VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Nelze spustit většina programů - bad image

https://forum.viry.cz:443/viewtopic.php?t=145049

Stránka 1 z 1

Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 10:31
od Bohunak1
The application or DLL chrome.dll is not a valid Windows image. Please check this against your installation diskette.
Chťel jsem udělat screen ale napsalo mi to: Insufficient memory to create the bitmap. Close one or more applications to increase available memory.

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 11:30
od Rudy
Zdravím!
Dejte log FRST, pokud to bude možné: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 11:48
od Bohunak1
Logfile of random's system information tool 1.10 (written by random/random)
Run by admin at 2015-07-01 11:21:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 33 GB (43%) free of 76 GB
Total RAM: 1014 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:21:48, on 1.7.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Spyware Terminator\st_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\LJ06E0LJ\RSIT[1].exe
C:\Program Files\trend micro\admin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [T-Mobile CManager] "C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0640964311
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files\Spyware Terminator\st_rsser.exe
O23 - Service: NTRU Hybrid TSS v2.0.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe

--
End of file - 6318 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AutoKMS.job - C:\windows\AutoKMS\AutoKMS.exe
C:\WINDOWS\tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job - c:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\User_Feed_Synchronization-{90B2E8F6-35F2-4844-B682-46906C8FA544}.job - C:\WINDOWS\system32\msfeedssync.exe sync

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-05-01 843776]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2006-07-21 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2006-07-21 86016]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2006-07-21 81920]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2013-03-10 88984]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"T-Mobile CManager"=C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2013-10-31 2166552]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2015-06-16 53282944]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"CCleaner Monitoring"=C:\Program Files\CCleaner\CCleaner.exe [2015-06-01 6405912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-07-21 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Visual Basic Command Line Compiler"
"C:\Program Files\Google\Chrome\Application\chrome.exe"="C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\admin\Application Data\BitTorrent\BitTorrent.exe"="C:\Documents and Settings\admin\Application Data\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Spyware Terminator\SpywareTerminator.exe"="C:\Program Files\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2015-07-01 11:21:21 ----D---- C:\Program Files\trend micro
2015-07-01 11:21:12 ----D---- C:\rsit
2015-06-30 12:17:40 ----D---- C:\WINDOWS\system32\HtmlData
2015-06-30 12:00:30 ----A---- C:\WINDOWS\AvastEmUpdate.ini
2015-06-30 11:40:00 ----D---- C:\Intel
2015-06-30 11:16:48 ----D---- C:\WINDOWS\pss
2015-06-30 11:13:08 ----D---- C:\Program Files\CCleaner
2015-06-30 09:45:34 ----D---- C:\WINDOWS\jumpshot.com
2015-06-30 09:30:31 ----D---- C:\Documents and Settings\admin\Application Data\AVAST Software
2015-06-30 09:29:02 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2015-06-30 09:29:01 ----A---- C:\WINDOWS\system32\drivers\aswVmm.sys
2015-06-30 09:29:01 ----A---- C:\WINDOWS\system32\drivers\aswsp.sys
2015-06-30 09:29:00 ----A---- C:\WINDOWS\system32\drivers\aswRvrt.sys
2015-06-30 09:29:00 ----A---- C:\WINDOWS\system32\drivers\aswMonFlt.sys
2015-06-30 09:28:59 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2015-06-30 09:28:59 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2015-06-30 09:28:57 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2015-06-30 09:28:54 ----A---- C:\WINDOWS\system32\aswBoot.exe
2015-06-30 09:28:42 ----A---- C:\WINDOWS\avastSS.scr
2015-06-30 08:26:43 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-06-30 07:55:30 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2015-06-30 07:51:20 ----D---- C:\Program Files\ESET
2015-06-30 07:48:20 ----HD---- C:\Documents and Settings\All Users\Application Data\Common Files
2015-06-30 07:48:19 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2015-06-30 07:39:46 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2015-06-30 07:39:44 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2015-06-30 07:39:44 ----D---- C:\Documents and Settings\admin\Application Data\Spyware Terminator
2015-06-30 07:39:14 ----D---- C:\Program Files\Spyware Terminator
2015-06-30 07:24:18 ----D---- C:\Program Files\AVAST Software
2015-06-30 07:20:33 ----D---- C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-06-30 07:13:09 ----D---- C:\WINDOWS\system32\NtmsData
2015-06-30 00:16:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-29 23:29:32 ----A---- C:\Uninstall.dat
2015-06-29 23:10:47 ----D---- C:\Documents and Settings\admin\Application Data\Macromedia
2015-06-27 10:58:41 ----D---- C:\Program Files\Common Files\DESIGNER
2015-06-27 10:16:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2868038$
2015-06-26 17:28:57 ----D---- C:\Documents and Settings\admin\Application Data\BitTorrent
2015-06-26 14:21:47 ----D---- C:\Documents and Settings\admin\Application Data\Adobe
2015-06-26 14:20:20 ----D---- C:\Program Files\Common Files\Adobe
2015-06-26 14:20:20 ----D---- C:\Program Files\Adobe
2015-06-26 14:19:19 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2015-06-26 14:10:52 ----A---- C:\WINDOWS\system32\drivers\MSTEE.sys
2015-06-26 14:10:49 ----A---- C:\WINDOWS\system32\drivers\NdisIP.sys
2015-06-26 14:10:47 ----A---- C:\WINDOWS\system32\drivers\StreamIP.sys
2015-06-26 14:10:44 ----A---- C:\WINDOWS\system32\drivers\SLIP.sys
2015-06-26 14:10:42 ----A---- C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2015-06-26 14:10:39 ----A---- C:\WINDOWS\system32\drivers\NABTSFEC.sys
2015-06-26 14:10:36 ----A---- C:\WINDOWS\system32\drivers\CCDECODE.sys
2015-06-26 14:10:28 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2015-06-26 14:10:27 ----A---- C:\WINDOWS\system32\drivers\usbvideo.sys
2015-06-26 14:10:19 ----A---- C:\WINDOWS\system32\drivers\usbaudio.sys
2015-06-26 14:07:13 ----D---- C:\Documents and Settings\admin\Application Data\Skype
2015-06-26 14:06:58 ----D---- C:\Program Files\Common Files\Skype
2015-06-26 14:06:56 ----RD---- C:\Program Files\Skype
2015-06-26 14:06:48 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2015-06-25 22:15:39 ----D---- C:\Program Files\Google
2015-06-25 18:54:02 ----A---- C:\WINDOWS\uland15.exe
2015-06-25 18:09:48 ----D---- C:\Program Files\landi 15
2015-06-25 18:09:24 ----D---- C:\Documents and Settings\All Users\Application Data\Landi11-original
2015-06-25 18:09:17 ----N---- C:\WINDOWS\Setup1.exe
2015-06-25 18:09:16 ----A---- C:\WINDOWS\ST6UNST.EXE

