-13 09:06] - [2013-05-13 06:45] - 0140288 ____A (Microsoft Corporation) 3897DFF247D9ED0006190349DE264E14

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Jak se chova PC

Dosud žándné komplikace.

Myslíte že je již čisté ?

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Prosim o kontrolu - Policie Čr

Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr

Re: Prosim o kontrolu - Policie Čr