policejni virus - blok Windows

Zpráva

karll · #1 Příspěvek od **karll** » 04 kvě 2013 15:44

Zdravím,

chytl jsem včera policejní virus. Pročetl jsem nejrůznější rady a návody a ty, kterým jsem rozuměl, jsem se pokusil provést, ale zatím bez úspěchu.

Do nouzového režimu se nedostanu, okamžitě se počítač znovu restartuje. Zkoušel jsem Kaspersky rescue disc, ale když už jsem to rozjel a dal grafický nebo textový mód, tak mě to poslalo do příkazovýho řádku a vyhodilo Kernel Panic. V dřívějších vláknech se doporučují různé programy na scanování pc a odstranění malwareů, ale ty jsem netušil, jak zprovoznit, když se nemůžu přihlásit normálně k účtu ani do nouzového režimu. Tak jsem rozjel ubuntu z dvd ve víře, že to nějak rozjedu v něm. Ale když jsem cokoliv stáhl a chtěl rozjet, tak to napsalo error.

Takže teď netuším, jak postupovat. Budu vděčen za každou radu.

karll · #2 Příspěvek od **karll** » 04 kvě 2013 21:00

Ahoj,

tak nouzovej rezim s prikazovym radkem jede, do ted jsem ho nezkousel, protoze netusim, co v nem
a mam 32bit (resp. si nejsem jist, vzdycky to zapomenu, ale v tom prikazovym radku to pise Windowns\system32 - tak hadam, ze to asi znamena 32bit, coz?) - jsem pc analfabet trochu

karll · #3 Příspěvek od **karll** » 04 kvě 2013 21:20

karll · #4 Příspěvek od **karll** » 07 kvě 2013 20:32

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2013
Ran by SYSTEM on 07-05-2013 21:29:05
Running from H:\
Windows 7 Home Premium (X64) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-05-11] (Toshiba Europe GmbH)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2120808 2010-07-28] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-05-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-04-19] (Toshiba Europe GmbH)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe [798728 2010-12-07] (Avid Technology, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [6330568 2013-03-04] (ESET)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart [1086760 2010-03-09] (Nero AG)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2010-02-22] (TOSHIBA)
HKLM-x32\...\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM [34160 2010-08-15] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NPSStartup] [x]
HKLM-x32\...\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-06-24] (Avid Technology, Inc..)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKU\Default\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\Default User\...\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
HKU\ZS022\...\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray [1483264 2010-12-21] (Nokia)
HKU\ZS022\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
HKU\ZS022\...\Run: [T-Mobile Communication Centre] "C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun [1363984 2011-11-22] (Gemfor s.r.o.)
HKU\ZS022\...\Run: [Spotify Web Helper] "C:\Users\ZS022\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-12-19] (Spotify Ltd)
HKU\ZS022\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\ZS022\...\Winlogon: [Shell] explorer.exe,C:\Users\ZS022\AppData\Roaming\skype.dat [98304 2011-11-17] () <==== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Services (Whitelisted) =================

S2 ameisvc; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [123120 2011-06-24] (Gemfor s.r.o.)
S2 DigiRefresh; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [77824 2010-06-24] (Avid Technology, Inc..)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1341664 2013-03-04] (ESET)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1811456 2010-08-27] (Realsil Microelectronics Inc.)
S2 MIDISPORTAudioDevMon; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [1636872 2010-10-06] (M-Audio)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-05-11] (Toshiba Europe GmbH)