======List of files/folders modified in the last 1 month======

2015-07-01 11:21:21 ----RD---- C:\Program Files
2015-07-01 11:13:06 ----D---- C:\WINDOWS\Prefetch
2015-07-01 10:16:01 ----D---- C:\WINDOWS
2015-07-01 10:15:57 ----D---- C:\WINDOWS\Temp
2015-07-01 00:10:54 ----N---- C:\WINDOWS\SchedLgU.Txt
2015-06-30 13:27:51 ----D---- C:\WINDOWS\system32\drivers
2015-06-30 12:29:36 ----D---- C:\WINDOWS\system32\CatRoot2
2015-06-30 12:21:34 ----D---- C:\WINDOWS\system32\Setup
2015-06-30 12:17:40 ----D---- C:\WINDOWS\system32
2015-06-30 11:50:37 ----SHD---- C:\WINDOWS\Installer
2015-06-30 11:14:19 ----D---- C:\WINDOWS\Debug
2015-06-30 09:29:27 ----SD---- C:\WINDOWS\Tasks
2015-06-30 09:28:56 ----D---- C:\WINDOWS\WinSxS
2015-06-30 07:51:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2015-06-30 07:13:05 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2015-06-30 07:10:25 ----D---- C:\WINDOWS\AutoKMS
2015-06-28 13:59:11 ----D---- C:\WINDOWS\system32\drivers\UMDF
2015-06-28 13:58:59 ----HD---- C:\WINDOWS\inf
2015-06-27 22:42:49 ----D---- C:\WINDOWS\system32\Restore
2015-06-27 11:04:08 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-06-27 10:58:41 ----D---- C:\Program Files\Common Files
2015-06-27 10:58:04 ----RSD---- C:\WINDOWS\Fonts
2015-06-27 10:16:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2015-06-27 10:12:32 ----A---- C:\WINDOWS\win.ini
2015-06-26 14:21:47 ----SD---- C:\Documents and Settings\admin\Application Data\Microsoft
2015-06-26 12:21:19 ----RSD---- C:\WINDOWS\assembly
2015-06-26 12:21:19 ----D---- C:\WINDOWS\Microsoft.NET
2015-06-26 10:48:36 ----D---- C:\Program Files\Microsoft SQL Server
2015-06-26 10:43:26 ----D---- C:\Program Files\Microsoft Silverlight
2015-06-25 23:55:42 ----D---- C:\Program Files\Common Files\System
2015-06-25 22:45:11 ----D---- C:\WINDOWS\system32\MRT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2015-06-30 49904]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2015-06-30 209048]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2015-06-30 55200]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2015-06-30 787760]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2015-06-30 428120]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2015-06-30 57888]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2013-03-04 30616]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2015-06-30 24144]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2015-06-30 74976]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-05 241152]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 huawei_enumerator;huawei_enumerator; C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys [2012-04-23 76544]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2006-07-21 1095968]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2013-07-24 30720]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S0 cerc6;cerc6; C:\WINDOWS\system32\drivers\cerc6.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 eapihdrv;eapihdrv; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\ehdrv.sys []
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\WINDOWS\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 11136]
S3 huawei_cdcacm;huawei_cdcacm; C:\WINDOWS\system32\DRIVERS\ew_jucdcacm.sys [2012-04-23 95616]
S3 huawei_cdcecm;huawei_cdcecm; C:\WINDOWS\system32\DRIVERS\ew_jucdcecm.sys [2012-04-23 70016]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\WINDOWS\system32\DRIVERS\ew_juextctrl.sys [2012-04-23 27520]
S3 massfilter;Mass Storage Filter Driver; C:\WINDOWS\system32\drivers\massfilter.sys [2010-02-22 9216]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys []
S3 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZTEusbmdm6k;ZTE Proprietary USB Driver; C:\WINDOWS\system32\DRIVERS\ZTEusbmdm6k.sys [2010-03-02 105856]
S3 ZTEusbnmea;ZTE NMEA Port; C:\WINDOWS\system32\DRIVERS\ZTEusbnmea.sys [2010-03-02 105856]
S3 ZTEusbser6k;ZTE Diagnostic Port; C:\WINDOWS\system32\DRIVERS\ZTEusbser6k.sys [2010-03-02 105856]
S4 RsFx0105;RsFx0105 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0105.sys [2011-09-22 238696]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;Avast Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-06-30 343336]
R2 MbnExt;Mobile Broadband Extension Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2014-07-12 43044512]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2011-09-22 97640]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files\Spyware Terminator\st_rsser.exe [2014-11-04 585080]
R2 tcsd_win32.exe;NTRU Hybrid TSS v2.0.25 TCS; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [2006-06-12 180224]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-25 107848]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2015-06-03 327296]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-06-25 107848]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2014-07-12 380064]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2011-09-22 255336]

-----------------EOF-----------------

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 12:26
od Rudy
Toto je RSIT. FRST nefunguje?

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 13:43
od Bohunak1
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by admin (administrator) on KLOBALOVAA on 01-07-2015 13:02:31
Running from C:\Documents and Settings\admin\My Documents\Downloads
Loaded Profiles: admin & (Available Profiles: admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Gemfor s.r.o.) C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [843776 2006-05-01] (Analog Devices, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\Run: [T-Mobile CManager] => C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2166552 2013-10-31] (Gemfor s.r.o.)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6405912 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {139018e2-f182-11e3-97e8-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {65b9aca8-8909-11e3-97d2-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {b63b4696-628a-11e3-97c3-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {b63b4698-628a-11e3-97c3-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [T-Mobile CManager] => C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2166552 2013-10-31] (Gemfor s.r.o.)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6405912 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {139018e2-f182-11e3-97e8-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {65b9aca8-8909-11e3-97d2-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b63b4696-628a-11e3-97c3-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {b63b4698-628a-11e3-97c3-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1715567821-963894560-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-1715567821-963894560-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1715567821-963894560-1801674531-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 0640964311
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.24.1
Tcpip\..\Interfaces\{11EE1B45-C827-4F0F-BCF5-C8A904C1B5E3}: [DhcpNameServer] 192.168.24.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-25] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-02]

Chrome:
=======
CHR Profile: C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-25]
CHR Extension: (Google Docs) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-25]
CHR Extension: (Google Drive) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-25]
CHR Extension: (YouTube) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-25]
CHR Extension: (Google Search) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-25]
CHR Extension: (Google Sheets) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-25]
CHR Extension: (Google Wallet) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-25]
CHR Extension: (Gmail) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-30] (Avast Software s.r.o.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MbnExt; C:\Program Files\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
S3 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [585080 2014-11-04] (Crawler.com)
R2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [180224 2006-06-12] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-06-30] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-06-30] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-06-30] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-06-30] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-06-30] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-30] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-06-30] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-06-30] ()
R3 atmeltpm; C:\WINDOWS\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 eapihdrv; C:\Documents and Settings\admin\Local Settings\Temp\ehdrv.sys [135760 2015-07-01] (ESET)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [9216 2010-02-22] (MBB Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-07-01] (Malwarebytes Corporation)
S3 MpFilter; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S4 RsFx0105; C:\WINDOWS\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S0 cerc6; No ImagePath
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249472 2012-04-20] (Huawei Technologies Co., Ltd.)
S4 IntelIde; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 14:02
od Rudy
Nyní spusťte tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 15:00
od Bohunak1
# AdwCleaner v4.207 - Logfile created 01/07/2015 at 15:48:37
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : admin - KLOBALOVAA
# Running from : C:\Documents and Settings\admin\My Documents\Downloads\adwcleaner_4.207.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : sp_rsdrv2

***** [ Files / Folders ] *****

File Deleted : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Google Chrome v43.0.2357.130


*************************

AdwCleaner[R0].txt - [866 bytes] - [01/07/2015 15:14:44]
AdwCleaner[S0].txt - [796 bytes] - [01/07/2015 15:48:37]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [854 bytes] ##########

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 15:07
od Bohunak1
Vždycky ty problémy po několika hodinách zmizí a všechno funguje jako obvykle. Ale jakmile se pc restartuje nebo vypne, tak po zapnutí opět většina věcí nefunguje.

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 15:15
od Rudy
OK. Problém může být i v zaneřáděném PC. Dejte nový log FRST.

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 16:15
od Bohunak1
dditional scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by admin at 2015-07-01 16:42:42
Running from C:\Documents and Settings\admin\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin (S-1-5-21-1715567821-963894560-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\admin
Administrator (S-1-5-21-1715567821-963894560-1801674531-500 - Administrator - Enabled)
ASPNET (S-1-5-21-1715567821-963894560-1801674531-1004 - Limited - Enabled)
Guest (S-1-5-21-1715567821-963894560-1801674531-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1715567821-963894560-1801674531-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1715567821-963894560-1801674531-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Out of date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus (Enabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Atmel TPM Driver Installer 3.0.3.15 (Version: 3.0.3.15 - Atmel Corp) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6037 - AVG Technologies CZ, s.r.o.)
AVG 2015 (Version: 15.0.4365 - AVG Technologies CZ, s.r.o.) Hidden
AVG 2015 (Version: 15.0.6037 - AVG Technologies CZ, s.r.o.) Hidden
BitTorrent (HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\BitTorrent) (Version: 7.9.3.40299 - BitTorrent Inc.)
Broadcom Gigabit Integrated Controller (HKLM\...\{7E369B27-13E2-41A5-9879-358EE1C8B5AD}) (Version: 9.02.06 - Broadcom Corporation)
Dell Resource CD (HKLM\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.10.0000 - Dell Inc.)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GOM Player (HKLM\...\GOM Player) (Version: 2.2.53.5169 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden
HP Deskjet 3740 Series (HKLM\...\HP Deskjet 3740 Series_Driver) (Version: - )
Huawei Drivers (HKLM\...\{C82D8932-EB28-4da6-9582-33D515D46F04}) (Version: 4.25.00.00 - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )
K-Lite Codec Pack 10.2.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.2.0 - )
Landi 15 (HKLM\...\Landi 15) (Version: - )
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (HKLM\...\{5BDFAB82-060E-438B-AB4F-A2331B2294C0}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office Standard 2010 (HKLM\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
Microsoft Visual Basic 2010 Express - ENU (HKLM\...\Microsoft Visual Basic 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C# 2010 Express - ENU (HKLM\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (HKLM\...\Microsoft Visual C++ 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Web Developer 2010 Express - ENU (HKLM\...\Microsoft Visual Web Developer 2010 Express - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Multi Virus Cleaner 2007 (HKLM\...\Multi Virus Cleaner 2007_is1) (Version: - AxBx)
NTRU Hybrid TSS v2.0.25 (Version: 2.0.25 - NTRU Cryptosystems) Hidden
Segoe UI (Version: 14.0.4327.805 - Microsoft Corp) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype™ 7.6 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.103 - Skype Technologies S.A.)
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.10.01.4542 - Analog Devices)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
T-Mobile Internet Manager (HKLM\...\T-Mobile Communication Centre) (Version: 2013-10-31@2013-12-02 - Gemfor s.r.o.)
VirtualCloneDrive (HKLM\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
ZTE Drivers (HKLM\...\{ACC9984D-E78B-4fcd-BE44-4E3F186DDA33}) (Version: 1.2059.0.12 - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1715567821-963894560-1801674531-1003_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points =========================