==================== Drivers (Whitelisted) ====================

S3 a4djavs; C:\Windows\System32\Drivers\a4djavs.sys [358480 2012-02-22] (Native Instruments GmbH)
S3 a4djusb_svc; C:\Windows\System32\Drivers\a4djusb.sys [97360 2012-02-22] (Native Instruments GmbH)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-04-28] (DT Soft Ltd)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2013-02-14] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [150616 2013-01-10] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [139768 2013-01-10] (ESET)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [218624 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 MAUSBFASTTRACK; C:\Windows\System32\DRIVERS\MAudioFastTrack.sys [187912 2010-12-07] (Avid Technology, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [862704 2012-04-28] (Duplex Secure Ltd.)
S3 TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-07 21:28 - 2013-05-07 21:28 - 00000000 ____D C:\FRST
2013-05-06 12:40 - 2013-05-06 12:40 - 00000000 ____D C:\$WINDOWS.~BT
2013-05-06 12:17 - 2013-05-06 12:17 - 268435456 __ASH C:\WinPEpge.sys
2013-05-04 14:56 - 2013-05-04 14:51 - 00628743 ____A C:\Users\ZS022\Desktop\adwcleaner.exe
2013-05-04 01:23 - 2013-05-06 11:13 - 00000004 ____A C:\Users\ZS022\AppData\Roaming\skype.ini
2013-05-03 18:24 - 2013-05-03 18:31 - 248774454 ____A C:\Users\ZS022\Downloads\Greys.Anatomy.S09E22.HDTV.x264-LOL.mp4
2013-04-30 11:46 - 2013-04-30 11:49 - 173500023 ____A C:\Users\ZS022\Downloads\How.I.Met.Your.Mother.S08E22.HDTV.x264-LOL.mp4
2013-04-29 21:11 - 2013-04-29 21:11 - 00078313 ____A C:\Users\ZS022\Downloads\model rustu prezentace.pptx
2013-04-29 18:16 - 2013-04-29 18:22 - 214040111 ____A C:\Users\ZS022\Downloads\Greys.Anatomy.S09E21.HDTV.x264-LOL.mp4
2013-04-27 13:28 - 2013-04-27 13:28 - 00278224 ____A C:\Windows\Minidump\042713-21216-01.dmp
2013-04-25 20:02 - 2013-04-25 20:15 - 734777344 ____A C:\Users\ZS022\Downloads\The.Prestige.2006.DvDrip.Eng-aXXo.(www.USABIT.com).avi
2013-04-25 07:31 - 2013-04-25 07:31 - 03891540 ____A C:\Users\ZS022\Downloads\Nippert_Karel-in_out_podk (1).rar
2013-04-24 22:49 - 2013-04-24 22:49 - 03891540 ____A C:\Users\ZS022\Downloads\Nippert_Karel-in_out_podk.rar
2013-04-24 08:50 - 2013-04-12 15:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-20 17:57 - 2013-04-20 18:06 - 00000000 ____D C:\Users\ZS022\Downloads\Submarine 2011 DVDRip Xvid UnKnOwN
2013-04-19 20:23 - 2013-04-19 20:24 - 00000000 ____D C:\Users\ZS022\Downloads\Shame.2011.LIMITED.DVDRip.XviD-AMIABLE
2013-04-19 07:33 - 2012-04-06 18:33 - 00000000 ____D C:\Users\ZS022\Desktop\CD1
2013-04-18 22:32 - 2013-04-18 23:05 - 582048542 ____A C:\Users\ZS022\Downloads\Duna-audiokniha---cte-Igor-Smrzik-1993-(Herbert-Frank-audiobook)-CD1.zip
2013-04-18 20:09 - 2013-04-18 20:09 - 00000000 ____D C:\Users\ZS022\Downloads\SILVER LININGS DVDRIP EDAW2013
2013-04-18 20:07 - 2013-04-18 20:09 - 00000000 ____D C:\Users\ZS022\Downloads\The.Mist[2007]DvDrip[Eng]-aXXo
2013-04-18 20:01 - 2013-04-18 20:33 - 00000000 ____D C:\Users\ZS022\Downloads\Silver Linings Playbook (2012) [1080p]
2013-04-17 19:44 - 2013-04-17 20:35 - 00000000 ____D C:\Users\ZS022\Downloads\V for Vendetta (2006) [1080p]
2013-04-16 20:42 - 2013-04-16 20:42 - 00071847 ____A C:\Users\ZS022\Downloads\Donnie-Darko(0000178790).srt
2013-04-16 19:38 - 2013-04-16 19:39 - 00000000 ____D C:\Users\ZS022\Downloads\Donnie Darko DIRECTORS CUT (2001) [1080p]
2013-04-16 12:02 - 2013-04-16 12:10 - 178269063 ____A C:\Users\ZS022\Downloads\How.I.Met.Your.Mother.S08E21.HDTV.x264-LOL.mp4
2013-04-14 12:06 - 2013-04-14 12:06 - 00558738 ____A C:\Users\ZS022\Downloads\Bez názvu 2.psd