01-07-2015 16:03:33 System Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2008-04-14 01:00 - 2008-04-14 01:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{90B2E8F6-35F2-4844-B682-46906C8FA544}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (Whitelisted) ==============

2008-04-14 01:00 - 2008-04-14 01:00 - 00015360 _____ () C:\WINDOWS\system32\tsd32.dll
2015-06-30 09:28 - 2015-06-30 09:28 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-30 09:28 - 2015-06-30 09:28 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-06-30 09:29 - 2015-06-30 09:29 - 02952704 _____ () C:\Program Files\AVAST Software\Avast\defs\15062901\algo.dll
2006-06-12 11:01 - 2006-06-12 11:01 - 00180224 _____ () C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
2008-04-14 01:00 - 2008-04-14 01:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 01:00 - 2008-04-14 01:00 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1715567821-963894560-1801674531-1003\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\admin\Desktop\zkousky a testy.bmp
DNS Servers: 192.168.24.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

DomainProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe] => Enabled:Windows Live Sync
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE] => Enabled:Microsoft OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\vbc.exe] => Enabled:Visual Basic Command Line Compiler
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Documents and Settings\admin\Application Data\BitTorrent\BitTorrent.exe] => Enabled:BitTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Spyware Terminator\SpywareTerminator.exe] => Enabled:Spyware Terminator 2012
StandardProfile\AuthorizedApplications: [C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe] => Enabled:Spyware Terminator 2012
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgnsx.exe] => Enabled:Webový štít
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgdiagex.exe] => Enabled:AVG Diagnostika 2015
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgmfapx.exe] => Enabled:Instalátor AVG
StandardProfile\AuthorizedApplications: [C:\Program Files\AVG\AVG2015\avgemcx.exe] => Enabled:Obecná kontrola pošty
DomainProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [3389:TCP] => Enabled:@xpsp2res.dll,-22009
StandardProfile\GloballyOpenPorts: [5985:TCP] => Disabled:Windows Remote Management
StandardProfile\GloballyOpenPorts: [80:TCP] => Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/30/2015 07:07:40 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry2147942487unspecifiedsendmessagetofilter4.5.216.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (06/30/2015 00:14:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application skype.exe, version 7.6.0.103, faulting module urlmon.dll, version 8.0.6001.23580, fault address 0x000405d0.
Processing media-specific event for [skype.exe!ws!]

Error: (06/30/2015 00:14:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (06/30/2015 00:11:10 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry2147942487unspecifiedsendmessagetofilter4.5.216.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (06/29/2015 11:32:38 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: A document ID cannot be allocated.

Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Error: (06/29/2015 11:32:38 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: A document ID cannot be allocated.

Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Error: (06/29/2015 11:32:23 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: A document ID cannot be allocated.

Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Error: (06/29/2015 11:32:22 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: A document ID cannot be allocated.

Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Error: (06/29/2015 11:32:15 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: A document ID cannot be allocated.

Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Error: (06/29/2015 11:31:51 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: A document ID cannot be allocated.

Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)


System errors:
=============
Error: (07/01/2015 04:27:43 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 04:27:41 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 04:27:39 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 04:27:37 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 04:27:34 PM) (Source: 0) (EventID: 7) (User: )
Description: \Device\Harddisk0\D

Error: (07/01/2015 04:03:18 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC000009Aavast5.iniHarddiskVolume1

Error: (07/01/2015 03:54:09 PM) (Source: System Error) (EventID: 1003) (User: )
Description: Error code 100000ce, parameter1 a8cd1553, parameter2 00000008, parameter3 a8cd1553, parameter4 00000000.

Error: (07/01/2015 03:53:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 2 time(s).

Error: (07/01/2015 03:52:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

Error: (07/01/2015 03:52:21 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office:
=========================
Error: (06/30/2015 07:07:40 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry2147942487unspecifiedsendmessagetofilter4.5.216.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (06/30/2015 00:14:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: skype.exe7.6.0.103urlmon.dll8.0.6001.23580000405d0

Error: (06/30/2015 00:14:16 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iexplore.exe8.0.6001.18702hungapp0.0.0.000000000

Error: (06/30/2015 00:11:10 AM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry2147942487unspecifiedsendmessagetofilter4.5.216.0microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094)unspecifiedunspecifiedNILNILNIL

Error: (06/29/2015 11:32:38 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Error: (06/29/2015 11:32:38 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Error: (06/29/2015 11:32:23 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Error: (06/29/2015 11:32:22 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Error: (06/29/2015 11:32:15 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)

Error: (06/29/2015 11:31:51 PM) (Source: Windows Search Service) (EventID: 3031) (User: )
Description: Context: Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (0x8004117f)


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz
Percentage of memory in use: 58%
Total physical RAM: 1013.54 MB
Available physical RAM: 419.35 MB
Total Virtual: 2961.9 MB
Available Virtual: 2274.52 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.5 GB) (Free:32.19 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: 7B27D237)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of log ============================

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 17:32
od Rudy
Otevřte poznámkový blok a zkopírujte do něj:
Start
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\windows\AutoKMS\AutoKMS.exe
C:\windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
End
A druhý log?

Uložte do C:\Documents and Settings\admin\My Documents\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 17:51
od Bohunak1
Fix result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by admin at 2015-07-01 18:50:18 Run:1
Running from C:\Documents and Settings\admin\My Documents\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\windows\AutoKMS\AutoKMS.exe
C:\windows\AutoKMS\AutoKMS.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
End
*****************

C:\WINDOWS\Tasks\AutoKMS.job => moved successfully.
"C:\windows\AutoKMS\AutoKMS.exe" => File/Folder not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.

==== End of Fixlog 18:50:19 ====

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 18:27
od Rudy
Je to smazané. Dal jste ale jen log Addition. Log FRST stále chybí.

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 19:57
od Bohunak1
Tady je FRST


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by admin (administrator) on KLOBALOVAA on 01-07-2015 16:37:18
Running from C:\Documents and Settings\admin\My Documents\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\PROGRA~1\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Crawler.com) C:\Program Files\Spyware Terminator\st_rsser.exe
() C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminator.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [843776 2006-05-01] (Analog Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3727824 2015-06-16] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\Run: [T-Mobile CManager] => C:\Program Files\T-Mobile\Web'n'walk Manager\Manager.exe [2166552 2013-10-31] (Gemfor s.r.o.)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [53282944 2015-06-16] (Skype Technologies S.A.)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6405912 2015-06-01] (Piriform Ltd)
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {139018e2-f182-11e3-97e8-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {65b9aca8-8909-11e3-97d2-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {b63b4696-628a-11e3-97c3-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {b63b4698-628a-11e3-97c3-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\sspipes.scr [610304 2008-04-14] (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2015\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1715567821-963894560-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 0640964311
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.24.1
Tcpip\..\Interfaces\{11EE1B45-C827-4F0F-BCF5-C8A904C1B5E3}: [DhcpNameServer] 192.168.24.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-25] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-25] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-02]