2013-04-13 14:44 - 2013-04-13 14:44 - 00109609 ____A C:\Users\ZS022\Downloads\levibrush.zip
2013-04-11 09:29 - 2013-04-11 09:28 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-04-11 09:29 - 2013-04-11 09:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-11 09:29 - 2013-04-11 09:28 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-11 09:23 - 2013-04-11 09:24 - 00896928 ____A (Oracle Corporation) C:\Users\ZS022\Downloads\chromeinstall-7u17.exe
2013-04-10 12:26 - 2013-04-10 12:26 - 03919253 ____A C:\Users\ZS022\Downloads\vecurek.rar
2013-04-10 08:40 - 2013-04-10 08:40 - 04553504 ____A C:\Users\ZS022\Downloads\Petru_Vaclav-Vaclav_Petru_in__out.rar
2013-04-10 08:38 - 2013-03-19 07:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 08:38 - 2013-03-19 06:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 08:38 - 2013-03-19 06:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 08:38 - 2013-03-19 06:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 08:38 - 2013-03-19 05:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 08:38 - 2013-03-19 04:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 08:38 - 2013-03-02 06:56 - 01188864 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 08:38 - 2013-03-02 06:55 - 01492992 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 08:38 - 2013-03-02 06:55 - 00134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-10 08:38 - 2013-03-02 06:50 - 09059328 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 08:38 - 2013-03-02 06:50 - 00735232 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 08:38 - 2013-03-02 06:50 - 00097792 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-10 08:38 - 2013-03-02 06:49 - 12294656 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 08:38 - 2013-03-02 06:49 - 02458112 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 08:38 - 2013-03-02 06:49 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 08:38 - 2013-03-02 06:49 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 08:38 - 2013-03-02 05:58 - 01231872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 08:38 - 2013-03-02 05:58 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 08:38 - 2013-03-02 05:58 - 00132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-10 08:38 - 2013-03-02 05:54 - 06032384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 08:38 - 2013-03-02 05:54 - 00627712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 08:38 - 2013-03-02 05:54 - 00067584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-10 08:38 - 2013-03-02 05:53 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 08:38 - 2013-03-02 05:52 - 11020800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 08:38 - 2013-03-02 05:52 - 02078208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 08:38 - 2013-03-02 05:52 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 08:38 - 2013-03-02 04:57 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 08:38 - 2013-03-02 04:22 - 01638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 08:38 - 2013-03-01 04:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 08:38 - 2013-02-15 07:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 08:38 - 2013-02-15 07:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 08:38 - 2013-02-15 07:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 08:38 - 2013-02-15 05:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 08:38 - 2013-02-15 05:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 08:38 - 2013-02-15 04:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 08:38 - 2013-01-24 07:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