Chrome:
=======
CHR Profile: C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-25]
CHR Extension: (Google Docs) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-25]
CHR Extension: (Google Drive) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-25]
CHR Extension: (YouTube) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-25]
CHR Extension: (Google Search) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-25]
CHR Extension: (Google Sheets) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-25]
CHR Extension: (Google Wallet) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-25]
CHR Extension: (Gmail) - C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-30] (Avast Software s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3461072 2015-06-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [312816 2015-06-16] (AVG Technologies CZ, s.r.o.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MbnExt; C:\Program Files\T-Mobile\Web'n'walk Manager\MbnExt.dll [417128 2013-12-02] (Gemfor s.r.o.)
R2 ST2012_Svc; C:\Program Files\Spyware Terminator\st_rsser.exe [585080 2014-11-04] (Crawler.com)
R2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.25\bin\tcsd_win32.exe [180224 2006-06-12] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24144 2015-06-30] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [74976 2015-06-30] (Avast Software s.r.o.)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55200 2015-06-30] (Avast Software s.r.o.)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49904 2015-06-30] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [787760 2015-06-30] (Avast Software s.r.o.)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [428120 2015-06-30] (Avast Software s.r.o.)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57888 2015-06-30] (Avast Software s.r.o.)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [209048 2015-06-30] ()
R3 atmeltpm; C:\WINDOWS\System32\DRIVERS\atmeltpm.sys [15872 2005-05-17] (Atmel, Inc.)
R1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [132576 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriverl; C:\WINDOWS\System32\DRIVERS\avgidsdriverlx.sys [213472 2015-05-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [190944 2015-05-12] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [29664 2015-05-14] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [206816 2015-04-15] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [290272 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [169440 2015-05-12] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [35808 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [213984 2015-05-12] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 eapihdrv; C:\Documents and Settings\admin\Local Settings\Temp\ehdrv.sys [135760 2015-07-01] (ESET)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S3 huawei_cdcacm; C:\WINDOWS\System32\DRIVERS\ew_jucdcacm.sys [95616 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_cdcecm; C:\WINDOWS\System32\DRIVERS\ew_jucdcecm.sys [70016 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\WINDOWS\System32\DRIVERS\ew_juextctrl.sys [27520 2012-04-23] (Huawei Technologies Co., Ltd.)
S3 massfilter; C:\WINDOWS\System32\drivers\massfilter.sys [9216 2010-02-22] (MBB Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-07-01] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S4 RsFx0105; C:\WINDOWS\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R3 SenFiltService; C:\WINDOWS\System32\drivers\Senfilt.sys [392960 2006-03-17] (Sensaura)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [32768 2011-06-21] () [File not signed]
R3 VClone; C:\WINDOWS\System32\DRIVERS\VClone.sys [30720 2013-07-24] (Elaborate Bytes AG) [File not signed]
S0 cerc6; No ImagePath
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [249472 2012-04-20] (Huawei Technologies Co., Ltd.)
S4 IntelIde; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 15:50 - 2015-07-01 15:50 - 00090112 _____ C:\WINDOWS\Minidump\Mini070115-01.dmp
2015-07-01 15:50 - 2015-07-01 15:50 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-01 15:50 - 2011-06-21 11:24 - 00032768 _____ C:\WINDOWS\system32\Drivers\sp_rsdrv2.sys
2015-07-01 15:14 - 2015-07-01 15:48 - 00000000 ____D C:\AdwCleaner
2015-07-01 13:48 - 2015-07-01 13:48 - 00000000 ____D C:\Documents and Settings\admin\Application Data\AVG2015
2015-07-01 13:42 - 2015-07-01 13:42 - 00000714 _____ C:\Documents and Settings\All Users\Desktop\AVG 2015.lnk
2015-07-01 13:42 - 2015-07-01 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-07-01 13:42 - 2015-07-01 13:42 - 00000000 ____D C:\Documents and Settings\admin\Application Data\TuneUp Software
2015-07-01 13:29 - 2015-07-01 13:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2015
2015-07-01 13:29 - 2015-07-01 13:29 - 00000000 ___HD C:\$AVG
2015-07-01 13:25 - 2015-07-01 13:25 - 00000000 ____D C:\Program Files\AVG
2015-07-01 13:11 - 2011-06-26 08:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2015-07-01 13:11 - 2010-11-07 19:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2015-07-01 13:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-07-01 13:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-07-01 13:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-07-01 13:11 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-07-01 13:11 - 2000-08-31 02:00 - 00098816 _____ C:\WINDOWS\sed.exe
2015-07-01 13:11 - 2000-08-31 02:00 - 00080412 _____ C:\WINDOWS\grep.exe
2015-07-01 13:11 - 2000-08-31 02:00 - 00068096 _____ C:\WINDOWS\zip.exe
2015-07-01 13:10 - 2015-07-01 13:11 - 00000000 ___SD C:\ComboFix
2015-07-01 13:08 - 2015-07-01 13:10 - 00000000 ____D C:\Qoobox
2015-07-01 13:07 - 2015-07-01 13:07 - 00000000 ____D C:\WINDOWS\erdnt
2015-07-01 13:01 - 2015-07-01 16:37 - 00000000 ____D C:\FRST
2015-07-01 12:39 - 2015-07-01 15:52 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-01 11:54 - 2015-07-01 11:54 - 00000000 ____D C:\Program Files\AxBx
2015-07-01 11:54 - 2015-07-01 11:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Multi Virus Cleaner 2007
2015-07-01 11:52 - 2015-07-01 11:52 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-01 11:52 - 2015-07-01 11:52 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-01 11:52 - 2015-03-17 06:15 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-01 11:52 - 2015-03-17 06:15 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-01 11:41 - 2015-07-01 13:41 - 00007713 _____ C:\WINDOWS\setupapi.log
2015-07-01 11:21 - 2015-07-01 11:22 - 00000000 ____D C:\rsit
2015-07-01 11:21 - 2015-07-01 11:21 - 00000000 ____D C:\Program Files\trend micro
2015-07-01 10:54 - 2015-07-01 10:54 - 00006126 _____ C:\Documents and Settings\admin\Desktop\hijackthis.log
2015-06-30 22:23 - 2015-06-30 22:23 - 00036352 ___SH C:\Documents and Settings\admin\Desktop\Thumbs.db
2015-06-30 12:17 - 2015-06-30 12:17 - 00000000 ____D C:\WINDOWS\system32\HtmlData
2015-06-30 12:00 - 2015-07-01 15:53 - 00000034 _____ C:\WINDOWS\AvastEmUpdate.ini
2015-06-30 11:56 - 2015-06-30 11:56 - 00006064 ____N C:\bootex.log
2015-06-30 11:40 - 2015-06-30 11:40 - 00000000 ____D C:\Intel
2015-06-30 11:18 - 2015-07-01 11:40 - 00001646 _____ C:\Documents and Settings\admin\My Documents\startup.txt
2015-06-30 11:16 - 2015-06-30 11:16 - 00000000 ____D C:\WINDOWS\pss
2015-06-30 11:13 - 2015-06-30 11:13 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2015-06-30 11:13 - 2015-06-30 11:13 - 00000000 ____D C:\Program Files\CCleaner
2015-06-30 11:13 - 2015-06-30 11:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-06-30 11:08 - 2015-06-30 11:08 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Temp
2015-06-30 09:45 - 2015-06-30 09:45 - 00000000 ____D C:\WINDOWS\jumpshot.com
2015-06-30 09:30 - 2015-06-30 09:30 - 00000000 ____D C:\Documents and Settings\admin\Application Data\AVAST Software
2015-06-30 09:29 - 2015-07-01 15:53 - 00000314 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2015-06-30 09:29 - 2015-06-30 09:29 - 00428120 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-30 09:29 - 2015-06-30 09:29 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\Avast Free Antivirus.lnk
2015-06-30 09:29 - 2015-06-30 09:29 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVAST Software
2015-06-30 09:29 - 2015-06-30 09:28 - 00209048 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-06-30 09:29 - 2015-06-30 09:28 - 00074976 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-06-30 09:29 - 2015-06-30 09:28 - 00057888 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswTdi.sys
2015-06-30 09:29 - 2015-06-30 09:28 - 00049904 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-06-30 09:28 - 2015-06-30 09:28 - 00787760 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-30 09:28 - 2015-06-30 09:28 - 00291312 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-06-30 09:28 - 2015-06-30 09:28 - 00055200 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr.sys
2015-06-30 09:28 - 2015-06-30 09:28 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-30 09:28 - 2015-06-30 09:28 - 00024144 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-06-30 09:25 - 2015-06-30 09:25 - 00000000 ____D C:\Documents and Settings\admin\Desktop\Speclean
2015-06-30 08:26 - 2015-06-30 08:26 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-06-30 07:55 - 2015-06-30 07:55 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ESET
2015-06-30 07:51 - 2015-06-30 11:50 - 00000000 ____D C:\Program Files\ESET
2015-06-30 07:48 - 2015-07-01 14:46 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Avg2015
2015-06-30 07:48 - 2015-07-01 14:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2015-06-30 07:48 - 2015-06-30 07:48 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\MFAData
2015-06-30 07:39 - 2015-07-01 10:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2015-06-30 07:39 - 2015-06-30 07:40 - 00000000 ____D C:\Program Files\Spyware Terminator
2015-06-30 07:39 - 2015-06-30 07:39 - 00000725 _____ C:\Documents and Settings\All Users\Desktop\Spyware Terminator 2012.lnk
2015-06-30 07:39 - 2015-06-30 07:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Spyware Terminator 2012
2015-06-30 07:39 - 2015-06-30 07:39 - 00000000 ____D C:\Documents and Settings\admin\Application Data\Spyware Terminator
2015-06-30 07:24 - 2015-06-30 07:24 - 00000000 ____D C:\Program Files\AVAST Software
2015-06-30 07:20 - 2015-06-30 07:20 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-06-30 07:13 - 2015-06-30 07:14 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-06-30 00:16 - 2015-06-30 00:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-06-29 23:40 - 2015-06-30 00:03 - 00294086 _____ C:\Documents and Settings\admin\Desktop\Nmc_2015-06-29_23-40-16.log
2015-06-29 23:37 - 2015-06-29 23:37 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Norman Malware Cleaner
2015-06-29 23:29 - 2015-06-29 23:33 - 00002048 _____ C:\Uninstall.dat
2015-06-29 23:10 - 2015-06-29 23:10 - 00000000 ____D C:\Documents and Settings\admin\Application Data\Macromedia
2015-06-27 10:58 - 2015-06-27 10:58 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-06-27 10:16 - 2015-06-27 10:16 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2015-06-26 22:24 - 2015-06-26 22:24 - 01683522 _____ C:\Documents and Settings\admin\Desktop\zkousky a testy.bmp
2015-06-26 22:17 - 2015-06-26 22:17 - 04096902 _____ C:\Documents and Settings\admin\Desktop\maturita.bmp
2015-06-26 19:13 - 2013-07-17 02:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2015-06-26 17:29 - 2015-06-26 17:29 - 00000848 _____ C:\Documents and Settings\admin\Start Menu\BitTorrent.lnk
2015-06-26 17:28 - 2015-06-30 11:14 - 00000000 ____D C:\Documents and Settings\admin\Application Data\BitTorrent
2015-06-26 14:21 - 2015-06-26 14:21 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Adobe
2015-06-26 14:21 - 2015-06-26 14:21 - 00000000 ____D C:\Documents and Settings\admin\Application Data\Adobe
2015-06-26 14:20 - 2015-06-26 14:20 - 00001804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2015-06-26 14:20 - 2015-06-26 14:20 - 00001734 _____ C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2015-06-26 14:20 - 2015-06-26 14:20 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-06-26 14:20 - 2015-06-26 14:20 - 00000000 ____D C:\Program Files\Adobe
2015-06-26 14:19 - 2015-06-26 14:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2015-06-26 14:10 - 2013-07-17 02:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2015-06-26 14:10 - 2013-07-17 02:58 - 00123008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2015-06-26 14:10 - 2013-07-17 02:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2015-06-26 14:10 - 2013-07-17 02:58 - 00060160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbaudio.sys
2015-06-26 14:10 - 2008-04-14 05:42 - 00091136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kswdmcap.ax
2015-06-26 14:10 - 2008-04-14 05:42 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\kswdmcap.ax
2015-06-26 14:10 - 2008-04-14 05:42 - 00061952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kstvtune.ax
2015-06-26 14:10 - 2008-04-14 05:42 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kstvtune.ax
2015-06-26 14:10 - 2008-04-14 05:42 - 00053760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2015-06-26 14:10 - 2008-04-14 05:42 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfwwdm32.dll
2015-06-26 14:10 - 2008-04-14 05:42 - 00043008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ksxbar.ax
2015-06-26 14:10 - 2008-04-14 05:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksxbar.ax
2015-06-26 14:10 - 2008-04-14 05:42 - 00028672 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vidcap.ax
2015-06-26 14:10 - 2008-04-14 05:42 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vidcap.ax
2015-06-26 14:10 - 2008-04-14 05:42 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dshowext.ax
2015-06-26 14:10 - 2008-04-14 05:42 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dshowext.ax
2015-06-26 14:10 - 2008-04-14 05:42 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ipsink.ax
2015-06-26 14:10 - 2008-04-14 05:42 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipsink.ax
2015-06-26 14:10 - 2008-04-14 00:16 - 00085248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\nabtsfec.sys
2015-06-26 14:10 - 2008-04-14 00:16 - 00085248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NABTSFEC.sys
2015-06-26 14:10 - 2008-04-14 00:16 - 00019200 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wstcodec.sys
2015-06-26 14:10 - 2008-04-14 00:16 - 00019200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSTCODEC.SYS
2015-06-26 14:10 - 2008-04-14 00:16 - 00017024 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ccdecode.sys
2015-06-26 14:10 - 2008-04-14 00:16 - 00017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CCDECODE.sys
2015-06-26 14:10 - 2008-04-14 00:16 - 00015232 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\streamip.sys
2015-06-26 14:10 - 2008-04-14 00:16 - 00015232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\StreamIP.sys
2015-06-26 14:10 - 2008-04-14 00:16 - 00011136 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\slip.sys
2015-06-26 14:10 - 2008-04-14 00:16 - 00011136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SLIP.sys
2015-06-26 14:10 - 2008-04-14 00:16 - 00010880 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ndisip.sys
2015-06-26 14:10 - 2008-04-14 00:16 - 00010880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisIP.sys
2015-06-26 14:10 - 2008-04-14 00:09 - 00005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstee.sys
2015-06-26 14:10 - 2008-04-14 00:09 - 00005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MSTEE.sys
2015-06-26 14:07 - 2015-07-01 16:40 - 00000000 ____D C:\Documents and Settings\admin\Application Data\Skype
2015-06-26 14:07 - 2015-06-26 14:07 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Skype
2015-06-26 14:06 - 2015-06-26 14:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2015-06-26 14:06 - 2015-06-26 14:06 - 00001896 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2015-06-26 14:06 - 2015-06-26 14:06 - 00000000 ___RD C:\Program Files\Skype
2015-06-26 14:06 - 2015-06-26 14:06 - 00000000 ____D C:\Program Files\Common Files\Skype
2015-06-26 14:06 - 2015-06-26 14:06 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2015-06-25 22:16 - 2015-06-25 22:16 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2015-06-25 22:16 - 2015-06-25 22:16 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2015-06-25 22:15 - 2015-06-30 11:17 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-25 22:15 - 2015-06-30 11:17 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-25 22:15 - 2015-06-25 22:16 - 00000000 ____D C:\Program Files\Google
2015-06-25 22:15 - 2015-06-25 22:16 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Google
2015-06-25 22:14 - 2015-06-25 22:15 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Application Data\Deployment
2015-06-25 18:54 - 2015-06-25 18:54 - 03043160 _____ ( ) C:\WINDOWS\uland15.exe
2015-06-25 18:54 - 2015-06-25 18:54 - 00001557 _____ C:\Documents and Settings\admin\Desktop\Landi 15.lnk
2015-06-25 18:54 - 2015-06-25 18:54 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Landi
2015-06-25 18:54 - 2015-06-25 18:54 - 00000000 ____D C:\Documents and Settings\admin\My Documents\Landi11
2015-06-25 18:09 - 2015-06-30 07:06 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Landi11-original
2015-06-25 18:09 - 2015-06-25 18:53 - 00000000 ____D C:\Program Files\landi 15
2015-06-25 18:09 - 2015-06-25 18:09 - 00487424 ____N (Microsoft Corporation) C:\WINDOWS\Setup1.exe
2015-06-25 18:09 - 2015-06-25 18:09 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\ST6UNST.EXE
2015-06-25 18:09 - 2015-06-25 18:09 - 00001989 _____ C:\WINDOWS\ST6UNST.000
2015-06-25 18:09 - 2010-09-27 21:24 - 04879917 ____N C:\WINDOWS\VBR6.CAB