==================== One Month Modified Files and Folders =======

2013-05-07 21:28 - 2013-05-07 21:28 - 00000000 ____D C:\FRST
2013-05-07 20:13 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-07 20:12 - 2009-07-14 05:51 - 00230715 ____A C:\Windows\setupact.log
2013-05-06 12:40 - 2013-05-06 12:40 - 00000000 ____D C:\$WINDOWS.~BT
2013-05-06 12:17 - 2013-05-06 12:17 - 268435456 __ASH C:\WinPEpge.sys
2013-05-06 11:13 - 2013-05-04 01:23 - 00000004 ____A C:\Users\ZS022\AppData\Roaming\skype.ini
2013-05-06 11:13 - 2011-06-23 20:14 - 00000000 ____D C:\Users\ZS022\AppData\Roaming\uTorrent
2013-05-06 11:11 - 2012-12-11 10:20 - 00000946 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-05 21:23 - 2011-09-21 14:51 - 00000000 ____D C:\Users\ZS022\Desktop\Škola
2013-05-04 14:51 - 2013-05-04 14:56 - 00628743 ____A C:\Users\ZS022\Desktop\adwcleaner.exe
2013-05-04 13:38 - 2010-11-08 13:56 - 01923397 ____A C:\Windows\WindowsUpdate.log
2013-05-04 13:35 - 2009-07-14 05:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-04 13:35 - 2009-07-14 05:45 - 00016304 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-04 01:17 - 2012-12-11 10:20 - 00000950 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-04 01:10 - 2013-01-13 01:10 - 00000000 ____D C:\Users\ZS022\AppData\Roaming\Skype
2013-05-04 00:56 - 2013-03-15 08:41 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-03 23:58 - 2009-07-14 16:18 - 00635466 ____A C:\Windows\System32\perfh005.dat
2013-05-03 23:58 - 2009-07-14 16:18 - 00124208 ____A C:\Windows\System32\perfc005.dat
2013-05-03 23:58 - 2009-07-14 06:13 - 01482600 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-03 18:31 - 2013-05-03 18:24 - 248774454 ____A C:\Users\ZS022\Downloads\Greys.Anatomy.S09E22.HDTV.x264-LOL.mp4
2013-05-03 03:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-05-02 01:06 - 2011-04-17 10:49 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-30 11:49 - 2013-04-30 11:46 - 173500023 ____A C:\Users\ZS022\Downloads\How.I.Met.Your.Mother.S08E22.HDTV.x264-LOL.mp4
2013-04-29 21:11 - 2013-04-29 21:11 - 00078313 ____A C:\Users\ZS022\Downloads\model rustu prezentace.pptx
2013-04-29 18:22 - 2013-04-29 18:16 - 214040111 ____A C:\Users\ZS022\Downloads\Greys.Anatomy.S09E21.HDTV.x264-LOL.mp4
2013-04-27 13:28 - 2013-04-27 13:28 - 00278224 ____A C:\Windows\Minidump\042713-21216-01.dmp
2013-04-27 13:28 - 2013-02-12 09:09 - 00000000 ____D C:\Windows\Minidump
2013-04-25 20:15 - 2013-04-25 20:02 - 734777344 ____A C:\Users\ZS022\Downloads\The.Prestige.2006.DvDrip.Eng-aXXo.(www.USABIT.com).avi
2013-04-25 07:31 - 2013-04-25 07:31 - 03891540 ____A C:\Users\ZS022\Downloads\Nippert_Karel-in_out_podk (1).rar
2013-04-24 22:49 - 2013-04-24 22:49 - 03891540 ____A C:\Users\ZS022\Downloads\Nippert_Karel-in_out_podk.rar
2013-04-22 18:26 - 2013-03-12 14:47 - 00000000 ____D C:\Users\ZS022\Desktop\Stisk
2013-04-21 21:22 - 2013-03-04 16:55 - 00000000 ____D C:\Users\ZS022\Desktop\PLATFORMA
2013-04-20 18:06 - 2013-04-20 17:57 - 00000000 ____D C:\Users\ZS022\Downloads\Submarine 2011 DVDRip Xvid UnKnOwN
2013-04-19 20:24 - 2013-04-19 20:23 - 00000000 ____D C:\Users\ZS022\Downloads\Shame.2011.LIMITED.DVDRip.XviD-AMIABLE
2013-04-18 23:05 - 2013-04-18 22:32 - 582048542 ____A C:\Users\ZS022\Downloads\Duna-audiokniha---cte-Igor-Smrzik-1993-(Herbert-Frank-audiobook)-CD1.zip
2013-04-18 20:33 - 2013-04-18 20:01 - 00000000 ____D C:\Users\ZS022\Downloads\Silver Linings Playbook (2012) [1080p]
2013-04-18 20:09 - 2013-04-18 20:09 - 00000000 ____D C:\Users\ZS022\Downloads\SILVER LININGS DVDRIP EDAW2013
2013-04-18 20:09 - 2013-04-18 20:07 - 00000000 ____D C:\Users\ZS022\Downloads\The.Mist[2007]DvDrip[Eng]-aXXo
2013-04-18 11:30 - 2012-02-02 10:25 - 00000000 ____D C:\Users\ZS022\Desktop\fotky
2013-04-17 20:35 - 2013-04-17 19:44 - 00000000 ____D C:\Users\ZS022\Downloads\V for Vendetta (2006) [1080p]
2013-04-16 20:42 - 2013-04-16 20:42 - 00071847 ____A C:\Users\ZS022\Downloads\Donnie-Darko(0000178790).srt
2013-04-16 19:39 - 2013-04-16 19:38 - 00000000 ____D C:\Users\ZS022\Downloads\Donnie Darko DIRECTORS CUT (2001) [1080p]
2013-04-16 15:05 - 2013-03-14 14:10 - 00000000 ____D C:\Users\ZS022\Desktop\shake
2013-04-16 12:10 - 2013-04-16 12:02 - 178269063 ____A C:\Users\ZS022\Downloads\How.I.Met.Your.Mother.S08E21.HDTV.x264-LOL.mp4
2013-04-14 12:06 - 2013-04-14 12:06 - 00558738 ____A C:\Users\ZS022\Downloads\Bez názvu 2.psd
2013-04-13 14:44 - 2013-04-13 14:44 - 00109609 ____A C:\Users\ZS022\Downloads\levibrush.zip
2013-04-12 15:45 - 2013-04-24 08:50 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 09:32 - 2010-11-08 14:10 - 00070662 ____A C:\Windows\PFRO.log
2013-04-11 09:28 - 2013-04-11 09:29 - 00262560 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-04-11 09:28 - 2013-04-11 09:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-11 09:28 - 2013-04-11 09:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-11 09:28 - 2012-12-31 13:31 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-11 09:28 - 2012-08-21 14:31 - 00861088 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-04-11 09:28 - 2010-09-13 14:54 - 00782240 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-04-11 09:24 - 2013-04-11 09:23 - 00896928 ____A (Oracle Corporation) C:\Users\ZS022\Downloads\chromeinstall-7u17.exe
2013-04-11 09:23 - 2011-04-18 19:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-10 22:49 - 2009-07-14 05:45 - 05061208 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-10 22:42 - 2011-09-14 14:02 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-10 22:40 - 2011-04-04 11:28 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-04-10 12:26 - 2013-04-10 12:26 - 03919253 ____A C:\Users\ZS022\Downloads\vecurek.rar
2013-04-10 08:40 - 2013-04-10 08:40 - 04553504 ____A C:\Users\ZS022\Downloads\Petru_Vaclav-Vaclav_Petru_in__out.rar

Other Malware:
===========
C:\Users\ZS022\AppData\Roaming\skype.dat
C:\Users\ZS022\AppData\Roaming\skype.ini
C:\ProgramData\0tbpw.bat
C:\ProgramData\0tbpw.pad
C:\ProgramData\0tbpw.reg
C:\ProgramData\ezsidmv.dat

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-27 17:49:26
Restore point made on: 2013-05-01 08:14:01

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 2930.67 MB
Available physical RAM: 2393.66 MB
Total Pagefile: 2928.82 MB
Available Pagefile: 2389.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:15.92 GB) NTFS (Disk=0 Partition=2)
Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:2.5 GB) NTFS (Disk=0 Partition=3)
Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.18 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]
Drive f: (InstallWin7*) (CDROM) (Total:3.69 GB) (Free:0 GB) CDFS
Drive h: () (Removable) (Total:0.92 GB) (Free:0.92 GB) FAT (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: DB5AF07F)
Partition 1: (Active) - (Size=400 MB) - (Type=27)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

====================================================================
Disk: 2 (Size: 946 MB) (Disk ID: 20796B73)
Partition 1: (Not Active) - (Size=834 GB) - (Type=A0)
Partition 2: (Not Active) - (Size=932 GB) - (Type=64)
Partition 3: (Not Active) - (Size=-820995801088) - (Type=6A)
Partition 4: (Not Active) - (Size=-336796844032) - (Type=75)

Last Boot: 2013-04-24 07:57

==================== End Of Log ============================

karll · #5 Příspěvek od **karll** » 07 kvě 2013 21:18

ok, dikec

karll · #6 Příspěvek od **karll** » 08 kvě 2013 13:09

Logfile of random's system information tool 1.08 (written by random/random)
Run by ZS022 at 2013-05-08 13:59:26
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 16 GB (11%) free of 153 GB
Total RAM: 2931 MB (35% free)

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe 31232096
\??\C:\Windows\system32\conhost.exe "-1911924895-1776038122-202899190110581472848618133281194822180349863870838038824
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe"
"C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe" -s
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe"
"c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe"
WLIDSvcM.exe 1408
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b8a2e241-4cf7-4e95-ad7b-7b85c8fb08f4 -SystemEventPortName:HostProcess-1570050a-dad4-4f0a-a6e3-24bd86d7394c -IoCancelEventPortName:HostProcess-2fb7cff6-6f35-470f-a55c-999702e16075 -NonStateChangingEventPortName:HostProcess-2f9f134d-3516-412a-b240-eac798a2b284 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:96b21ee8-6ba2-4e51-afff-ef8c53ae7cc8 -DeviceGroupId:WpdFsGroup
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskhost.exe USER
"C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe"
"C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe"
"C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /FORPCEE3
"C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe"
"C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe"
"C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe"
"C:\Windows\System32\M-AudioTaskBarIcon.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe" -autorun
"C:\Users\ZS022\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe"
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
"C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\igfxext.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\\TosA2dp.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\\TosBtHid.exe"
"C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\\TosBtHsp.exe"
taskeng.exe {328B8EA1-991D-49E0-8A1F-39B4591EBF97}
"C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe"
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"
taskeng.exe {50D7EDAA-0332-4EE3-9241-BF38C64DEC86}
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"
{D6F08049-0D8B-4DCB-AC49-99F072C919D3}
{DEB5F5AC-1706-4C0B-AD7F-8D162586A216}
{47C97977-6D44-4A4F-8684-72C7A83E235D}
"C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4108.0.143405714\1246979725" --supports-dual-gpus=false --gpu-vendor-id=0x8086 --gpu-device-id=0x0046 --gpu-driver-vendor="Intel Corporation" --gpu-driver-version=8.15.10.2189 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/2/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwndMin16/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_81/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --channel="4108.3.1740739709\1298970461" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4108.4.1225205173\1817259579" --lang=cs --ignored=" --type=renderer " /prefetch:13
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=AutocompleteDynamicTrial_0/LiveSpellingExperiment/ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/2/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictor/Disabled/SpdyCwnd/cwndMin16/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-1-Percent/group_81/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-50-Percent/default/ --renderer-print-preview --enable-threaded-compositing --channel="4108.6.655713461\896973678" /prefetch:3
"C:\Users\ZS022\Downloads\RSITx64.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll [2011-03-28 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-11 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\ZS022\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-04-01 141184]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-11 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19 529784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll [2011-05-09 176936]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll [2011-03-28 176936]
{eec0f710-38b5-4aba-99bf-ec87564a4e13} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll [2012-02-10 1307928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2010-04-23 595816]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-07-09 38304]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2010-05-11 1050072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-08-10 161304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-08-10 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-08-10 415256]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-07-28 11101800]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2010-07-28 2120808]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2010-05-25 505768]
"SmoothView"=C:\Program Files\Toshiba\SmoothView\SmoothView.exe [2009-08-13 570680]
"00TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-05-10 915320]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-03-10 2052392]
"SmartFaceVWatcher"=C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [2009-10-19 238080]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-02-05 709976]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [2010-04-19 136136]
"M-Audio Taskbar Icon"=C:\Windows\system32\M-AudioTaskBarIcon.exe [2010-12-07 798728]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15 499608]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2013-03-04 6330568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-04-11 3672384]
"T-Mobile Communication Centre"=C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\Manager.exe [2011-11-22 1363984]
"Spotify Web Helper"=C:\Users\ZS022\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [2012-12-19 1199576]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28 18642024]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"NBAgent"=c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [2010-03-09 1086760]
"Microsoft Default Manager"=C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]
"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-02-22 352256]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2010-08-15 34160]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START []
"TWebCamera"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2010-05-01 2454840]
"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2009-10-06 1294136]
"NPSStartup"= []
"DigidesignMMERefresh"=C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [2010-06-24 77824]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"AdobeCS5.5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth Manager.lnk - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-07-29 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-05-08 13:59:27 ----D---- C:\Program Files\trend micro
2013-05-08 13:59:26 ----D---- C:\rsit
2013-05-07 22:28:59 ----D---- C:\FRST
2013-05-06 13:40:59 ----D---- C:\$WINDOWS.~BT
2013-05-06 13:17:43 ----ASH---- C:\WinPEpge.sys
2013-04-24 09:50:49 ----A---- C:\Windows\system32\drivers\ntfs.sys
2013-04-11 10:29:42 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-04-11 10:29:07 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-04-11 10:29:07 ----A---- C:\Windows\SYSWOW64\java.exe
2013-04-10 09:38:59 ----A---- C:\Windows\SYSWOW64\mstscax.dll
2013-04-10 09:38:59 ----A---- C:\Windows\system32\mstscax.dll
2013-04-10 09:38:58 ----A---- C:\Windows\SYSWOW64\aaclient.dll
2013-04-10 09:38:57 ----A---- C:\Windows\SYSWOW64\tsgqec.dll
2013-04-10 09:38:57 ----A---- C:\Windows\system32\tsgqec.dll
2013-04-10 09:38:57 ----A---- C:\Windows\system32\aaclient.dll
2013-04-10 09:38:43 ----A---- C:\Windows\system32\win32k.sys
2013-04-10 09:38:37 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-04-10 09:38:31 ----A---- C:\Windows\system32\mshtml.dll
2013-04-10 09:38:28 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-04-10 09:38:27 ----A---- C:\Windows\system32\ieframe.dll
2013-04-10 09:38:24 ----A---- C:\Windows\system32\msfeeds.dll
2013-04-10 09:38:21 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-04-10 09:38:21 ----A---- C:\Windows\system32\urlmon.dll
2013-04-10 09:38:20 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-04-10 09:38:19 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-04-10 09:38:19 ----A---- C:\Windows\system32\wininet.dll
2013-04-10 09:38:19 ----A---- C:\Windows\system32\iertutil.dll
2013-04-10 09:38:18 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-04-10 09:38:17 ----A---- C:\Windows\SYSWOW64\url.dll
2013-04-10 09:38:17 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-04-10 09:38:17 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-04-10 09:38:17 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-04-10 09:38:17 ----A---- C:\Windows\system32\url.dll
2013-04-10 09:38:17 ----A---- C:\Windows\system32\mshtmled.dll
2013-04-10 09:38:17 ----A---- C:\Windows\system32\jsproxy.dll
2013-04-10 09:38:17 ----A---- C:\Windows\system32\ieui.dll
2013-04-10 09:38:10 ----A---- C:\Windows\system32\drivers\fvevol.sys
2013-04-10 09:38:06 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-04-10 09:38:04 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-04-10 09:38:04 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-04-10 09:38:03 ----A---- C:\Windows\SYSWOW64\apisetschema.dll
2013-04-10 09:38:03 ----A---- C:\Windows\system32\smss.exe
2013-04-10 09:38:03 ----A---- C:\Windows\system32\csrsrv.dll

======List of files/folders modified in the last 1 months======

2013-05-08 14:44:19 ----HD---- C:\ProgramData
2013-05-08 13:59:37 ----D---- C:\Windows\Temp
2013-05-08 13:59:27 ----RD---- C:\Program Files
2013-05-08 13:58:05 ----SHD---- C:\System Volume Information
2013-05-08 13:50:10 ----D---- C:\Windows\system32\config
2013-05-08 13:47:47 ----A---- C:\Windows\SYSWOW64\log.txt
2013-05-06 12:13:03 ----D---- C:\Users\ZS022\AppData\Roaming\uTorrent
2013-05-04 21:54:55 ----A---- C:\Windows\ntbtlog.txt
2013-05-04 02:10:13 ----D---- C:\Users\ZS022\AppData\Roaming\Skype
2013-05-04 00:58:42 ----D---- C:\Windows\System32
2013-05-04 00:58:42 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-04 00:58:41 ----D---- C:\Windows\inf
2013-05-03 04:42:09 ----D---- C:\Windows\LiveKernelReports
2013-05-02 02:06:08 ----N---- C:\Windows\system32\MpSigStub.exe
2013-05-01 09:14:25 ----D---- C:\Windows\Prefetch
2013-04-27 14:32:02 ----D---- C:\Windows
2013-04-27 14:28:41 ----D---- C:\Windows\Minidump
2013-04-24 13:32:56 ----D---- C:\Windows\system32\catroot2
2013-04-24 13:31:35 ----D---- C:\Windows\winsxs
2013-04-24 13:30:31 ----D---- C:\Windows\system32\drivers
2013-04-24 09:47:45 ----D---- C:\Windows\system32\catroot
2013-04-11 10:29:42 ----SHD---- C:\Windows\Installer
2013-04-11 10:29:42 ----D---- C:\Windows\SysWOW64
2013-04-11 10:28:57 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-04-11 10:28:46 ----A---- C:\Windows\SYSWOW64\npdeployJava1.dll
2013-04-11 10:28:45 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2013-04-11 10:23:45 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-04-10 23:47:17 ----D---- C:\Program Files (x86)\Internet Explorer
2013-04-10 23:47:16 ----D---- C:\Windows\SYSWOW64\migration
2013-04-10 23:47:16 ----D---- C:\Windows\system32\migration
2013-04-10 23:47:15 ----D---- C:\Program Files\Internet Explorer
2013-04-10 23:42:01 ----A---- C:\Windows\system32\MRT.exe
2013-04-10 23:40:42 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-01-15 538136]
R0 LPCFilter;LPC Lower Filter Driver; C:\Windows\system32\DRIVERS\LPCFilter.sys [2010-03-22 46192]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 Tpkd;Tpkd; C:\Windows\system32\drivers\Tpkd.sys [2009-12-23 105592]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-28 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2009-07-28 81768]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2013-01-10 139768]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-11-08 3058168]
R3 CeKbFilter;CeKbFilter; C:\Windows\system32\DRIVERS\CeKbFilter.sys [2010-11-08 20592]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-09 87040]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-07-29 10610400]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-07-28 2445672]
R3 PGEffect;Pangu effect driver; C:\Windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 11264]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-03-10 316464]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2009-06-17 54664]
R3 tosrfec;Bluetooth ACPI; C:\Windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-04-28 862704]
S3 a4djavs;Audio 4 DJ WDM Audio; C:\Windows\System32\Drivers\a4djavs.sys [2012-02-22 358480]
S3 a4djusb_svc;Audio 4 DJ; C:\Windows\System32\Drivers\a4djusb.sys [2012-02-22 97360]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2010-03-20 13952]
S3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2011-09-09 98304]
S3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2011-09-09 28672]
S3 huawei_wwanecm;huawei_wwanecm; C:\Windows\system32\DRIVERS\ew_juwwanecm.sys [2011-09-09 218624]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack; C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [2010-12-07 187912]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-07-30 19456]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-07-30 26624]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys [2010-01-07 232992]
S3 TFsExDisk;TFsExDisk; \??\C:\Windows\System32\Drivers\TFsExDisk.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2010-04-07 214248]
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2009-06-19 50664]
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2009-06-19 94336]
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2009-07-24 26472]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2010-04-26 63488]
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2010-05-13 59704]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-07-30 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2010-07-30 9216]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ameisvc;Web'n'walk Manager mobile equipment installation service; C:\Program Files (x86)\T-Mobile\Web'n'walk Manager\ameisvc.exe [2011-06-24 123120]
R2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R2 DigiRefresh;Digidesign MME Refresh Service; C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe [2010-06-24 77824]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2013-03-04 1341664]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-27 1811456]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-03 268824]
R2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor; C:\Program Files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [2010-10-06 1636872]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2010-01-15 935208]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-05-25 489384]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2010-04-12 196976]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-15 253656]
S3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-11 116648]
S3 ose64;Office 64 Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-17 1255736]

-----------------EOF-----------------

karll · #7 Příspěvek od **karll** » 08 kvě 2013 13:24

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-05-2013
Ran by SYSTEM at 2013-05-08 13:44:18 Run:1
Running from H:\
Boot Mode: Recovery
==============================================

HKEY_USERS\ZS022\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\ZS022\AppData\Roaming\skype.ini => Moved successfully.

========= del "C:\Users\ZS022\AppData\Roaming\skype.dat" =========

========= End of CMD: =========

========= del "C:\Users\ZS022\AppData\Roaming\skype.ini" =========

Nelze najˇt C:\Users\ZS022\AppData\Roaming\skype.ini.

========= End of CMD: =========

========= del "C:\ProgramData\0tbpw.bat" =========

========= End of CMD: =========

========= del "C:\ProgramData\0tbpw.pad" =========

========= End of CMD: =========

========= del "C:\ProgramData\0tbpw.reg" =========

========= End of CMD: =========

========= del "C:\ProgramData\ezsidmv.dat" =========

Nelze najˇt C:\ProgramData\ezsidmv.dat.

========= End of CMD: =========

==== End of Fixlog ====

karll · #8 Příspěvek od **karll** » 08 kvě 2013 13:43

tak ten soubor 0tbpw.pad tam neni

akorat to s tim hkeyem a regeditem moc netusim, co to je, resp co udelat.? a skody na pc myslis ve ztrate dat?

a kdyz bych potom jeste chtel radu jak si procistit pc - promazat disky, registry aatd /sam netusim, co vsechno je mozny/, mam si zalozit novy vlakno v jine sekci tady na tom foru, nebo s tim jeste otravovat tebe?

karll · #9 Příspěvek od **karll** » 08 kvě 2013 13:49

tak regedit uz jsem nasel,.. ale kdyz dojedu do too windows tak tam je shell extensions a v tom cached a pak m,i to vyjede seznam nejakych souboru ci co,.. to mam zkopirovat? nnebo jsem spatne?

karll · #10 Příspěvek od **karll** » 08 kvě 2013 20:19

zatim to vypada, ze vsechno funguje normalne a nic nechybi

kazdopadne ti patri me velke diky

VIRY.CZ

policejni virus - blok Windows

policejni virus - blok Windows

Re: policejni virus - blok Windows

Re: policejni virus - blok Windows

Re: policejni virus - blok Windows

Re: policejni virus - blok Windows

Re: policejni virus - blok Windows

Re: policejni virus - blok Windows

Re: policejni virus - blok Windows

Re: policejni virus - blok Windows

Re: policejni virus - blok Windows