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 16:41 - 2006-12-04 19:11 - 00000000 ____D C:\Documents and Settings\admin\Local Settings\Temp
2015-07-01 15:53 - 2008-04-14 01:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-01 15:53 - 2006-12-04 04:15 - 01836003 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-01 15:51 - 2006-12-04 05:10 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-07-01 15:50 - 2014-08-02 16:22 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2015-07-01 15:50 - 2006-12-04 19:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-01 15:50 - 2006-12-04 05:10 - 00000048 _____ C:\WINDOWS\wiaservc.log
2015-07-01 15:49 - 2014-01-29 19:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2015-07-01 15:49 - 2006-12-04 19:11 - 00000178 ___SH C:\Documents and Settings\admin\ntuser.ini
2015-07-01 15:49 - 2006-12-04 19:09 - 00032520 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-01 13:06 - 2013-10-01 17:21 - 00001945 _____ C:\WINDOWS\epplauncher.mif
2015-07-01 12:42 - 2013-10-01 17:19 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{90B2E8F6-35F2-4844-B682-46906C8FA544}.job
2015-07-01 11:15 - 2006-12-04 19:11 - 00000000 ____D C:\Documents and Settings\admin
2015-07-01 10:03 - 2006-12-04 19:08 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-06-30 11:17 - 2014-08-02 16:32 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-06-30 11:17 - 2014-01-27 19:05 - 00000266 _____ C:\WINDOWS\Tasks\AutoKMS.job
2015-06-30 07:10 - 2014-01-27 19:05 - 00000000 ____D C:\WINDOWS\AutoKMS
2015-06-29 14:38 - 2014-01-27 18:59 - 00065536 _____ C:\WINDOWS\system32\config\OAlerts.evt
2015-06-28 10:31 - 2013-11-10 17:08 - 00000000 ____D C:\Documents and Settings\admin\Desktop\Filmy
2015-06-27 22:42 - 2006-12-04 04:14 - 00000000 ____D C:\WINDOWS\system32\Restore
2015-06-27 15:44 - 2006-12-04 19:11 - 00069592 _____ C:\Documents and Settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-06-27 15:44 - 2006-12-04 05:06 - 00267800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-27 11:04 - 2014-01-27 18:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2015-06-27 10:12 - 2008-04-14 01:00 - 00000582 _____ C:\WINDOWS\win.ini
2015-06-26 14:10 - 2006-12-04 04:12 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2015-06-26 12:21 - 2006-12-04 19:20 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2015-06-26 10:48 - 2013-10-02 14:34 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-06-26 10:43 - 2013-10-02 08:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-25 23:55 - 2006-12-04 04:14 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-25 23:47 - 2013-10-02 08:14 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2015-06-25 22:45 - 2013-10-01 14:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-25 18:05 - 2014-08-02 16:22 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2015-06-25 18:05 - 2014-01-27 19:06 - 00002547 _____ C:\Documents and Settings\admin\Desktop\Microsoft Word 2010.lnk

==================== Files in the root of some directories =======

2013-11-10 17:08 - 2013-12-11 18:17 - 0057856 _____ () C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Documents and Settings\admin\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\admin\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Re: Nelze spustit většina programů - bad image

Napsal: 01 črc 2015 21:27
od Rudy
Tak ještě jednou: Otevřte poznámkový blok a zkopírujte do něj:
Start
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {139018e2-f182-11e3-97e8-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {65b9aca8-8909-11e3-97d2-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {b63b4696-628a-11e3-97c3-00188b6e4bc9} - D:\Autorun.exe
HKU\S-1-5-21-1715567821-963894560-1801674531-1003\...\MountPoints2: {b63b4698-628a-11e3-97c3-00188b6e4bc9} - D:\Autorun.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\WINDOWS\Tasks\AutoKMS.job
C:\WINDOWS\AutoKMS
C:\Documents and Settings\admin\Local Settings\Temp
End
Uložte do C:\Documents and Settings\admin\My Documents\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz