Hacker z egypta sam zapina webku a ovlada notebook

[mishel]

Dobrý den,

asi před týdnem se mi zpomalil notebook a začaly vyskakovat okna o jakémsi hackerovi z Egypta. Dále se sama od sebe zapíná webka a na obrazovce se objevily obrázky o všech jím hacknutých počítačích. Občas se mi sama od sebe pohybuje myš a při startu PC se mi zobrazujou jakási 4 okna.

Zde posílám LOG:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Lída at 2013-12-11 20:51:50
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 257 GB (69%) free of 375 GB
Total RAM: 3532 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:52:02, on 11.12.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
C:\Users\Lída\AppData\Roaming\ICQM\icq.exe
C:\Users\Lída\AppData\Local\Temp\tovvwibjfy.exe
C:\Users\Lída\AppData\Roaming\trojan.exe
C:\Users\Lída\AppData\Local\Temp\googlesearch.exe
C:\Users\Lída\AppData\Roaming\explOrer.exe
C:\Users\Lída\Server.exe
C:\Users\Lída\AppData\Local\Temp\opra.exe
C:\Users\Lída\AppData\Local\Temp\Intel.exe
C:\Users\Lída\AppData\Local\Temp\microsoft.exe
C:\Users\Lída\Systeme32.exe
C:\ProgramData\Windows Update.exe
C:\Users\Lída\AppData\Local\Temp\svchost.exe
C:\Users\Lída\AppData\Local\Temp\Systeme.exe
C:\Users\Lída\AppData\Local\Temp\cmd.exe
C:\ProgramData\Svhost.exe
C:\Users\Lída\AppData\Local\Temp\file.exe
C:\Users\Lída\AppData\Local\Temp\win32.exe
C:\Users\Lída\AppData\Local\Temp\exploler.exe
C:\Users\Lída\AppData\Local\Temp\chromedf.exe
C:\Users\Lída\trojan.exe
C:\Users\Lída\AppData\Local\Temp\hell.exe
C:\Users\Lída\AppData\Roaming\systems.exe
C:\Users\Lída\AppData\Local\Temp\google.exe
C:\Users\Lída\AppData\Local\Temp\DUC.exe
C:\Users\Lída\AppData\Local\Temp\dllhost.exe
C:\Users\Lída\AppData\Local\Temp\Explorer.exe
C:\Users\Lída\AppData\Roaming\Windows\Windows Update.exe
C:\Users\Lída\AppData\Local\Temp\windows.exe
C:\Users\Lída\chrome.exe
C:\ProgramData\System32.exe
C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\Lída\AppData\Local\VNT\vntldr.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Users\Lída\AppData\Roaming\svchost.exe
C:\Users\LDA~1\AppData\Local\Temp\k4jlout935.exe
C:\Users\LDA~1\AppData\Local\Temp\torjan.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Lída.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?p2=%5EB1V%5E ... 08-29&psv=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Ask Toolbar BHO - {41545534-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll" (file missing)
O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll
O3 - Toolbar: Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll" (file missing)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [BtTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SgfxConfig] "C:\Program Files\SGFX\sgfxconfig.exe"
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKLM\..\Run: [VNT] C:\Program Files (x86)\VNT\vntldr.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [icq] C:\Users\Lída\AppData\Roaming\ICQM\icq.exe -CU
O4 - HKCU\..\Run: [5cd8f17f4086744065eb0992a09e05a2] "C:\Users\Lída\AppData\Local\Temp\tovvwibjfy.exe" ..
O4 - HKCU\..\Run: [9d40b6eb9ca0a7f1a306069df9bc9136] "C:\Users\Lída\AppData\Roaming\trojan.exe" ..
O4 - HKCU\..\Run: [60c9176a075b1be41f8216a66439d29e] "C:\Users\Lída\AppData\Local\Temp\googlesearch.exe" ..
O4 - HKCU\..\Run: [48a0efff37a904b63b749f320dc9c55c] "C:\Users\Lída\AppData\Roaming\explOrer.exe" ..
O4 - HKCU\..\Run: [Update] "C:\Users\Lída\Server.exe" ..
O4 - HKCU\..\Run: [bd4419b843c4263758d992346c730388] "C:\Users\Lída\AppData\Local\Temp\opra.exe" ..
O4 - HKCU\..\Run: [c903107e08461f3020963aec953803a7] "C:\Users\Lída\AppData\Local\Temp\Intel.exe" ..
O4 - HKCU\..\Run: [2320633bbd5b9c41d628d6d2b760a34d] "C:\Users\Lída\AppData\Local\Temp\System32.exe" ..
O4 - HKCU\..\Run: [53b6f6cbe7c28bb1a6deaf6cf4f17fd8] "C:\Users\Lída\AppData\Local\Temp\microsoft.exe" ..
O4 - HKCU\..\Run: [a0176c5b53163cc2683bce2fd21f05c3] "C:\Users\Lída\Systeme32.exe" ..
O4 - HKCU\..\Run: [bc15d6c16aeea623a7c71f20d325b17c] "C:\ProgramData\Windows Update.exe" ..
O4 - HKCU\..\Run: [ba4c12bee3027d94da5c81db2d196bfd] "C:\Users\Lída\AppData\Local\Temp\svchost.exe" ..
O4 - HKCU\..\Run: [b9ec89289dab6df6e14b63f432ba8b83] "C:\Users\Lída\AppData\Local\Temp\Chorme.exe" ..
O4 - HKCU\..\Run: [b7a6b3f1a13aae96b96b0c63d16d969c] "C:\Users\Lída\AppData\Local\Temp\Systeme.exe" ..
O4 - HKCU\..\Run: [32a790c25e2a4b645e827300e906d14b] "C:\Users\Lída\AppData\Local\Temp\cmd.exe" ..
O4 - HKCU\..\Run: [3c2d058b78e0e80fe15a514f5ef9ead3] "C:\ProgramData\Svhost.exe" ..
O4 - HKCU\..\Run: [1052b8e9071d5b658c32c84c463014f5] "C:\Users\Lída\AppData\Local\Temp\file.exe" ..
O4 - HKCU\..\Run: [45ca55fc1756e880072f0dde4455397b] "C:\Users\Lída\AppData\Local\Temp\win32.exe" ..
O4 - HKCU\..\Run: [gyimttbobx] "C:\Users\LDA~1\AppData\Local\Temp\gyimttbobx..vbs"
O4 - HKCU\..\Run: [ab912169f57182bbb6eecdf2611949b8] "C:\Users\Lída\AppData\Local\Temp\exploler.exe" ..
O4 - HKCU\..\Run: [GYIMTT~1] "C:\Users\LDA~1\AppData\Local\Temp\GYIMTT~1.VBS"
O4 - HKCU\..\Run: [29b5f06a07f9316eb1878742ab018f7c] "C:\Users\Lída\AppData\Local\Temp\chromedf.exe" ..
O4 - HKCU\..\Run: [b50051819533f2d1347931376cb9458e] "C:\Users\Lída\trojan.exe" ..
O4 - HKCU\..\Run: [2a4ad2d0f2f1593b8cb854c8b1ec9865] "C:\Users\Lída\AppData\Local\Temp\hell.exe" ..
O4 - HKCU\..\Run: [hmmnetrkjq] "C:\Users\LDA~1\AppData\Local\Temp\hmmnetrkjq..vbs"
O4 - HKCU\..\Run: [xiksvkhxzu] "C:\Users\LDA~1\AppData\Local\Temp\xiksvkhxzu..vbs"
O4 - HKCU\..\Run: [534d634341a0c547a5de4038c15e5d22] "C:\Users\Lída\AppData\Roaming\systems.exe" ..
O4 - HKCU\..\Run: [85ce27c90f0ba2b98ceb888e2ca7acde] "C:\Users\Lída\AppData\Local\Temp\google.exe" ..
O4 - HKCU\..\Run: [e077c0756ac151f556d69ca70fe1c794] "C:\Users\Lída\AppData\Local\Temp\DUC.exe" ..
O4 - HKCU\..\Run: [bb62e28591030e826081bf1f4a74c0b8] "C:\Users\Lída\AppData\Local\Temp\dllhost.exe" ..
O4 - HKCU\..\Run: [072c160efd85a5017cdd3e99d0fef4a1] "C:\Users\Lída\AppData\Roaming\dwmn.exe" ..
O4 - HKCU\..\Run: [HMMNET~1] "C:\Users\LDA~1\AppData\Local\Temp\HMMNET~1.VBS"
O4 - HKCU\..\Run: [XIKSVK~1] "C:\Users\LDA~1\AppData\Local\Temp\XIKSVK~1.VBS"
O4 - HKCU\..\Run: [ed6e2bf930f6d35b3ac57c049d10ac2c] "C:\Users\Lída\AppData\Local\Temp\Explorer.exe" ..
O4 - HKCU\..\Run: [Windows Update] C:\Users\Lída\AppData\Roaming\Windows\Windows Update.exe
O4 - HKCU\..\Run: [78f45ff47c4eda4648e179b89466e742] "C:\Users\Lída\AppData\Local\Temp\googlechrome.exe" ..
O4 - HKCU\..\Run: [ecc7c8c51c0850c1ec247c7fd3602f20] "C:\Users\Lída\AppData\Local\Temp\windows.exe" ..
O4 - HKCU\..\Run: [d709f34a2bc48c2ecfacf26803c2c376] "C:\Users\Lída\chrome.exe" ..
O4 - HKCU\..\Run: [e762428b721a1de0e50cb93c91ca629c] "C:\ProgramData\System32.exe" ..
O4 - HKCU\..\Run: [23556fb1360f366337f97c924e76ead3] "C:\Users\Lída\AppData\Roaming\svchost.exe" ..
O4 - HKCU\..\Run: [505f5b3f6791647d774c4ebf1074774c] "C:\Users\Lída\AppData\Local\Temp\k4jlout935.exe" ..
O4 - HKCU\..\Run: [ad0cf09be9d9be35254a664a06d4d9b1] "C:\Users\Lída\AppData\Local\Temp\torjan.exe" ..
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: 072c160efd85a5017cdd3e99d0fef4a1.exe
O4 - Startup: 1052b8e9071d5b658c32c84c463014f5.exe
O4 - Startup: 1187119_514198282007389_1631940587_nfd.exe
O4 - Startup: 2320633bbd5b9c41d628d6d2b760a34d.exe
O4 - Startup: 23556fb1360f366337f97c924e76ead3.exe
O4 - Startup: 29b5f06a07f9316eb1878742ab018f7c.exe
O4 - Startup: 2a4ad2d0f2f1593b8cb854c8b1ec9865.exe
O4 - Startup: 32a790c25e2a4b645e827300e906d14b.exe
O4 - Startup: 3c2d058b78e0e80fe15a514f5ef9ead3.exe
O4 - Startup: 45ca55fc1756e880072f0dde4455397b.exe
O4 - Startup: 534d634341a0c547a5de4038c15e5d22.exe
O4 - Startup: 5cd8f17f4086744065eb0992a09e05a2.exe
O4 - Startup: 60c9176a075b1be41f8216a66439d29e.exe
O4 - Startup: 78f45ff47c4eda4648e179b89466e742.exe
O4 - Startup: 85ce27c90f0ba2b98ceb888e2ca7acde.exe
O4 - Startup: a0176c5b53163cc2683bce2fd21f05c3.exe
O4 - Startup: b7a6b3f1a13aae96b96b0c63d16d969c.exe
O4 - Startup: b9ec89289dab6df6e14b63f432ba8b83.exe
O4 - Startup: bc15d6c16aeea623a7c71f20d325b17c.exe
O4 - Startup: bd4419b843c4263758d992346c730388.exe
O4 - Startup: d709f34a2bc48c2ecfacf26803c2c376.exe
O4 - Startup: e077c0756ac151f556d69ca70fe1c794.exe
O4 - Startup: e762428b721a1de0e50cb93c91ca629c.exe
O4 - Startup: ed6e2bf930f6d35b3ac57c049d10ac2c.exe
O4 - Startup: gyimttbobx..vbs
O4 - Startup: hmmnetrkjq..vbs
O4 - Startup: imtZMIjKhZGECsY6UTdiUlJHXTPIpa.exe
O4 - Startup: maram?gpj.Scr
O4 - Startup: MKBHnoD29n6gen7W6zTxtZ8Jygh9.exe
O4 - Startup: NguBzSyCwakSCnbRGTrZsl4LG8R.exe
O4 - Startup: saa.exe
O4 - Startup: Server1.exe
O4 - Startup: sqlmap.rar
O4 - Startup: Update.exe
O4 - Startup: Windows Run.exe
O4 - Startup: xiksvkhxzu..vbs
O4 - Startup: ZRPaFQCKz95ZWs8sHxUSZ69Hbcd.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: COMODO Dragon Update Service (DragonUpdater) - Unknown owner - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SGFX Manager (SGFXMgr) - SMSC - C:\Program Files\SGFX\sgfxmgr.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater17.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18659 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
winlogon.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe"
atieclxx
"C:\Program Files\SGFX\sgfxmgr.exe"
"C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe"
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe"
"C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe"
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe" 72648 "C:\ProgramData\AVG Secure Search\Logger\logger.properties"
\??\C:\Windows\system32\conhost.exe "2130500366-1140389628-1750887832-134357416-466665650-1679052766234072348-402402334
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe"
"C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Users\Lída\AppData\Roaming\ICQM\icq.exe" -CU
"C:\Users\Lída\AppData\Local\Temp\tovvwibjfy.exe" ..
"C:\Users\Lída\AppData\Roaming\trojan.exe" ..
"C:\Users\Lída\AppData\Local\Temp\googlesearch.exe" ..
"C:\Users\Lída\AppData\Roaming\explOrer.exe" ..
"C:\Users\Lída\Server.exe" ..
"C:\Users\Lída\AppData\Local\Temp\opra.exe" ..
"C:\Users\Lída\AppData\Local\Temp\Intel.exe" ..
"C:\Users\Lída\AppData\Local\Temp\System32.exe" ..
"C:\Users\Lída\AppData\Local\Temp\microsoft.exe" ..
"C:\Users\Lída\Systeme32.exe" ..
"C:\ProgramData\Windows Update.exe" ..
"C:\Users\Lída\AppData\Local\Temp\svchost.exe" ..
"C:\Users\Lída\AppData\Local\Temp\Systeme.exe" ..
"C:\Users\Lída\AppData\Local\Temp\cmd.exe" ..
"C:\ProgramData\Svhost.exe" ..
"C:\Users\Lída\AppData\Local\Temp\file.exe" ..
"C:\Users\Lída\AppData\Local\Temp\win32.exe" ..
"C:\Windows\System32\WScript.exe" "C:\Users\Lída\AppData\Local\Temp\gyimttbobx..vbs"
"C:\Users\Lída\AppData\Local\Temp\exploler.exe" ..
"C:\Users\Lída\AppData\Local\Temp\chromedf.exe" ..
"C:\Users\Lída\trojan.exe" ..
"C:\Users\Lída\AppData\Local\Temp\hell.exe" ..
"C:\Windows\System32\WScript.exe" "C:\Users\Lída\AppData\Local\Temp\hmmnetrkjq..vbs"
"C:\Users\Lída\AppData\Roaming\systems.exe" ..
"C:\Users\Lída\AppData\Local\Temp\google.exe" ..
"C:\Users\Lída\AppData\Local\Temp\DUC.exe" ..
"C:\Users\Lída\AppData\Local\Temp\dllhost.exe" ..
"C:\Windows\System32\WScript.exe" "C:\Users\Lída\AppData\Local\Temp\xiksvkhxzu..vbs"
"C:\Users\Lída\AppData\Local\Temp\Explorer.exe" ..
"C:\Users\Lída\AppData\Roaming\Windows\Windows Update.exe"
"C:\Users\Lída\AppData\Local\Temp\windows.exe" ..
"C:\Users\Lída\chrome.exe" ..
"C:\ProgramData\System32.exe" ..
"C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"
"C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\Program Files\SGFX\SgfxConfig.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" /start
"C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Users\Lída\AppData\Local\VNT\vntldr.exe" /EXEC
"C:\Windows\System32\WScript.exe" "C:\Users\LDA~1\AppData\Local\Temp\GYIMTT~1.VBS"
"C:\Windows\System32\WScript.exe" "C:\Users\LDA~1\AppData\Local\Temp\HMMNET~1.VBS"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\WScript.exe" "C:\Users\LDA~1\AppData\Local\Temp\XIKSVK~1.VBS"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe" -Embedding
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Users\Lída\AppData\Roaming\svchost.exe"
"C:\Users\LDA~1\AppData\Local\Temp\k4jlout935.exe"
"C:\Users\LDA~1\AppData\Local\Temp\torjan.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="7860.0.1577235509\925458240" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --reduce-gpu-sandbox --gpu-vendor-id=0x1002 --gpu-device-id=0x9992 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.947.1.1000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_06/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --instant-process --disable-html-notifications --channel="7860.13.955515780\1052166932" /prefetch:673131151
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderDisabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_06/UMA-Uniformity-Trial-10-Percent/group_04/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --renderer-print-preview --disable-html-notifications --channel="7860.15.656977850\1815768580" /prefetch:673131151
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
"C:\Users\Lída\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\WinZipDriverUpdater_UPDATES.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41545534-2D56-3700-76A7-7A786E7484D7}]
Ask Toolbar - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport_x64.dll [2013-11-06 13776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2011-06-08 81024]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14 175776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41545534-2D56-3700-76A7-7A786E7484D7}]
Ask Toolbar - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll [2013-11-06 12240]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
SteadyVideoBHO Class - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2011-06-08 69760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll [2013-12-10 3333144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{41545534-2D56-3700-76A7-7A786E7484D7} - Ask Toolbar - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport_x64.dll [2013-11-06 13776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll [2013-12-10 3333144]
{41545534-2D56-3700-76A7-7A786E7484D7} - Ask Toolbar - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll [2013-11-06 12240]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14 4372120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"=C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [2012-04-11 97280]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe [2012-03-14 15232]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-03-23 2184520]
"CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-17 767312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"icq"=C:\Users\Lída\AppData\Roaming\ICQM\icq.exe [2013-08-25 27598184]
"5cd8f17f4086744065eb0992a09e05a2"=C:\Users\Lída\AppData\Local\Temp\tovvwibjfy.exe [2013-12-06 29696]
"9d40b6eb9ca0a7f1a306069df9bc9136"=C:\Users\Lída\AppData\Roaming\trojan.exe [2013-12-06 29696]
"60c9176a075b1be41f8216a66439d29e"=C:\Users\Lída\AppData\Local\Temp\googlesearch.exe [2013-12-07 29696]
"48a0efff37a904b63b749f320dc9c55c"=C:\Users\Lída\AppData\Roaming\explOrer.exe [2013-12-07 29696]
"Update"=C:\Users\Lída\Server.exe [2013-12-07 61440]
"bd4419b843c4263758d992346c730388"=C:\Users\Lída\AppData\Local\Temp\opra.exe [2013-12-07 44544]
"c903107e08461f3020963aec953803a7"=C:\Users\Lída\AppData\Local\Temp\Intel.exe [2013-12-07 29696]
"2320633bbd5b9c41d628d6d2b760a34d"=C:\Users\Lída\AppData\Local\Temp\System [2013-12-09 29696]
"53b6f6cbe7c28bb1a6deaf6cf4f17fd8"=C:\Users\Lída\AppData\Local\Temp\microsoft.exe [2013-12-07 29696]
"a0176c5b53163cc2683bce2fd21f05c3"=C:\Users\Lída\Systeme32.exe [2013-12-07 29696]
"bc15d6c16aeea623a7c71f20d325b17c"=C:\ProgramData\Windows Update.exe [2013-12-07 155648]
"ba4c12bee3027d94da5c81db2d196bfd"=C:\Users\Lída\AppData\Local\Temp\svchost.exe [2013-12-07 29696]
"b9ec89289dab6df6e14b63f432ba8b83"=C:\Users\Lída\AppData\Local\Temp\Chorme.exe [2013-12-08 28160]
"b7a6b3f1a13aae96b96b0c63d16d969c"=C:\Users\Lída\AppData\Local\Temp\System [2013-12-09 29696]
"32a790c25e2a4b645e827300e906d14b"=C:\Users\Lída\AppData\Local\Temp\cmd.exe [2013-12-08 234496]
"3c2d058b78e0e80fe15a514f5ef9ead3"=C:\ProgramData\Svhost.exe [2013-12-08 44544]
"1052b8e9071d5b658c32c84c463014f5"=C:\Users\Lída\AppData\Local\Temp\file.exe [2013-12-08 29696]
"45ca55fc1756e880072f0dde4455397b"=C:\Users\Lída\AppData\Local\Temp\win32.exe [2013-12-08 29696]
"gyimttbobx"=C:\Users\LDA~1\AppData\Local\Temp\gyimttbobx..vbs [2013-12-08 11513]
"ab912169f57182bbb6eecdf2611949b8"=C:\Users\Lída\AppData\Local\Temp\exploler.exe [2013-12-08 29184]
"GYIMTT~1"=C:\Users\LDA~1\AppData\Local\Temp\GYIMTT~1.VBS [2013-12-08 11513]
"29b5f06a07f9316eb1878742ab018f7c"=C:\Users\Lída\AppData\Local\Temp\chromedf.exe [2013-12-09 29696]
"b50051819533f2d1347931376cb9458e"=C:\Users\Lída\trojan.exe [2013-12-09 29696]
"2a4ad2d0f2f1593b8cb854c8b1ec9865"=C:\Users\Lída\AppData\Local\Temp\hell.exe [2013-12-09 92672]
"hmmnetrkjq"=C:\Users\LDA~1\AppData\Local\Temp\hmmnetrkjq..vbs [2013-12-09 11513]
"xiksvkhxzu"=C:\Users\LDA~1\AppData\Local\Temp\xiksvkhxzu..vbs [2013-12-09 11513]
"534d634341a0c547a5de4038c15e5d22"=C:\Users\Lída\AppData\Roaming\systems.exe [2013-12-09 29696]
"85ce27c90f0ba2b98ceb888e2ca7acde"=C:\Users\Lída\AppData\Local\Temp\google.exe [2013-12-09 29696]
"e077c0756ac151f556d69ca70fe1c794"=C:\Users\Lída\AppData\Local\Temp\DUC.exe [2013-12-09 44544]
"bb62e28591030e826081bf1f4a74c0b8"=C:\Users\Lída\AppData\Local\Temp\dllhost.exe [2013-12-07 29696]
"072c160efd85a5017cdd3e99d0fef4a1"=C:\Users\Lída\AppData\Roaming\dwmn.exe [2013-12-09 29184]
"HMMNET~1"=C:\Users\LDA~1\AppData\Local\Temp\HMMNET~1.VBS [2013-12-09 11513]
"XIKSVK~1"=C:\Users\LDA~1\AppData\Local\Temp\XIKSVK~1.VBS [2013-12-09 11513]
"ed6e2bf930f6d35b3ac57c049d10ac2c"=C:\Users\Lída\AppData\Local\Temp\Explorer.exe [2013-12-10 29184]
"Windows Update"=C:\Users\Lída\AppData\Roaming\Windows\Windows Update.exe [2013-12-10 98304]
"78f45ff47c4eda4648e179b89466e742"=C:\Users\Lída\AppData\Local\Temp\googlechrome.exe [2013-12-10 60416]
"ecc7c8c51c0850c1ec247c7fd3602f20"=C:\Users\Lída\AppData\Local\Temp\windows.exe [2013-12-10 29696]
"d709f34a2bc48c2ecfacf26803c2c376"=C:\Users\Lída\chrome.exe [2013-12-10 29696]
"e762428b721a1de0e50cb93c91ca629c"=C:\ProgramData\System32.exe [2013-12-10 29696]
"23556fb1360f366337f97c924e76ead3"=C:\Users\Lída\AppData\Roaming\svchost.exe [2013-12-11 29696]
"505f5b3f6791647d774c4ebf1074774c"=C:\Users\Lída\AppData\Local\Temp\k4jlout935.exe [2013-12-11 29696]
"ad0cf09be9d9be35254a664a06d4d9b1"=C:\Users\Lída\AppData\Local\Temp\torjan.exe [2013-12-11 29696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-08 630952]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"BtTray"=C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [2012-09-19 371976]
"AVG_UI"=C:\Program Files (x86)\AVG\AVG2014\avgui.exe [2013-10-07 4908592]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2013-12-10 2471448]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"SgfxConfig"=C:\Program Files\SGFX\sgfxconfig.exe [2013-05-01 2233592]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [2012-09-12 334240]
""= []
"ApnTBMon"=C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [2013-11-06 1707472]
"VNT"=C:\Program Files (x86)\VNT\vntldr.exe [2013-11-06 202192]

C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
072c160efd85a5017cdd3e99d0fef4a1.exe
1052b8e9071d5b658c32c84c463014f5.exe
1187119_514198282007389_1631940587_nfd.exe
2320633bbd5b9c41d628d6d2b760a34d.exe
23556fb1360f366337f97c924e76ead3.exe
29b5f06a07f9316eb1878742ab018f7c.exe
2a4ad2d0f2f1593b8cb854c8b1ec9865.exe
32a790c25e2a4b645e827300e906d14b.exe
3c2d058b78e0e80fe15a514f5ef9ead3.exe
45ca55fc1756e880072f0dde4455397b.exe
534d634341a0c547a5de4038c15e5d22.exe
5cd8f17f4086744065eb0992a09e05a2.exe
60c9176a075b1be41f8216a66439d29e.exe
78f45ff47c4eda4648e179b89466e742.exe
85ce27c90f0ba2b98ceb888e2ca7acde.exe
a0176c5b53163cc2683bce2fd21f05c3.exe
b7a6b3f1a13aae96b96b0c63d16d969c.exe
b9ec89289dab6df6e14b63f432ba8b83.exe
bc15d6c16aeea623a7c71f20d325b17c.exe
bd4419b843c4263758d992346c730388.exe
d709f34a2bc48c2ecfacf26803c2c376.exe
e077c0756ac151f556d69ca70fe1c794.exe
e762428b721a1de0e50cb93c91ca629c.exe
ed6e2bf930f6d35b3ac57c049d10ac2c.exe
gyimttbobx..vbs
hmmnetrkjq..vbs
imtZMIjKhZGECsY6UTdiUlJHXTPIpa.exe
maram‮gpj.Scr
MKBHnoD29n6gen7W6zTxtZ8Jygh9.exe
NguBzSyCwakSCnbRGTrZsl4LG8R.exe
saa.exe
Server1.exe
sqlmap.rar
Update.exe
Windows Run.exe
xiksvkhxzu..vbs
ZRPaFQCKz95ZWs8sHxUSZ69Hbcd.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-12-11 20:51:50 ----D---- C:\rsit
2013-12-11 20:51:50 ----D---- C:\Program Files\trend micro
2013-12-11 16:17:04 ----A---- C:\Users\Lída\AppData\Roaming\svchost.exe.tmp
2013-12-11 16:16:39 ----A---- C:\Users\Lída\AppData\Roaming\svchost.exe
2013-12-10 21:32:36 ----A---- C:\ProgramData\System32.exe.tmp
2013-12-10 21:32:04 ----A---- C:\ProgramData\System32.exe
2013-12-10 19:33:02 ----D---- C:\Users\Lída\AppData\Roaming\Windows
2013-12-09 20:04:32 ----A---- C:\Users\Lída\AppData\Roaming\dwmn.exe.tmp
2013-12-09 20:04:08 ----A---- C:\Users\Lída\AppData\Roaming\dwmn.exe
2013-12-09 19:05:04 ----A---- C:\Users\Lída\AppData\Roaming\systems.exe.tmp
2013-12-09 19:04:35 ----A---- C:\Users\Lída\AppData\Roaming\systems.exe
2013-12-09 19:01:19 ----A---- C:\Users\Lída\AppData\Roaming\chrome.exe.tmp
2013-12-08 19:19:37 ----A---- C:\ProgramData\Svhost.exe.tmp
2013-12-08 19:19:34 ----A---- C:\ProgramData\Svhost.exe
2013-12-07 19:24:59 ----A---- C:\ProgramData\Windows Update.exe.tmp
2013-12-07 19:24:53 ----A---- C:\ProgramData\Windows Update.exe
2013-12-07 15:36:15 ----A---- C:\Users\Lída\AppData\Roaming\svshot.exe.tmp
2013-12-07 15:36:12 ----A---- C:\Users\Lída\AppData\Roaming\svshot.exe
2013-12-07 11:17:02 ----A---- C:\Users\Lída\AppData\Roaming\explOrer.exe.tmp
2013-12-07 11:16:59 ----A---- C:\Users\Lída\AppData\Roaming\explOrer.exe
2013-12-06 22:34:55 ----D---- C:\Windows\Minidump
2013-12-06 20:22:44 ----A---- C:\Users\Lída\AppData\Roaming\trojan.exe.tmp
2013-12-06 20:22:41 ----A---- C:\Users\Lída\AppData\Roaming\trojan.exe
2013-12-04 07:41:05 ----A---- C:\Windows\system32\IEUDINIT.EXE
2013-12-04 07:36:50 ----A---- C:\Windows\SYSWOW64\elshyph.dll
2013-12-04 07:36:50 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\wextract.exe
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\url.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\occache.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\msrating.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\msls31.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\mshta.exe
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\jsIntl.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\inseng.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\icardie.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2013-12-04 07:36:43 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2013-12-04 07:36:43 ----A---- C:\Windows\system32\wininet.dll
2013-12-04 07:36:43 ----A---- C:\Windows\system32\urlmon.dll
2013-12-04 07:36:43 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-12-04 07:36:43 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-04 07:36:43 ----A---- C:\Windows\system32\msrating.dll
2013-12-04 07:36:43 ----A---- C:\Windows\system32\msls31.dll
2013-12-04 07:36:43 ----A---- C:\Windows\system32\msfeedssync.exe
2013-12-04 07:36:43 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-12-04 07:36:43 ----A---- C:\Windows\system32\jsproxy.dll
2013-12-04 07:36:43 ----A---- C:\Windows\system32\jsIntl.dll
2013-12-04 07:36:43 ----A---- C:\Windows\system32\iertutil.dll
2013-12-04 07:36:43 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-12-04 07:36:43 ----A---- C:\Windows\system32\elshyph.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\wextract.exe
2013-12-04 07:36:42 ----A---- C:\Windows\system32\webcheck.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\vbscript.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\url.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\pngfilt.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\occache.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\mshtmlmedia.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\mshtmler.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\mshtmled.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\MshtmlDac.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\mshtml.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\mshta.exe
2013-12-04 07:36:42 ----A---- C:\Windows\system32\msfeeds.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\licmgr10.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\jscript9diag.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\jscript9.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\jscript.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\inseng.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\imgutil.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\iexpress.exe
2013-12-04 07:36:42 ----A---- C:\Windows\system32\ieUnatt.exe
2013-12-04 07:36:42 ----A---- C:\Windows\system32\ieui.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\iesysprep.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\iesetup.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\iernonce.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\iepeers.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\ieframe.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\ieetwproxystub.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\ieetwcollector.exe
2013-12-04 07:36:42 ----A---- C:\Windows\system32\iedkcs32.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\ieapfltr.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\ieapfltr.dat
2013-12-04 07:36:42 ----A---- C:\Windows\system32\ie4uinit.exe
2013-12-04 07:36:42 ----A---- C:\Windows\system32\icardie.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\dxtrans.dll
2013-12-04 07:36:42 ----A---- C:\Windows\system32\dxtmsft.dll
2013-11-17 17:28:41 ----HD---- C:\ProgramData\CanonIJMyPrinter
2013-11-17 12:00:56 ----HD---- C:\ProgramData\CanonIJSolutionMenu
2013-11-17 12:00:20 ----D---- C:\ProgramData\CanonIJPLM
2013-11-17 11:54:41 ----D---- C:\Program Files\Common Files\CANON
2013-11-17 11:52:26 ----D---- C:\Program Files\Canon
2013-11-17 11:46:41 ----D---- C:\Program Files (x86)\Canon
2013-11-14 08:21:32 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-11-14 08:21:32 ----A---- C:\Windows\system32\crypt32.dll
2013-11-14 08:21:25 ----A---- C:\Windows\system32\drivers\afd.sys
2013-11-14 08:21:23 ----A---- C:\Windows\SYSWOW64\SmartcardCredentialProvider.dll
2013-11-14 08:21:23 ----A---- C:\Windows\SYSWOW64\credui.dll
2013-11-14 08:21:23 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-11-14 08:21:23 ----A---- C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 08:21:23 ----A---- C:\Windows\system32\credui.dll
2013-11-14 08:21:23 ----A---- C:\Windows\system32\authui.dll
2013-11-14 08:21:16 ----A---- C:\Windows\SYSWOW64\schannel.dll
2013-11-14 08:21:16 ----A---- C:\Windows\system32\sspicli.dll
2013-11-14 08:21:16 ----A---- C:\Windows\system32\schannel.dll
2013-11-14 08:21:16 ----A---- C:\Windows\system32\lsasrv.dll
2013-11-14 08:21:16 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2013-11-14 08:21:16 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2013-11-14 08:21:16 ----A---- C:\Windows\system32\drivers\cng.sys
2013-11-14 08:21:15 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2013-11-14 08:21:15 ----A---- C:\Windows\SYSWOW64\secur32.dll
2013-11-14 08:21:15 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-11-14 08:21:15 ----A---- C:\Windows\system32\sspisrv.dll
2013-11-14 08:21:15 ----A---- C:\Windows\system32\secur32.dll
2013-11-14 08:21:15 ----A---- C:\Windows\system32\ncrypt.dll
2013-11-14 08:21:15 ----A---- C:\Windows\system32\lsass.exe
2013-11-14 08:21:12 ----A---- C:\Windows\SYSWOW64\gdi32.dll
2013-11-14 08:21:12 ----A---- C:\Windows\system32\gdi32.dll
2013-11-14 08:21:11 ----A---- C:\Windows\SYSWOW64\nshwfp.dll
2013-11-14 08:21:11 ----A---- C:\Windows\SYSWOW64\FWPUCLNT.DLL
2013-11-14 08:21:11 ----A---- C:\Windows\system32\nshwfp.dll
2013-11-14 08:21:11 ----A---- C:\Windows\system32\IKEEXT.DLL
2013-11-14 08:21:11 ----A---- C:\Windows\system32\FWPUCLNT.DLL

======List of files/folders modified in the last 1 month======

2013-12-11 20:51:50 ----RD---- C:\Program Files
2013-12-11 20:40:58 ----D---- C:\Windows\Temp
2013-12-11 20:40:44 ----D---- C:\Windows\system32\Tasks
2013-12-11 17:54:03 ----D---- C:\Windows\SysWOW64
2013-12-11 17:53:38 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-12-11 13:44:30 ----D---- C:\Windows\System32
2013-12-11 13:44:30 ----D---- C:\Windows\inf
2013-12-11 13:44:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-12-11 13:44:01 ----D---- C:\ProgramData\MFAData
2013-12-11 13:38:48 ----A---- C:\Windows\SYSWOW64\bscs.ini
2013-12-11 06:47:07 ----D---- C:\Windows\system32\config
2013-12-10 21:32:36 ----HD---- C:\ProgramData
2013-12-10 21:04:42 ----D---- C:\Users\Lída\AppData\Roaming\vlc
2013-12-10 16:45:29 ----D---- C:\ProgramData\AVG Secure Search
2013-12-10 16:45:28 ----D---- C:\Program Files (x86)\AVG Secure Search
2013-12-09 21:25:17 ----D---- C:\Windows\system32\catroot2
2013-12-08 20:47:59 ----A---- C:\Windows\SYSWOW64\LOCALDEVICE.INI
2013-12-08 18:41:07 ----A---- C:\Windows\SYSWOW64\LOCALSERVICE.INI
2013-12-08 17:02:10 ----A---- C:\Windows\SYSWOW64\REMOTEDEVICE.INI
2013-12-07 15:36:30 ----D---- C:\Windows\Prefetch
2013-12-06 22:34:55 ----D---- C:\Windows
2013-12-05 18:20:03 ----SHD---- C:\Windows\Installer
2013-12-05 18:15:08 ----RD---- C:\Program Files (x86)
2013-12-04 13:11:07 ----D---- C:\Windows\winsxs
2013-12-04 13:09:37 ----D---- C:\Program Files (x86)\Internet Explorer
2013-12-04 13:09:36 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-12-04 13:09:36 ----D---- C:\Program Files\Internet Explorer
2013-12-04 13:09:34 ----D---- C:\Windows\system32\cs-CZ
2013-12-04 13:09:20 ----D---- C:\Windows\SYSWOW64\migration
2013-12-04 13:09:20 ----D---- C:\Windows\SYSWOW64\en-US
2013-12-04 13:09:10 ----D---- C:\Windows\system32\migration
2013-12-04 13:09:10 ----D---- C:\Windows\PolicyDefinitions
2013-12-04 13:09:09 ----D---- C:\Windows\system32\en-US
2013-12-04 07:41:05 ----D---- C:\Windows\Logs
2013-12-04 07:40:37 ----D---- C:\Windows\system32\catroot
2013-12-04 07:35:04 ----SHD---- C:\System Volume Information
2013-11-25 10:26:24 ----SD---- C:\Users\Lída\AppData\Roaming\Microsoft
2013-11-20 17:54:43 ----D---- C:\Windows\rescache
2013-11-17 11:54:41 ----D---- C:\Program Files\Common Files
2013-11-15 06:34:43 ----D---- C:\Windows\system32\drivers
2013-11-14 20:59:24 ----D---- C:\Windows\system32\MRT
2013-11-14 20:59:21 ----A---- C:\Windows\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2012-02-01 31872]
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2013-09-02 192824]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2013-09-02 294712]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2013-08-20 123704]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2013-09-08 31544]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sgfxl;SMSC WDDM Graphics Loader Driver Service; C:\Windows\system32\drivers\sgfxl64.sys [2013-05-02 18168]
R1 Avgdiska;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiska.sys [2013-09-25 148792]
R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6a.sys [2013-09-26 57144]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2013-09-02 241464]
R1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2013-09-02 212280]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2013-08-01 251192]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2013-11-10 46368]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R3 amdhub30;AMD USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\amdhub30.sys [2012-11-29 107688]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-08 10832896]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-07-08 328192]
R3 amdxhc;AMD USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\amdxhc.sys [2012-11-29 228008]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service; C:\Windows\System32\Drivers\BtAudioBus.sys [2012-06-15 23136]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2011-07-18 25912]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2011-01-31 174168]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2012-08-24 1885792]
R3 rtbth;RTBTH Bluetooth Device Driver; C:\Windows\system32\DRIVERS\rtbth.sys [2012-10-02 692832]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys [2011-09-08 508520]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2012-11-28 1866080]
R4 sgfxk;SMSC WDDM Graphics Display Driver Service; C:\Windows\system32\drivers\sgfxk64.sys [2013-05-02 157432]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service; C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-07-19 56904]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-10-02 48608]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys [2011-07-06 367976]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\drivers\usbscan.sys [2013-07-03 42496]
S3 WinUsb;Sony so0101 ADB Interface; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-05 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-07-08 235520]
R2 APNMCP;Ask Update Service; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-11-06 166352]
R2 avgwd;AVG WatchDog; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-09-25 301152]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [2012-09-26 1612552]
R2 DisplayLinkService;DisplayLinkManager; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2013-05-09 8998800]
R2 DragonUpdater;COMODO Dragon Update Service; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-12-24 1868432]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2012-03-14 152992]
R2 hpHotkeyMonitor;hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-09-12 523680]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 SGFXMgr;SGFX Manager; C:\Program Files\SGFX\sgfxmgr.exe [2013-05-01 8481280]
R2 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 153440]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [2013-12-10 1771544]
R3 BsHelpCS;BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [2012-09-19 146184]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2012-09-06 1001376]
S2 avgfws;AVG Firewall; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2013-09-25 1358944]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-10-03 3538480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 116648]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-09 136120]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2013-12-04 111616]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-08-25 1255736]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 PdiService;Portrait Displays SDK Service; C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2012-03-09 117552]

-----------------EOF-----------------

a druhý LOG

info.txt logfile of random's system information tool 1.09 2013-12-11 20:52:22

======Uninstall list======

7-Zip 9.22beta-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -maintain activex
Adobe Reader XI (11.0.05) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
AMD Accelerated Video Transcoding-->MsiExec.exe /X{4089F2BF-BD8E-67A5-3F35-1DFC4AD23DC1}
AMD APP SDK Runtime-->MsiExec.exe /I{503F672D-6C84-448A-8F8F-4BC35AC83441}
AMD AVIVO64 Codecs-->MsiExec.exe /X{8490A635-B217-11AA-1387-C58F0A7BE225}
AMD Catalyst Install Manager-->msiexec /q/x{F478DE1E-A577-DC50-9F57-DEE15C964B51} REBOOT=ReallySuppress
AMD Media Foundation Decoders-->MsiExec.exe /X{31AEFA75-E594-E41F-8408-DF22ADFDC69E}
AMD Steady Video Plug-In -->MsiExec.exe /X{5E015E15-F7AD-3379-523F-AD63C0CB9E71}
AMD USB 3.0 Device Detector-->MsiExec.exe /I{458A1362-BCDA-4389-99DC-D23142BCA03C}
Ask Toolbar-->MsiExec.exe /X{41545534-2D56-3700-76A7-A758B70C0700}
aTube Catcher-->C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\uninstall.exe
AVG 2014-->"C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2014-->MsiExec.exe /I{DF1A8490-3CD2-4878-92BE-F746D7CCACC1}
AVG 2014-->MsiExec.exe /I{E0776C6D-B8A2-45AA-962A-9B0FFEFEAD14}
AVG Security Toolbar-->C:\Program Files (x86)\AVG Secure Search\UNINSTALL.exe /PROMPT /UNINSTALL
Canon Easy-WebPrint EX-->"C:\Program Files (x86)\Canon\Easy-WebPrint EX\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\Easy-WebPrint EX\uninst.ini
Canon Inkjet Printer/Scanner/Fax Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R
Canon MP Navigator EX 3.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 3.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 3.0\uninst.ini
Canon MP250 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series\DelDrv64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Utilities Solution Menu-->C:\Program Files (x86)\Canon\SolutionMenu\uninst.exe uninst.ini uinstrsc.dll
Catalyst Control Center - Branding-->MsiExec.exe /I{987DCE63-7BA5-4C18-A11A-8557729AE9F0}
Comodo Dragon-->"C:\Program Files (x86)\Comodo\Dragon\uninstall.exe"
Core Graphics Software-->MsiExec.exe /X{61768C93-76C2-4017-974F-9BE1D2BBD9A4}
DisplayLink Core Software-->MsiExec.exe /X{16A87CAA-7F4B-48BE-B0E1-CC76CF19E7E0}
Ekonomický systém DUEL 9.0.2.20903-->"C:\Program Files (x86)\Ježek software\DUEL\unins000.exe"
GoldWave v5.68-->"C:\Program Files (x86)\GoldWave\unstall.exe" "GoldWave v5.68" "C:\Program Files (x86)\GoldWave\unstall.log"
Google Earth Plug-in-->MsiExec.exe /X{79361740-EAE3-11E2-9911-B8AC6F98CCE3}
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HP Hotkey Support-->MsiExec.exe /X{C97CC14E-4789-4FC5-BC75-79191F7CE009}
HP Port Replicator Software Installer-->"C:\Program Files (x86)\InstallShield Installation Information\{6313BCDF-1109-4682-A19D-413189817787}\setup.exe" -runfromtemp -l0x0405 -removeonly
HP Port Replicator Software Installer-->"C:\Program Files (x86)\InstallShield Installation Information\{75BF632E-4761-4CF4-A368-E158B8A1BB1C}\setup.exe" -runfromtemp -l0x0405 -removeonly
HP Power Assistant-->MsiExec.exe /X{BBDDFD86-E8E5-42FA-85E4-373FAE1DC731}
HP System Default Settings-->MsiExec.exe /X{3A61A282-4F08-4D43-920C-DC30ECE528E8}
HP USB Docking Video-->MsiExec.exe /X{7A4413F7-A4BF-4AF3-95C4-4641337265D4}
K-Lite Mega Codec Pack 9.6.5-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /x64 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{790E02A1-145A-3843-8C13-A4F41C9B48B7}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B636C9B9-A3F2-4DCE-ADCC-72E095018385}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022-->MsiExec.exe /X{350AA351-21FA-3270-8B7A-835434E766AD}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
OpenOffice.org 3.4.1-->MsiExec.exe /I{1E0AF527-0B8E-4F8A-BA27-CB3C359998C6}
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Ralink Bluetooth Stack64-->MsiExec.exe /X{95DF815D-BE2D-9118-F549-39794C5869CF}
Ralink RT3290 802.11bgn Wi-Fi Adapter-->C:\Program Files (x86)\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek HDMI Audio Driver for ATI-->C:\Program Files\Realtek\Audio\HDA\RtkUpd64.exe -k -m -nrg2709
Registrace uživatele zařízení Canon MP250 series-->C:\Program Files (x86)\Canon\IJEREG\MP250 series\UNINST.EXE
SDK-->"C:\Program Files (x86)\InstallShield Installation Information\{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}\setup.exe" -runfromtemp -l0x0409
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {C8B8456C-6A12-3725-95A8-1C9FBE1E3141} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8E6848A1-B790-34FE-921A-A5319258E254} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E7F6B64E-E11F-3D1C-868D-3F1443DA5A15} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {08BB8EA1-3BA7-3AD5-8A07-22A5EC1F704E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {9D8496AE-4030-3E92-B44E-4F81051E6C85} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {43B6E5D3-56A9-36C1-BD8B-9E1D6920FF11} /parameterfolder Client
SMSC Core Graphics Software-->msiexec.exe /x {61768C93-76C2-4017-974F-9BE1D2BBD9A4}
SMSC LAN9500 Device Driver-->MsiExec.exe /X{6D4C157D-609C-4CF2-9676-ABA96AB641E3}
Total Commander 64-bit (Remove or Repair)-->C:\Program Files (x86)\Total Commander\tcunin64.exe
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {8C286FD4-AB38-37A6-BC8A-6F16AFE9AB1F} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {EFD73366-C059-3D04-9848-59072A15DB53} /parameterfolder Client
ViewSpan-->MsiExec.exe /X{33F3FCBA-4CC5-4A5B-A6DB-53478463D991}
Visual Studio 2010 x64 Redistributables-->MsiExec.exe /I{21B133D6-5979-47F0-BE1C-F6A6B304693F}
Visual Studio 2012 x64 Redistributables-->MsiExec.exe /I{8C775E70-A791-4DA8-BCC3-6AB7136F4484}
Visual Studio 2012 x86 Redistributables-->MsiExec.exe /I{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}
VLC media player 2.0.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WinRAR 4.20 (32-bit)-->C:\Program Files (x86)\WinRAR\uninstall.exe
WinZip Driver Updater-->"C:\Program Files (x86)\WinZip Driver Updater\unins000.exe" /silent

======System event log======

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Cryptographic Services byl změněn na: stopped
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714051424.262212-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Modules Installer byl změněn na: stopped
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714051424.168612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Software Protection byl změněn na: stopped
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714051424.059412-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Windows Event Log byl změněn na: stopped
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714051424.012612-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 7036
Message: Stav služby Volume Shadow Copy byl změněn na: stopped
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714051423.934612-000
Event Type: Informace
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 412
Message: Catalog Database (280) Catalog Database: Ze záhlaví souboru protokolu C:\Windows\system32\CatRoot2\edb.log nelze číst. Chyba -546
Record Number: 5
Source Name: ESENT
Time Written: 20130823081117.000000-000
Event Type: Chyba
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Windows Management Instrumentation Service subsystems initialized successfully
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20130823081116.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Windows Management Instrumentation Service started sucessfully
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20130823081111.000000-000
Event Type: Informace
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Služba Profil uživatele byla úspěšně spuštěna.


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20130823081105.244907-000
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Subsystém EventSystem zabraňuje vytváření duplicitních záznamů v protokolu událostí po dobu 86400 sekund. Tuto dobu lze změnit pomocí hodnoty REG_DWORD s názvem SuppressDuplicateDuration v následujícím klíči registru: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20130823081105.000000-000
Event Type: Informace
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4672
Message: Novému přihlášení byla přiřazena zvláštní oprávnění.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7

Oprávnění: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130823081045.386073-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-5-18
Název účtu: 37L4247E29-32$
Doména účtu: WORKGROUP
ID přihlášení: 0x3e7

Typ přihlášení: 5

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x1c0
Název procesu: C:\Windows\System32\services.exe

Informace o síti:
Název pracovní stanice:
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: Advapi
Balíček ověření: Negotiate
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130823081045.386073-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Tabulka zásad auditu pro jednotlivé uživatele byla vytvořena.

Počet prvků: 0
ID zásady: 0x30e56
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130823081036.291257-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Účet byl úspěšně přihlášen.

Předmět:
ID zabezpečení: S-1-0-0
Název účtu: -
Doména účtu: -
ID přihlášení: 0x0

Typ přihlášení: 0

Nové přihlášení:
ID zabezpečení: S-1-5-18
Název účtu: SYSTEM
Doména účtu: NT AUTHORITY
ID přihlášení: 0x3e7
GUID přihlášení: {00000000-0000-0000-0000-000000000000}

Informace o procesu:
ID procesu: 0x4
Název procesu:

Informace o síti:
Název pracovní stanice: -
Adresa zdrojové sítě -
Zdrojový port: -

Podrobné informace o ověření:
Proces přihlášení: -
Balíček ověření: -
Přenosové služby: -
Název balíčku (pouze NTLM): -
Délka klíče: 0

Tato událost je generována po vytvoření relace přihlášení. Je generována v počítači, ke kterému byl získán přístup.

Pole s předmětem označují účet v místním systému, který požadoval přihlášení. Jedná se nejčastěji o službu, například službu serveru nebo místní proces, například Winlogon.exe nebo Services.exe.

Pole Typ přihlášení označuje, k jakému typu přihlášení došlo. Nejběžnější typy jsou 2 (interaktivní) a 3 (síť).

Pole Nové přihlášení označují účet, pro který bylo nové přihlášení vytvořeno, tj. účet, který byl přihlášen.

Pole Síť označují původ požadavku na vzdálené přihlášení. Název pracovní stanice není vždy k dispozici a v některých případech může být toto pole prázdné.

Pole s informacemi o ověření poskytují podrobné informace o tomto konkrétním požadavku na přihlášení.
- GUID přihlášení je jednoznačný identifikátor, který je možné použít ke spojení této události s událostí KDC.
- Přenosové služby označují, které pomocné služby se podílely na tomto požadavku na přihlášení.
- Název balíčku označuje, který dílčí protokol z protokolů NTLM byl použit.
- Délka klíče označuje délku generovaného klíče relace. Tato hodnota bude 0, pokud nebyl požadován žádný klíč relace.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130823081033.873253-000
Event Type: Úspěšný audit
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Spouští se systém Windows.

Tato událost je zaznamenána při spuštění procesu LSASS.EXE a inicializaci kontrolního podsystému.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130823081033.795252-000
Event Type: Úspěšný audit
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=21
"PROCESSOR_IDENTIFIER"=AMD64 Family 21 Model 16 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=1001
"AMDAPPSDKROOT"=C:\Program Files (x86)\AMD APP\

-----------------EOF-----------------

Děkuji za kontrolu

[vyosek]

Zdravim

No heeeeeezky Cela zoo i s babkou pokladni

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[mishel]

Myslel jsem si, že je většina těch .exe souborů v Temp složce, ale nešla smazat.

Zde je LOG z rkill, jdu udělat ten combofix.

Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/11/2013 09:43:12 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\Lída\AppData\Local\Temp\googlesearch.exe (PID: 3952) [UP-HEUR]
* C:\Users\Lída\AppData\Roaming\explOrer.exe (PID: 3988) [SFI]
* C:\Users\Lída\AppData\Roaming\explOrer.exe (PID: 3988) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\opra.exe (PID: 4012) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\Intel.exe (PID: 4048) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\System32.exe (PID: 4080) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\microsoft.exe (PID: 628) [UP-HEUR]
* C:\Users\Lída\Systeme32.exe (PID: 3160) [UP-HEUR]
* C:\ProgramData\Windows Update.exe (PID: 3176) [AU-HEUR]
* C:\Users\Lída\AppData\Local\Temp\svchost.exe (PID: 3168) [SFI]
* C:\Users\Lída\AppData\Local\Temp\Systeme.exe (PID: 3228) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\cmd.exe (PID: 3132) [UP-HEUR]
* C:\ProgramData\Svhost.exe (PID: 3296) [AU-HEUR]
* C:\Users\Lída\AppData\Local\Temp\file.exe (PID: 3084) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\exploler.exe (PID: 3420) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\chromedf.exe (PID: 3612) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\hell.exe (PID: 3716) [UP-HEUR]
* C:\Users\Lída\AppData\Roaming\systems.exe (PID: 1384) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\google.exe (PID: 1192) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\dllhost.exe (PID: 3356) [SFI]
* C:\Users\Lída\AppData\Local\Temp\dllhost.exe (PID: 3356) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\Explorer.exe (PID: 4256) [SFI]
* C:\Users\Lída\AppData\Local\Temp\Explorer.exe (PID: 4256) [UP-HEUR]
* C:\Users\Lída\AppData\Roaming\Windows\Windows Update.exe (PID: 4272) [UP-HEUR]
* C:\Users\Lída\AppData\Local\Temp\windows.exe (PID: 4288) [UP-HEUR]
* C:\Users\Lída\chrome.exe (PID: 4344) [FI]
* C:\Users\Lída\chrome.exe (PID: 4344) [UP-HEUR]
* C:\ProgramData\System32.exe (PID: 4356) [AU-HEUR]
* C:\Users\Lída\AppData\Roaming\svchost.exe (PID: 6760) [SFI]
* C:\Users\Lída\AppData\Roaming\svchost.exe (PID: 6760) [UP-HEUR]
* C:\Users\LDA~1\AppData\Local\Temp\k4jlout935.exe (PID: 7032) [SUP-HEUR]

31 proccesses terminated!

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\Lída\Desktop\rkill\rkill-12-11-2013-09-43-24.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/11/2013 09:45:34 PM
Execution time: 0 hours(s), 2 minute(s), and 21 seconds(s)

[vyosek]

Ty se jen tak nevzdaji, uvidime jak se nam to podari zlikvidovat, bude to fuska

Pockam si na ComboFix...

[mishel]

Po 40 minutách skončil combo fix, tady je LOG, předtím byl špatný.

ComboFix 13-12-10.01 - Lída 11.12.2013 21:57:03.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3532.1984 [GMT 1:00]
Spuštěný z: c:\users\LÝda\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinZip Driver Updater
c:\program files (x86)\WinZip Driver Updater\Danish_rcp.ini
c:\program files (x86)\WinZip Driver Updater\difxapi.dll
c:\program files (x86)\WinZip Driver Updater\difxapi64.dll
c:\program files (x86)\WinZip Driver Updater\Dutch_rcp.ini
c:\program files (x86)\WinZip Driver Updater\eng_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Finnish_rcp_fi.ini
c:\program files (x86)\WinZip Driver Updater\French_rcp.ini
c:\program files (x86)\WinZip Driver Updater\German_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Chinese_rcp.ini
c:\program files (x86)\WinZip Driver Updater\install_left.bmp
c:\program files (x86)\WinZip Driver Updater\isxdl.dll
c:\program files (x86)\WinZip Driver Updater\Italian_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Japanese_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Norwegian_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Portuguese_rcp.ini
c:\program files (x86)\WinZip Driver Updater\russian_rcp_ru.ini
c:\program files (x86)\WinZip Driver Updater\Spanish_rcp.ini
c:\program files (x86)\WinZip Driver Updater\Swedish_rcp.ini
c:\program files (x86)\WinZip Driver Updater\unins000.dat
c:\program files (x86)\WinZip Driver Updater\unins000.exe
c:\program files (x86)\WinZip Driver Updater\unins000.msg
c:\program files (x86)\WinZip Driver Updater\unrar.dll
c:\program files (x86)\WinZip Driver Updater\updater\amd64Helper\difxapi.dll
c:\program files (x86)\WinZip Driver Updater\updater\amd64Helper\DriverUpdateHelper64.exe
c:\program files (x86)\WinZip Driver Updater\updater\amd64Helper\DriverUpdateHelper64.manifest
c:\program files (x86)\WinZip Driver Updater\updater\extract\7z.dll
c:\program files (x86)\WinZip Driver Updater\updater\extract\7z.exe
c:\program files (x86)\WinZip Driver Updater\updater\extract\copying.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\History.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\license.txt
c:\program files (x86)\WinZip Driver Updater\updater\extract\readme.txt
c:\program files (x86)\WinZip Driver Updater\WDUUninstall.exe
c:\program files (x86)\WinZip Driver Updater\winzipdu.exe
c:\programdata\Svhost.exe
c:\programdata\svhost.exe.tmp
c:\programdata\System32.exe
c:\programdata\System32.exe.tmp
c:\programdata\Windows update.exe
c:\programdata\Windows Update.exe.tmp
c:\users\Lída\AppData\Roaming\dwmn.exe
c:\users\Lída\AppData\Roaming\explOrer.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\072c160efd85a5017cdd3e99d0fef4a1.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1052b8e9071d5b658c32c84c463014f5.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1187119_514198282007389_1631940587_nfd.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\29b5f06a07f9316eb1878742ab018f7c.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2a4ad2d0f2f1593b8cb854c8b1ec9865.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\32a790c25e2a4b645e827300e906d14b.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\3c2d058b78e0e80fe15a514f5ef9ead3.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\45ca55fc1756e880072f0dde4455397b.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\534d634341a0c547a5de4038c15e5d22.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5cd8f17f4086744065eb0992a09e05a2.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\60c9176a075b1be41f8216a66439d29e.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\78f45ff47c4eda4648e179b89466e742.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\85ce27c90f0ba2b98ceb888e2ca7acde.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\a0176c5b53163cc2683bce2fd21f05c3.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b7a6b3f1a13aae96b96b0c63d16d969c.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9ec89289dab6df6e14b63f432ba8b83.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bc15d6c16aeea623a7c71f20d325b17c.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bd4419b843c4263758d992346c730388.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d709f34a2bc48c2ecfacf26803c2c376.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e077c0756ac151f556d69ca70fe1c794.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\e762428b721a1de0e50cb93c91ca629c.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ed6e2bf930f6d35b3ac57c049d10ac2c.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\imtZMIjKhZGECsY6UTdiUlJHXTPIpa.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MKBHnoD29n6gen7W6zTxtZ8Jygh9.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NguBzSyCwakSCnbRGTrZsl4LG8R.exe
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZRPaFQCKz95ZWs8sHxUSZ69Hbcd.exe
c:\users\Lída\AppData\Roaming\svchost.exe
c:\users\Lída\AppData\Roaming\svshot.exe
c:\users\Lída\AppData\Roaming\systems.exe
c:\users\Lída\AppData\Roaming\trojan.exe
c:\users\Lída\chrome.exe
c:\users\Lída\Server.exe
c:\users\Lída\Systeme32.exe
c:\users\Lída\trojan.exe
c:\windows\Tasks\WinZipDriverUpdater_UPDATES.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-11-11 do 2013-12-11 )))))))))))))))))))))))))))))))
.
.
2013-12-11 21:33 . 2013-12-11 21:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-11 19:51 . 2013-12-11 19:52 -------- d-----w- C:\rsit
2013-12-11 19:51 . 2013-12-11 19:52 -------- d-----w- c:\program files\trend micro
2013-12-11 17:51 . 2013-12-11 17:51 69632 ----a-w-pj.Scr c:\users\LDA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MARAMG~1.SCR
2013-12-11 15:17 . 2013-12-11 20:43 1196 ----a-w- c:\users\Lída\AppData\Roaming\svchost.exe.tmp
2013-12-10 20:25 . 2013-12-11 20:43 1796 ----a-w- c:\users\Lída\chrome.exe.tmp
2013-12-10 19:47 . 2013-12-10 19:47 -------- d-----w- c:\users\Lída\AppData\Local\IsolatedStorage
2013-12-10 18:33 . 2013-12-10 18:33 -------- d-----w- c:\users\Lída\AppData\Roaming\Windows
2013-12-09 19:04 . 2013-12-11 14:04 3098 ----a-w- c:\users\Lída\AppData\Roaming\dwmn.exe.tmp
2013-12-09 18:05 . 2013-12-11 20:43 4671 ----a-w- c:\users\Lída\AppData\Roaming\systems.exe.tmp
2013-12-09 18:03 . 2013-12-09 18:03 11513 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiksvkhxzu..vbs
2013-12-09 18:03 . 2013-12-09 18:03 11513 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmmnetrkjq..vbs
2013-12-09 18:01 . 2013-12-09 19:53 243 ----a-w- c:\users\Lída\AppData\Roaming\chrome.exe.tmp
2013-12-09 16:18 . 2013-12-11 20:30 5481 ----a-w- c:\users\Lída\trojan.exe.tmp
2013-12-08 20:06 . 2013-12-08 20:06 11513 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gyimttbobx..vbs
2013-12-08 15:34 . 2013-12-08 15:43 -------- d-----w- c:\users\Lída\AppData\Local\Microsoft Games
2013-12-07 16:45 . 2013-12-11 20:43 7748 ----a-w- c:\users\Lída\Systeme32.exe.tmp
2013-12-07 14:56 . 2013-12-07 14:56 110592 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Run.exe
2013-12-07 14:47 . 2013-12-07 14:56 110592 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2320633bbd5b9c41d628d6d2b760a34d.exe
2013-12-07 14:36 . 2013-12-08 08:11 940 ----a-w- c:\users\Lída\AppData\Roaming\svshot.exe.tmp
2013-12-07 10:36 . 2013-12-11 20:35 8781 ----a-w- c:\users\Lída\Server.sys
2013-12-07 10:36 . 2013-12-07 10:36 61440 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe
2013-12-07 10:17 . 2013-12-11 20:43 10933 ----a-w- c:\users\Lída\AppData\Roaming\explOrer.exe.tmp
2013-12-06 19:22 . 2013-12-11 20:30 14603 ----a-w- c:\users\Lída\AppData\Roaming\trojan.exe.tmp
2013-12-04 06:41 . 2013-10-14 17:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-11-28 15:18 . 2013-11-28 15:18 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2013-11-28 15:18 . 2013-11-28 15:18 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-11-25 09:28 . 2013-12-03 14:45 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2013-11-25 09:28 . 2013-12-03 14:45 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-11-17 16:28 . 2013-11-17 16:28 -------- d--h--w- c:\programdata\CanonIJMyPrinter
2013-11-17 11:00 . 2013-11-17 11:00 -------- d--h--w- c:\programdata\CanonIJSolutionMenu
2013-11-17 11:00 . 2013-12-04 12:11 -------- d-----w- c:\programdata\CanonIJPLM
2013-11-17 10:54 . 2013-11-17 10:54 -------- d-----w- c:\program files\Common Files\CANON
2013-11-17 10:52 . 2013-11-17 10:52 -------- d-----w- c:\program files\Canon
2013-11-17 10:46 . 2013-11-17 11:00 -------- d-----w- c:\program files (x86)\Canon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 20:43 . 2013-12-11 15:17 1196 ----a-w- c:\users\Lída\AppData\Roaming\svchost.exe.tmp
2013-12-11 20:43 . 2013-12-11 15:17 1196 ----a-w- c:\users\Lída\AppData\Roaming\svchost.exe.tmp
2013-12-11 20:43 . 2013-12-10 20:25 1796 ----a-w- c:\users\Lída\chrome.exe.tmp
2013-12-11 20:43 . 2013-12-10 20:25 1796 ----a-w- c:\users\Lída\chrome.exe.tmp
2013-12-11 20:43 . 2013-12-07 16:45 7748 ----a-w- c:\users\Lída\Systeme32.exe.tmp
2013-12-11 20:43 . 2013-12-07 16:45 7748 ----a-w- c:\users\Lída\Systeme32.exe.tmp
2013-12-11 20:43 . 2013-12-09 18:05 4671 ----a-w- c:\users\Lída\AppData\Roaming\systems.exe.tmp
2013-12-11 20:43 . 2013-12-09 18:05 4671 ----a-w- c:\users\Lída\AppData\Roaming\systems.exe.tmp
2013-12-11 20:43 . 2013-12-07 10:17 10933 ----a-w- c:\users\Lída\AppData\Roaming\explOrer.exe.tmp
2013-12-11 20:43 . 2013-12-07 10:17 10933 ----a-w- c:\users\Lída\AppData\Roaming\explOrer.exe.tmp
2013-12-11 20:35 . 2013-12-07 10:36 8781 ----a-w- c:\users\Lída\Server.sys
2013-12-11 20:35 . 2013-12-07 10:36 8781 ----a-w- c:\users\Lída\Server.sys
2013-12-11 20:30 . 2013-12-09 16:18 5481 ----a-w- c:\users\Lída\trojan.exe.tmp
2013-12-11 20:30 . 2013-12-09 16:18 5481 ----a-w- c:\users\Lída\trojan.exe.tmp
2013-12-11 20:30 . 2013-12-06 19:22 14603 ----a-w- c:\users\Lída\AppData\Roaming\trojan.exe.tmp
2013-12-11 20:30 . 2013-12-06 19:22 14603 ----a-w- c:\users\Lída\AppData\Roaming\trojan.exe.tmp
2013-12-11 16:53 . 2013-08-23 09:33 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 16:53 . 2013-08-23 09:33 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 14:04 . 2013-12-09 19:04 3098 ----a-w- c:\users\Lída\AppData\Roaming\dwmn.exe.tmp
2013-12-11 14:04 . 2013-12-09 19:04 3098 ----a-w- c:\users\Lída\AppData\Roaming\dwmn.exe.tmp
2013-12-09 19:53 . 2013-12-09 18:01 243 ----a-w- c:\users\Lída\AppData\Roaming\chrome.exe.tmp
2013-12-09 19:53 . 2013-12-09 18:01 243 ----a-w- c:\users\Lída\AppData\Roaming\chrome.exe.tmp
2013-12-08 08:11 . 2013-12-07 14:36 940 ----a-w- c:\users\Lída\AppData\Roaming\svshot.exe.tmp
2013-12-08 08:11 . 2013-12-07 14:36 940 ----a-w- c:\users\Lída\AppData\Roaming\svshot.exe.tmp
2013-12-07 14:56 . 2013-12-07 14:56 110592 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Run.exe
2013-12-07 14:56 . 2013-12-07 14:56 110592 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Run.exe
2013-12-07 14:56 . 2013-12-07 14:47 110592 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2320633bbd5b9c41d628d6d2b760a34d.exe
2013-12-07 14:56 . 2013-12-07 14:47 110592 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2320633bbd5b9c41d628d6d2b760a34d.exe
2013-12-07 10:36 . 2013-12-07 10:36 61440 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe
2013-12-07 10:36 . 2013-12-07 10:36 61440 ----a-w- c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe
2013-11-14 19:59 . 2013-08-25 21:02 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-10 20:11 . 2013-08-23 10:54 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-09-26 07:44 . 2012-09-04 08:39 57144 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys
2013-09-25 19:07 . 2013-09-25 19:07 148792 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2013-09-25 02:22 . 2013-11-14 07:21 340992 ----a-w- c:\windows\system32\schannel.dll
2013-09-25 01:57 . 2013-11-14 07:21 247808 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{D8278076-BC68-4484-9233-6E7F1628B56C}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll" [2013-11-06 129488]
.
[HKEY_CLASSES_ROOT\clsid\{d8278076-bc68-4484-9233-6e7f1628b56c}]
[HKEY_CLASSES_ROOT\TypeLib\{7C4EE486-5EA5-4683-8C23-BF520933BB5E}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41545534-2D56-3700-76A7-7A786E7484D7}]
2013-11-06 01:24 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-12-10 15:45 3333144 ----a-w- c:\program files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll" [2013-12-10 3333144]
"{41545534-2D56-3700-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll" [2013-11-06 12240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{41545534-2d56-3700-76a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"icq"="c:\users\Lída\AppData\Roaming\ICQM\icq.exe" [2013-08-25 27598184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-08 630952]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 371976]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2013-10-07 4908592]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-12-10 2471448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SgfxConfig"="c:\program files\SGFX\sgfxconfig.exe" [2013-05-01 2233592]
"QLBController"="c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe" [2012-09-12 334240]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-11-06 1707472]
"VNT"="c:\program files (x86)\VNT\vntldr.exe" [2013-11-06 202192]
.
c:\users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
2320633bbd5b9c41d628d6d2b760a34d.exe [2013-12-7 110592]
gyimttbobx..vbs [2013-12-8 11513]
hmmnetrkjq..vbs [2013-12-9 11513]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2014\avgfws.exe;c:\program files (x86)\AVG\AVG2014\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\system32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\system32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 sgfxl;SMSC WDDM Graphics Loader Driver Service;c:\windows\system32\drivers\sgfxl64.sys;c:\windows\SYSNATIVE\drivers\sgfxl64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 hpHotkeyMonitor;hpHotkeyMonitor;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe;c:\program files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [x]
S2 SGFXMgr;SGFX Manager;c:\program files\SGFX\sgfxmgr.exe;c:\program files\SGFX\sgfxmgr.exe [x]
S2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\system32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\system32\DRIVERS\rtbth.sys;c:\windows\SYSNATIVE\DRIVERS\rtbth.sys [x]
S4 sgfxk;SMSC WDDM Graphics Display Driver Service;c:\windows\system32\drivers\sgfxk64.sys;c:\windows\SYSNATIVE\drivers\sgfxk64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 08:06 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-23 16:54]
.
2013-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 09:14]
.
2013-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-23 09:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{41545534-2D56-3700-76A7-7A786E7484D7}]
2013-11-06 01:24 13776 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{41545534-2D56-3700-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport_x64.dll" [2013-11-06 13776]
.
[HKEY_CLASSES_ROOT\CLSID\{41545534-2D56-3700-76A7-7A786E7484D7}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 97280]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2012-03-14 15232]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.search.ask.com/?p2=%5EB1V%5Epfm062% ... 08-29&psv=
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1 192.168.41.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-9d40b6eb9ca0a7f1a306069df9bc9136 - c:\users\Lída\AppData\Roaming\trojan.exe
Wow6432Node-HKCU-Run-48a0efff37a904b63b749f320dc9c55c - c:\users\Lída\AppData\Roaming\explOrer.exe
Wow6432Node-HKCU-Run-a0176c5b53163cc2683bce2fd21f05c3 - c:\users\Lída\Systeme32.exe
Wow6432Node-HKCU-Run-bc15d6c16aeea623a7c71f20d325b17c - c:\programdata\Windows Update.exe
Wow6432Node-HKCU-Run-3c2d058b78e0e80fe15a514f5ef9ead3 - c:\programdata\Svhost.exe
Wow6432Node-HKCU-Run-b50051819533f2d1347931376cb9458e - c:\users\Lída\trojan.exe
Wow6432Node-HKCU-Run-534d634341a0c547a5de4038c15e5d22 - c:\users\Lída\AppData\Roaming\systems.exe
Wow6432Node-HKCU-Run-072c160efd85a5017cdd3e99d0fef4a1 - c:\users\Lída\AppData\Roaming\dwmn.exe
Wow6432Node-HKCU-Run-d709f34a2bc48c2ecfacf26803c2c376 - c:\users\Lída\chrome.exe
Wow6432Node-HKCU-Run-e762428b721a1de0e50cb93c91ca629c - c:\programdata\System32.exe
Wow6432Node-HKCU-Run-23556fb1360f366337f97c924e76ead3 - c:\users\Lída\AppData\Roaming\svchost.exe
Wow6432Node-HKCU-Run-HMMNET~1 - c:\users\LDA~1\AppData\Local\Temp\HMMNET~1.VBS
Wow6432Node-HKCU-Run-xiksvkhxzu - c:\users\LDA~1\AppData\Local\Temp\xiksvkhxzu..vbs
Wow6432Node-HKCU-Run-GYIMTT~1 - c:\users\LDA~1\AppData\Local\Temp\GYIMTT~1.VBS
Wow6432Node-HKCU-Run-gyimttbobx - c:\users\LDA~1\AppData\Local\Temp\gyimttbobx..vbs
Wow6432Node-HKCU-Run-hmmnetrkjq - c:\users\LDA~1\AppData\Local\Temp\hmmnetrkjq..vbs
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1 - c:\program files (x86)\WinZip Driver Updater\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-12-11 22:39:02
ComboFix-quarantined-files.txt 2013-12-11 21:39
.
Před spuštěním: Volných bajtů: 277 821 214 720
Po spuštění: Volných bajtů: 278 532 026 368
.
- - End Of File - - 5CF59434DFB386A8E48FE409A80D3972
A36C5E4F47E84449FF07ED3517B43A31

[vyosek]

Trochu nam pomohl, ale zadna slava Pujdem tedy rucni cestou, bohuzel pres CF toho moc uz nezmuzem, jelikoz havet je umistena v blbe miste - cesta k ni obsahuje uzivatelske jmeno s diakritikou a tou CF moc nekamaradi

Stahnete FRST 64-bit version z teto stranky http://www.bleepingcomputer.com/downloa ... scan-tool/

Spuštění FRST

• Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na [Ano].
• Dooznačíme položku Addition.txt - viz obrázek.
  
• Klikneme na tlačítko [Scan], čímž spustíme skenování.
• Počkáme na dokončení skenování FRST
• Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
• Na ploše nám zbyde utilita FRST a dva logy - FRST.txt a Addition.txt - nic z toho zatím nemažeme!

[vyosek]

Bylo by dobre mit ted PC odpojeny od internetu

Pokracovani rano

[mishel]

Tady je LOG

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2013
Ran by Lída (administrator) on HP4545S on 11-12-2013 22:46:59
Running from C:\Users\Lída\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
() C:\Program Files\SGFX\SgfxConfig.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NUSB3MON] - C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2184520 2009-03-23] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-03-17] (CANON INC.)
HKCU\...\Run: [icq] - C:\Users\Lída\AppData\Roaming\ICQM\icq.exe [27598184 2013-08-25] (ICQ)
HKCU\...\Run: [xiksvkhxzu] - "C:\Users\LDA~1\AppData\Local\Temp\xiksvkhxzu..vbs" <===== ATTENTION
HKCU\...\Run: [HMMNET~1] - "C:\Users\LDA~1\AppData\Local\Temp\HMMNET~1.VBS" <===== ATTENTION
HKCU\...\Run: [GYIMTT~1] - "C:\Users\LDA~1\AppData\Local\Temp\GYIMTT~1.VBS" <===== ATTENTION
HKCU\...\Run: [gyimttbobx] - "C:\Users\LDA~1\AppData\Local\Temp\gyimttbobx..vbs" <===== ATTENTION
HKCU\...\Run: [hmmnetrkjq] - "C:\Users\LDA~1\AppData\Local\Temp\hmmnetrkjq..vbs" <===== ATTENTION
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630952 2012-07-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2471448 2013-12-10] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SgfxConfig] - C:\Program Files\SGFX\SgfxConfig.exe [2233592 2013-05-01] ()
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1707472 2013-11-06] (APN)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-11-06] (APN LLC.)
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2320633bbd5b9c41d628d6d2b760a34d.exe (Windows run)
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gyimttbobx..vbs ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmmnetrkjq..vbs ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\maram‮gpj.Scr ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\saa.exe ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server1.exe ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqlmap.rar ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Run.exe (Windows run)
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiksvkhxzu..vbs ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?p2=%5EB1V%5E ... 08-29&psv=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={5E00 ... 2013-09-25 19:16:32&v=17.0.0.9&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport_x64.dll (APN LLC.)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll (APN LLC.)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll (APN LLC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll (AVG Secure Search)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.41.1

Chrome:
=======
CHR HomePage: hxxp://www.search.ask.com/?p2=%5EB1V%5Epfm062% ... 08-29&psv=
CHR RestoreOnStartup: "hxxp://google.cz/"
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultSearchURL: http://www.search.ask.com/web?p2=%5EB1V ... earchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Ask Toolbar) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajfocmnnhjaajccaelhippajhaeod\21.52309_0
CHR Extension: (Google Docs) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AVG Secure Search) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [aaaajfocmnnhjaajccaelhippajhaeod] - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx

==================== Services (Whitelisted) =================

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-06] (APN LLC.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8998800 2013-05-09] (DisplayLink Corp.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [8481280 2013-05-01] (SMSC)
R2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-10] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [157432 2013-05-02] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [18168 2013-05-02] (SMSC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-11 22:46 - 2013-12-11 22:47 - 00017851 _____ C:\Users\Lída\Downloads\FRST.txt
2013-12-11 22:46 - 2013-12-11 22:46 - 00000000 ____D C:\FRST
2013-12-11 22:45 - 2013-12-11 22:45 - 01926944 _____ (Farbar) C:\Users\Lída\Downloads\FRST64.exe
2013-12-11 22:45 - 2013-12-11 22:45 - 01926944 _____ (Farbar) C:\Users\Lída\Downloads\FRST64 (1).exe
2013-12-11 22:39 - 2013-12-11 22:39 - 00032916 _____ C:\ComboFix.txt
2013-12-11 22:22 - 2013-12-11 22:22 - 00589070 _____ C:\Users\Lída\Desktop\2.rar
2013-12-11 22:20 - 2013-12-11 22:20 - 03531054 _____ C:\Users\Lída\Desktop\1.rar
2013-12-11 21:52 - 2013-12-11 22:39 - 00000000 ____D C:\Qoobox
2013-12-11 21:52 - 2013-12-11 22:37 - 00000000 ____D C:\Windows\erdnt
2013-12-11 21:52 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-11 21:52 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-11 21:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-11 21:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-11 21:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-11 21:52 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-11 21:52 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-11 21:52 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-11 21:43 - 2013-12-11 21:45 - 00006718 _____ C:\Users\Lída\Desktop\Rkill.txt
2013-12-11 21:43 - 2013-12-11 21:43 - 00000000 ____D C:\Users\Lída\Desktop\rkill
2013-12-11 21:39 - 2013-12-11 21:41 - 05153140 ____R (Swearware) C:\Users\Lída\Desktop\ComboFix.exe
2013-12-11 21:39 - 2013-12-11 21:40 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lída\Desktop\WiNlOgOn.exe
2013-12-11 21:38 - 2013-12-11 21:39 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lída\Desktop\rkill.com
2013-12-11 21:24 - 2013-12-11 21:41 - 00014848 ___SH C:\Users\Lída\AppData\Thumbs.db
2013-12-11 20:51 - 2013-12-11 20:52 - 00000000 ____D C:\rsit
2013-12-11 20:51 - 2013-12-11 20:52 - 00000000 ____D C:\Program Files\trend micro
2013-12-11 20:51 - 2013-12-11 20:51 - 00935175 _____ C:\Users\Lída\Downloads\RSITx64.exe
2013-12-11 18:45 - 2013-12-11 18:45 - 00042792 _____ C:\Users\Lída\AppData\LocalhefrntJlww.exe
2013-12-11 16:37 - 2013-12-11 16:37 - 00029696 _____ C:\Users\Lída\AppData\LocalwIiztYWbuJ.exe
2013-12-11 16:17 - 2013-12-11 21:43 - 00001196 _____ C:\Users\Lída\AppData\Roaming\svchost.exe.tmp
2013-12-11 15:02 - 2013-12-11 14:55 - 00026072 _____ C:\Users\Lída\Documents\Přednáška%206.pptx_1.odp
2013-12-11 14:19 - 2013-12-11 14:19 - 00082822 _____ C:\Users\Lída\Downloads\Přednáška 9.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00079081 _____ C:\Users\Lída\Downloads\Přednáška 10.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00073014 _____ C:\Users\Lída\Downloads\Přednáška 8.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00072203 _____ C:\Users\Lída\Downloads\Přednáška 11.pptx
2013-12-11 14:18 - 2013-12-11 14:18 - 00104049 _____ C:\Users\Lída\Downloads\Přednáška 6.pptx
2013-12-11 14:18 - 2013-12-11 14:18 - 00077121 _____ C:\Users\Lída\Downloads\Přednáška 7.pptx
2013-12-10 21:25 - 2013-12-11 21:43 - 00001796 _____ C:\Users\Lída\chrome.exe.tmp
2013-12-10 20:47 - 2013-12-10 20:47 - 00000000 ____D C:\Users\Lída\AppData\Local\IsolatedStorage
2013-12-10 19:33 - 2013-12-10 19:33 - 00000000 ____D C:\Users\Lída\AppData\Roaming\Windows
2013-12-09 21:03 - 2013-12-09 21:03 - 04436952 _____ (AVG Technologies) C:\Users\Lída\Downloads\avg_isct_stb_all_2014_4259.exe
2013-12-09 20:04 - 2013-12-11 15:04 - 00003098 _____ C:\Users\Lída\AppData\Roaming\dwmn.exe.tmp
2013-12-09 19:05 - 2013-12-11 21:43 - 00004671 _____ C:\Users\Lída\AppData\Roaming\systems.exe.tmp
2013-12-09 19:01 - 2013-12-09 20:53 - 00000243 _____ C:\Users\Lída\AppData\Roaming\chrome.exe.tmp
2013-12-09 17:18 - 2013-12-11 21:30 - 00005481 _____ C:\Users\Lída\trojan.exe.tmp
2013-12-09 17:07 - 2013-12-09 18:09 - 00164352 _____ C:\Users\Lída\Downloads\přednáška4.ppt
2013-12-09 17:07 - 2013-12-09 17:18 - 00284672 _____ C:\Users\Lída\Downloads\přednáška3.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00188928 _____ C:\Users\Lída\Downloads\Přednáška2.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00139264 _____ C:\Users\Lída\Downloads\přednáška1.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00051394 _____ C:\Users\Lída\Downloads\Přednáška 5.pptx
2013-12-08 16:34 - 2013-12-08 16:43 - 00000000 ____D C:\Users\Lída\AppData\Local\Microsoft Games
2013-12-07 17:45 - 2013-12-11 21:43 - 00007748 _____ C:\Users\Lída\Systeme32.exe.tmp
2013-12-07 15:36 - 2013-12-08 09:11 - 00000940 _____ C:\Users\Lída\AppData\Roaming\svshot.exe.tmp
2013-12-07 11:36 - 2013-12-11 21:35 - 00008781 _____ C:\Users\Lída\Server.sys
2013-12-07 11:17 - 2013-12-11 21:43 - 00010933 _____ C:\Users\Lída\AppData\Roaming\explOrer.exe.tmp
2013-12-06 22:34 - 2013-12-06 22:35 - 00275384 _____ C:\Windows\Minidump\120613-46909-01.dmp
2013-12-06 22:34 - 2013-12-06 22:34 - 469349430 _____ C:\Windows\MEMORY.DMP
2013-12-06 22:34 - 2013-12-06 22:34 - 00000000 ____D C:\Windows\Minidump
2013-12-06 20:22 - 2013-12-11 21:30 - 00014603 _____ C:\Users\Lída\AppData\Roaming\trojan.exe.tmp
2013-12-06 17:57 - 2013-12-08 16:20 - 00009846 _____ C:\Users\Lída\Desktop\Botanic.ods
2013-12-06 16:26 - 2013-12-06 20:37 - 00011411 _____ C:\Users\Lída\Downloads\.tmp
2013-12-06 16:26 - 2013-12-06 16:26 - 00054784 _____ (pmW9xYj1vtJ) C:\Users\Lída\Downloads\AVG-AntiVirus-Free.exe
2013-12-05 09:59 - 2013-12-05 09:59 - 00115200 _____ C:\Users\Lída\Downloads\obchodni-korporace-2101 (1).ppt
2013-12-04 07:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-04 07:36 - 2013-12-04 07:36 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-04 07:36 - 2013-12-04 07:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-04 07:36 - 2013-12-04 07:36 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-04 07:36 - 2013-12-04 07:36 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-04 07:36 - 2013-12-04 07:36 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-04 07:36 - 2013-12-04 07:36 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-04 07:36 - 2013-12-04 07:36 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-04 07:36 - 2013-12-04 07:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-04 07:36 - 2013-12-04 07:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-04 07:36 - 2013-12-04 07:36 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-04 07:36 - 2013-12-04 07:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-04 07:35 - 2013-12-04 07:41 - 00009961 _____ C:\Windows\IE11_main.log
2013-12-02 16:24 - 2013-12-02 16:37 - 00295424 _____ C:\Users\Lída\Downloads\obchodni-korporace-2101.ppt
2013-11-27 17:11 - 2013-11-27 17:12 - 03393763 _____ C:\Users\Lída\Downloads\fwbankovnictvvpoty2 (1).zip
2013-11-25 11:37 - 2013-11-25 16:45 - 00128512 _____ C:\Users\Lída\Downloads\PO-dle-obcan-zak-2094.ppt
2013-11-23 00:18 - 2013-11-23 19:30 - 00012909 _____ C:\Users\Lída\Documents\.....odt
2013-11-20 14:24 - 2013-11-20 14:24 - 00000000 ____D C:\Users\Lída\Desktop\Tiskárna
2013-11-17 17:28 - 2013-11-17 17:28 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-11-17 12:00 - 2013-12-04 13:11 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-17 12:00 - 2013-11-17 12:00 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenu
2013-11-17 11:54 - 2013-11-17 11:54 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-11-17 11:52 - 2013-11-17 11:52 - 00002354 _____ C:\Users\Public\Desktop\Canon MP250 series Příručka online.lnk
2013-11-17 11:52 - 2013-11-17 11:52 - 00000000 ____D C:\Program Files\Canon
2013-11-17 11:46 - 2013-11-17 12:00 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-16 20:32 - 2013-11-16 21:30 - 00408576 _____ C:\Users\Lída\Downloads\Podnikani-ll-2058.ppt
2013-11-14 08:21 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 08:21 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 08:21 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 08:21 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 08:21 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 08:21 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 08:21 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 08:21 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 08:21 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 08:21 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 08:21 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 08:21 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 08:21 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 08:21 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 08:21 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 08:21 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 08:21 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 08:21 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 08:21 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 08:21 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 08:21 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 08:21 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 08:21 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 08:21 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 08:21 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 08:21 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 08:21 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 08:21 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 08:21 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 08:21 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-11 22:47 - 2013-12-11 22:46 - 00017851 _____ C:\Users\Lída\Downloads\FRST.txt
2013-12-11 22:46 - 2013-12-11 22:46 - 00000000 ____D C:\FRST
2013-12-11 22:45 - 2013-12-11 22:45 - 01926944 _____ (Farbar) C:\Users\Lída\Downloads\FRST64.exe
2013-12-11 22:45 - 2013-12-11 22:45 - 01926944 _____ (Farbar) C:\Users\Lída\Downloads\FRST64 (1).exe
2013-12-11 22:40 - 2013-08-23 09:13 - 01296935 _____ C:\Windows\WindowsUpdate.log
2013-12-11 22:39 - 2013-12-11 22:39 - 00032916 _____ C:\ComboFix.txt
2013-12-11 22:39 - 2013-12-11 21:52 - 00000000 ____D C:\Qoobox
2013-12-11 22:39 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-11 22:37 - 2013-12-11 21:52 - 00000000 ____D C:\Windows\erdnt
2013-12-11 22:36 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-11 22:33 - 2013-08-23 09:22 - 00000000 ___RD C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-11 22:33 - 2013-08-23 09:22 - 00000000 ____D C:\Users\Lída
2013-12-11 22:22 - 2013-12-11 22:22 - 00589070 _____ C:\Users\Lída\Desktop\2.rar
2013-12-11 22:20 - 2013-12-11 22:20 - 03531054 _____ C:\Users\Lída\Desktop\1.rar
2013-12-11 22:20 - 2013-08-23 10:14 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 21:53 - 2013-08-23 10:33 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 21:45 - 2013-12-11 21:43 - 00006718 _____ C:\Users\Lída\Desktop\Rkill.txt
2013-12-11 21:43 - 2013-12-11 21:43 - 00000000 ____D C:\Users\Lída\Desktop\rkill
2013-12-11 21:43 - 2013-12-11 16:17 - 00001196 _____ C:\Users\Lída\AppData\Roaming\svchost.exe.tmp
2013-12-11 21:43 - 2013-12-10 21:25 - 00001796 _____ C:\Users\Lída\chrome.exe.tmp
2013-12-11 21:43 - 2013-12-09 19:05 - 00004671 _____ C:\Users\Lída\AppData\Roaming\systems.exe.tmp
2013-12-11 21:43 - 2013-12-07 17:45 - 00007748 _____ C:\Users\Lída\Systeme32.exe.tmp
2013-12-11 21:43 - 2013-12-07 11:17 - 00010933 _____ C:\Users\Lída\AppData\Roaming\explOrer.exe.tmp
2013-12-11 21:41 - 2013-12-11 21:39 - 05153140 ____R (Swearware) C:\Users\Lída\Desktop\ComboFix.exe
2013-12-11 21:41 - 2013-12-11 21:24 - 00014848 ___SH C:\Users\Lída\AppData\Thumbs.db
2013-12-11 21:40 - 2013-12-11 21:39 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lída\Desktop\WiNlOgOn.exe
2013-12-11 21:39 - 2013-12-11 21:38 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lída\Desktop\rkill.com
2013-12-11 21:35 - 2013-12-07 11:36 - 00008781 _____ C:\Users\Lída\Server.sys
2013-12-11 21:30 - 2013-12-09 17:18 - 00005481 _____ C:\Users\Lída\trojan.exe.tmp
2013-12-11 21:30 - 2013-12-06 20:22 - 00014603 _____ C:\Users\Lída\AppData\Roaming\trojan.exe.tmp
2013-12-11 20:54 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 20:54 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 20:52 - 2013-12-11 20:51 - 00000000 ____D C:\rsit
2013-12-11 20:52 - 2013-12-11 20:51 - 00000000 ____D C:\Program Files\trend micro
2013-12-11 20:51 - 2013-12-11 20:51 - 00935175 _____ C:\Users\Lída\Downloads\RSITx64.exe
2013-12-11 20:40 - 2013-09-22 18:29 - 00003154 _____ C:\Windows\System32\Tasks\WinZipDriverUpdaterRunAtStartup
2013-12-11 18:45 - 2013-12-11 18:45 - 00042792 _____ C:\Users\Lída\AppData\LocalhefrntJlww.exe
2013-12-11 18:19 - 2013-08-23 10:14 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 17:54 - 2013-08-23 10:33 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 17:53 - 2013-08-23 10:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 17:53 - 2013-08-23 10:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 16:37 - 2013-12-11 16:37 - 00029696 _____ C:\Users\Lída\AppData\LocalwIiztYWbuJ.exe
2013-12-11 15:04 - 2013-12-09 20:04 - 00003098 _____ C:\Users\Lída\AppData\Roaming\dwmn.exe.tmp
2013-12-11 14:55 - 2013-12-11 15:02 - 00026072 _____ C:\Users\Lída\Documents\Přednáška%206.pptx_1.odp
2013-12-11 14:19 - 2013-12-11 14:19 - 00082822 _____ C:\Users\Lída\Downloads\Přednáška 9.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00079081 _____ C:\Users\Lída\Downloads\Přednáška 10.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00073014 _____ C:\Users\Lída\Downloads\Přednáška 8.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00072203 _____ C:\Users\Lída\Downloads\Přednáška 11.pptx
2013-12-11 14:18 - 2013-12-11 14:18 - 00104049 _____ C:\Users\Lída\Downloads\Přednáška 6.pptx
2013-12-11 14:18 - 2013-12-11 14:18 - 00077121 _____ C:\Users\Lída\Downloads\Přednáška 7.pptx
2013-12-11 13:44 - 2013-08-23 10:22 - 00000000 ____D C:\ProgramData\MFAData
2013-12-11 13:44 - 2009-07-14 16:18 - 00678000 _____ C:\Windows\system32\perfh005.dat
2013-12-11 13:44 - 2009-07-14 16:18 - 00139556 _____ C:\Windows\system32\perfc005.dat
2013-12-11 13:44 - 2009-07-14 06:13 - 01601480 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 13:38 - 2012-09-26 08:53 - 00000967 _____ C:\Windows\SysWOW64\bscs.ini
2013-12-11 13:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 13:38 - 2009-07-14 05:51 - 00032771 _____ C:\Windows\setupact.log
2013-12-10 21:04 - 2013-08-29 15:20 - 00000000 ____D C:\Users\Lída\AppData\Roaming\vlc
2013-12-10 20:47 - 2013-12-10 20:47 - 00000000 ____D C:\Users\Lída\AppData\Local\IsolatedStorage
2013-12-10 19:33 - 2013-12-10 19:33 - 00000000 ____D C:\Users\Lída\AppData\Roaming\Windows
2013-12-10 16:45 - 2013-09-25 18:16 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-12-10 16:45 - 2013-08-23 11:54 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-12-09 21:03 - 2013-12-09 21:03 - 04436952 _____ (AVG Technologies) C:\Users\Lída\Downloads\avg_isct_stb_all_2014_4259.exe
2013-12-09 20:53 - 2013-12-09 19:01 - 00000243 _____ C:\Users\Lída\AppData\Roaming\chrome.exe.tmp
2013-12-09 18:09 - 2013-12-09 17:07 - 00164352 _____ C:\Users\Lída\Downloads\přednáška4.ppt
2013-12-09 17:18 - 2013-12-09 17:07 - 00284672 _____ C:\Users\Lída\Downloads\přednáška3.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00188928 _____ C:\Users\Lída\Downloads\Přednáška2.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00139264 _____ C:\Users\Lída\Downloads\přednáška1.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00051394 _____ C:\Users\Lída\Downloads\Přednáška 5.pptx
2013-12-08 20:47 - 2013-08-23 15:00 - 00000061 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-12-08 18:41 - 2013-08-23 15:00 - 00003619 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-12-08 17:02 - 2013-09-29 13:55 - 00000131 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
2013-12-08 16:43 - 2013-12-08 16:34 - 00000000 ____D C:\Users\Lída\AppData\Local\Microsoft Games
2013-12-08 16:20 - 2013-12-06 17:57 - 00009846 _____ C:\Users\Lída\Desktop\Botanic.ods
2013-12-08 14:45 - 2013-08-23 09:22 - 00000000 ____D C:\Users\Lída\AppData\Local\VirtualStore
2013-12-08 09:11 - 2013-12-07 15:36 - 00000940 _____ C:\Users\Lída\AppData\Roaming\svshot.exe.tmp
2013-12-06 22:35 - 2013-12-06 22:34 - 00275384 _____ C:\Windows\Minidump\120613-46909-01.dmp
2013-12-06 22:34 - 2013-12-06 22:34 - 469349430 _____ C:\Windows\MEMORY.DMP
2013-12-06 22:34 - 2013-12-06 22:34 - 00000000 ____D C:\Windows\Minidump
2013-12-06 20:37 - 2013-12-06 16:26 - 00011411 _____ C:\Users\Lída\Downloads\.tmp
2013-12-06 16:26 - 2013-12-06 16:26 - 00054784 _____ (pmW9xYj1vtJ) C:\Users\Lída\Downloads\AVG-AntiVirus-Free.exe
2013-12-06 09:09 - 2013-08-23 10:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-05 18:15 - 2013-08-23 10:14 - 00003944 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-05 18:14 - 2013-08-23 10:14 - 00003692 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 09:59 - 2013-12-05 09:59 - 00115200 _____ C:\Users\Lída\Downloads\obchodni-korporace-2101 (1).ppt
2013-12-04 13:11 - 2013-11-17 12:00 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-12-04 13:11 - 2013-08-26 12:00 - 00001397 _____ C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 13:11 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-04 13:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-04 07:41 - 2013-12-04 07:35 - 00009961 _____ C:\Windows\IE11_main.log
2013-12-04 07:36 - 2013-12-04 07:36 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-04 07:36 - 2013-12-04 07:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-04 07:36 - 2013-12-04 07:36 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-04 07:36 - 2013-12-04 07:36 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-04 07:36 - 2013-12-04 07:36 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-04 07:36 - 2013-12-04 07:36 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-04 07:36 - 2013-12-04 07:36 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-04 07:36 - 2013-12-04 07:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-04 07:36 - 2013-12-04 07:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-04 07:36 - 2013-12-04 07:36 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-04 07:36 - 2013-12-04 07:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-02 16:37 - 2013-12-02 16:24 - 00295424 _____ C:\Users\Lída\Downloads\obchodni-korporace-2101.ppt
2013-11-30 20:51 - 2013-09-14 20:06 - 00000000 ____D C:\Users\Lída\Documents\škola
2013-11-27 17:12 - 2013-11-27 17:11 - 03393763 _____ C:\Users\Lída\Downloads\fwbankovnictvvpoty2 (1).zip
2013-11-25 16:45 - 2013-11-25 11:37 - 00128512 _____ C:\Users\Lída\Downloads\PO-dle-obcan-zak-2094.ppt
2013-11-25 10:26 - 2009-07-14 16:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-23 19:30 - 2013-11-23 00:18 - 00012909 _____ C:\Users\Lída\Documents\.....odt
2013-11-23 16:57 - 2013-09-29 10:10 - 00011681 _____ C:\Users\Lída\Desktop\Oriflame.ods
2013-11-20 17:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-20 14:24 - 2013-11-20 14:24 - 00000000 ____D C:\Users\Lída\Desktop\Tiskárna
2013-11-17 17:28 - 2013-11-17 17:28 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-11-17 12:00 - 2013-11-17 12:00 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenu
2013-11-17 12:00 - 2013-11-17 11:46 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-17 11:58 - 2013-08-23 10:54 - 00010106 _____ C:\Windows\PFRO.log
2013-11-17 11:54 - 2013-11-17 11:54 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-11-17 11:52 - 2013-11-17 11:52 - 00002354 _____ C:\Users\Public\Desktop\Canon MP250 series Příručka online.lnk
2013-11-17 11:52 - 2013-11-17 11:52 - 00000000 ____D C:\Program Files\Canon
2013-11-16 21:30 - 2013-11-16 20:32 - 00408576 _____ C:\Users\Lída\Downloads\Podnikani-ll-2058.ppt
2013-11-14 21:00 - 2013-08-25 22:02 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 20:59 - 2013-08-25 22:02 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 17:50

==================== End Of Log ============================

Děkuji pro dnešek za kontrolu : )

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKCU\...\Run: [icq] - C:\Users\Lída\AppData\Roaming\ICQM\icq.exe [27598184 2013-08-25] (ICQ)
  HKCU\...\Run: [xiksvkhxzu] - "C:\Users\LDA~1\AppData\Local\Temp\xiksvkhxzu..vbs" <===== ATTENTION
  HKCU\...\Run: [HMMNET~1] - "C:\Users\LDA~1\AppData\Local\Temp\HMMNET~1.VBS" <===== ATTENTION
  HKCU\...\Run: [GYIMTT~1] - "C:\Users\LDA~1\AppData\Local\Temp\GYIMTT~1.VBS" <===== ATTENTION
  HKCU\...\Run: [gyimttbobx] - "C:\Users\LDA~1\AppData\Local\Temp\gyimttbobx..vbs" <===== ATTENTION
  HKCU\...\Run: [hmmnetrkjq] - "C:\Users\LDA~1\AppData\Local\Temp\hmmnetrkjq..vbs" <===== ATTENTION
  HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2471448 2013-12-10] ()
  HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [SgfxConfig] - C:\Program Files\SGFX\SgfxConfig.exe [2233592 2013-05-01] ()
  HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1707472 2013-11-06] (APN)
  HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-11-06] (APN LLC.)
  Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2320633bbd5b9c41d628d6d2b760a34d.exe (Windows run)
  Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gyimttbobx..vbs ()
  Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmmnetrkjq..vbs ()
  Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\maram‮gpj.Scr ()
  Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\saa.exe ()
  Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server1.exe ()
  Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqlmap.rar ()
  Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe ()
  Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Run.exe (Windows run)
  Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiksvkhxzu..vbs ()
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?p2=%5EB1V%5E ... 08-29&psv=
  HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
  URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
  StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
  SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
  SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={5E00E574-9C69-424B-821D-5BD0BF783883}&mid=df51a8e63dec47d38c2c65fc69752c79-97ef8075d9e2773f1da56b2807800d9049071cef&lang=cs&ds=AVG&coid=avgtbavg&pr=pr&d=2013-09-25 19:16:32&v=17.0.0.9&pid=avg&sg=0&sap=dsp&q={searchTerms}
  BHO: Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport_x64.dll (APN LLC.)
  BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
  BHO-x32: Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll (APN LLC.)
  BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
  BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
  Toolbar: HKLM - Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport_x64.dll (APN LLC.)
  Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
  Toolbar: HKLM-x32 - Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll (APN LLC.)
  
  CHR HomePage: hxxp://www.search.ask.com/?p2=%5EB1V%5E ... 08-29&psv=
  CHR RestoreOnStartup: "hxxp://google.cz/"
  CHR DefaultSearchKeyword: ask search
  CHR DefaultSearchProvider: Ask Search
  CHR DefaultSearchURL: http://www.search.ask.com/web?p2=%5EB1V ... trgb=CR&q={searchTerms}
  CHR DefaultNewTabURL: 
  CHR Extension: (Ask Toolbar) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajfocmnnhjaajccaelhippajhaeod\21.52309_0
  CHR Extension: (AVG Secure Search) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0
  CHR HKLM-x32\...\Chrome\Extension: [aaaajfocmnnhjaajccaelhippajhaeod] - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx
  CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx
  
  R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-06] (APN LLC.)
  R2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-10] (AVG Secure Search)
  
  2013-12-11 18:45 - 2013-12-11 18:45 - 00042792 _____ C:\Users\Lída\AppData\LocalhefrntJlww.exe
  2013-12-11 16:37 - 2013-12-11 16:37 - 00029696 _____ C:\Users\Lída\AppData\LocalwIiztYWbuJ.exe
  2013-12-11 16:17 - 2013-12-11 21:43 - 00001196 _____ C:\Users\Lída\AppData\Roaming\svchost.exe.tmp
  2013-12-10 21:25 - 2013-12-11 21:43 - 00001796 _____ C:\Users\Lída\chrome.exe.tmp
  2013-12-09 20:04 - 2013-12-11 15:04 - 00003098 _____ C:\Users\Lída\AppData\Roaming\dwmn.exe.tmp
  2013-12-09 19:05 - 2013-12-11 21:43 - 00004671 _____ C:\Users\Lída\AppData\Roaming\systems.exe.tmp
  2013-12-09 19:01 - 2013-12-09 20:53 - 00000243 _____ C:\Users\Lída\AppData\Roaming\chrome.exe.tmp
  2013-12-09 17:18 - 2013-12-11 21:30 - 00005481 _____ C:\Users\Lída\trojan.exe.tmp
  2013-12-07 17:45 - 2013-12-11 21:43 - 00007748 _____ C:\Users\Lída\Systeme32.exe.tmp
  2013-12-07 15:36 - 2013-12-08 09:11 - 00000940 _____ C:\Users\Lída\AppData\Roaming\svshot.exe.tmp
  2013-12-07 11:36 - 2013-12-11 21:35 - 00008781 _____ C:\Users\Lída\Server.sys
  2013-12-07 11:17 - 2013-12-11 21:43 - 00010933 _____ C:\Users\Lída\AppData\Roaming\explOrer.exe.tmp
  2013-12-06 20:22 - 2013-12-11 21:30 - 00014603 _____ C:\Users\Lída\AppData\Roaming\trojan.exe.tmp
  2013-12-06 16:26 - 2013-12-06 20:37 - 00011411 _____ C:\Users\Lída\Downloads\.tmp
  2013-12-06 16:26 - 2013-12-06 16:26 - 00054784 _____ (pmW9xYj1vtJ) C:\Users\Lída\Downloads\AVG-AntiVirus-Free.exe
  2013-12-11 16:37 - 2013-12-11 16:37 - 00029696 _____ C:\Users\Lída\AppData\LocalwIiztYWbuJ.exe
  
  C:\Program Files (x86)\Common Files\AVG Secure Search
  C:\Program Files (x86)\AskPartnerNetwork
  C:\Program Files (x86)\AVG Secure Search
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[mishel]

Hotovo, tady je LOG.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2013
Ran by Lída at 2013-12-11 23:00:26 Run:1
Running from C:\Users\Lída\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKCU\...\Run: [icq] - C:\Users\Lída\AppData\Roaming\ICQM\icq.exe [27598184 2013-08-25] (ICQ)
HKCU\...\Run: [xiksvkhxzu] - "C:\Users\LDA~1\AppData\Local\Temp\xiksvkhxzu..vbs" <===== ATTENTION
HKCU\...\Run: [HMMNET~1] - "C:\Users\LDA~1\AppData\Local\Temp\HMMNET~1.VBS" <===== ATTENTION
HKCU\...\Run: [GYIMTT~1] - "C:\Users\LDA~1\AppData\Local\Temp\GYIMTT~1.VBS" <===== ATTENTION
HKCU\...\Run: [gyimttbobx] - "C:\Users\LDA~1\AppData\Local\Temp\gyimttbobx..vbs" <===== ATTENTION
HKCU\...\Run: [hmmnetrkjq] - "C:\Users\LDA~1\AppData\Local\Temp\hmmnetrkjq..vbs" <===== ATTENTION
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2471448 2013-12-10] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SgfxConfig] - C:\Program Files\SGFX\SgfxConfig.exe [2233592 2013-05-01] ()
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1707472 2013-11-06] (APN)
HKLM-x32\...\Run: [VNT] - C:\Program Files (x86)\VNT\vntldr.exe [202192 2013-11-06] (APN LLC.)
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2320633bbd5b9c41d628d6d2b760a34d.exe (Windows run)
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gyimttbobx..vbs ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmmnetrkjq..vbs ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\maram?gpj.Scr ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\saa.exe ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server1.exe ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqlmap.rar ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe ()
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Run.exe (Windows run)
Startup: C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiksvkhxzu..vbs ()

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?p2=%5EB1V%5E ... 08-29&psv=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - SearchHook Class - {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={5E00 ... 2013-09-25 19:16:32&v=17.0.0.9&pid=avg&sg=0&sap=dsp&q={searchTerms}
BHO: Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport_x64.dll (APN LLC.)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll (APN LLC.)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\17.2.0.38\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Ask Toolbar - {41545534-2D56-3700-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ATU4-V7\Passport.dll (APN LLC.)

CHR HomePage: hxxp://www.search.ask.com/?p2=%5EB1V%5E ... 08-29&psv=
CHR RestoreOnStartup: "hxxp://google.cz/"
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultSearchURL: http://www.search.ask.com/web?p2=%5EB1V ... trgb=CR&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Ask Toolbar) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajfocmnnhjaajccaelhippajhaeod\21.52309_0
CHR Extension: (AVG Secure Search) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0
CHR HKLM-x32\...\Chrome\Extension: [aaaajfocmnnhjaajccaelhippajhaeod] - C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx

R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2013-11-06] (APN LLC.)
R2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-10] (AVG Secure Search)

2013-12-11 18:45 - 2013-12-11 18:45 - 00042792 _____ C:\Users\Lída\AppData\LocalhefrntJlww.exe
2013-12-11 16:37 - 2013-12-11 16:37 - 00029696 _____ C:\Users\Lída\AppData\LocalwIiztYWbuJ.exe
2013-12-11 16:17 - 2013-12-11 21:43 - 00001196 _____ C:\Users\Lída\AppData\Roaming\svchost.exe.tmp
2013-12-10 21:25 - 2013-12-11 21:43 - 00001796 _____ C:\Users\Lída\chrome.exe.tmp
2013-12-09 20:04 - 2013-12-11 15:04 - 00003098 _____ C:\Users\Lída\AppData\Roaming\dwmn.exe.tmp
2013-12-09 19:05 - 2013-12-11 21:43 - 00004671 _____ C:\Users\Lída\AppData\Roaming\systems.exe.tmp
2013-12-09 19:01 - 2013-12-09 20:53 - 00000243 _____ C:\Users\Lída\AppData\Roaming\chrome.exe.tmp
2013-12-09 17:18 - 2013-12-11 21:30 - 00005481 _____ C:\Users\Lída\trojan.exe.tmp
2013-12-07 17:45 - 2013-12-11 21:43 - 00007748 _____ C:\Users\Lída\Systeme32.exe.tmp
2013-12-07 15:36 - 2013-12-08 09:11 - 00000940 _____ C:\Users\Lída\AppData\Roaming\svshot.exe.tmp
2013-12-07 11:36 - 2013-12-11 21:35 - 00008781 _____ C:\Users\Lída\Server.sys
2013-12-07 11:17 - 2013-12-11 21:43 - 00010933 _____ C:\Users\Lída\AppData\Roaming\explOrer.exe.tmp
2013-12-06 20:22 - 2013-12-11 21:30 - 00014603 _____ C:\Users\Lída\AppData\Roaming\trojan.exe.tmp
2013-12-06 16:26 - 2013-12-06 20:37 - 00011411 _____ C:\Users\Lída\Downloads\.tmp
2013-12-06 16:26 - 2013-12-06 16:26 - 00054784 _____ (pmW9xYj1vtJ) C:\Users\Lída\Downloads\AVG-AntiVirus-Free.exe
2013-12-11 16:37 - 2013-12-11 16:37 - 00029696 _____ C:\Users\Lída\AppData\LocalwIiztYWbuJ.exe

C:\Program Files (x86)\Common Files\AVG Secure Search
C:\Program Files (x86)\AskPartnerNetwork
C:\Program Files (x86)\AVG Secure Search

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\icq => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\xiksvkhxzu => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HMMNET~1 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GYIMTT~1 => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\gyimttbobx => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\hmmnetrkjq => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SgfxConfig => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\VNT => Value deleted successfully.
C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2320633bbd5b9c41d628d6d2b760a34d.exe => Moved successfully.
C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gyimttbobx..vbs => Moved successfully.
C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hmmnetrkjq..vbs => Moved successfully.
C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\maram?gpj.Scr => Moved successfully.
C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\saa.exe => Moved successfully.
C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Server1.exe => Moved successfully.
C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sqlmap.rar => Moved successfully.
C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update.exe => Moved successfully.
C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Run.exe => Moved successfully.
C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xiksvkhxzu..vbs => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D8278076-BC68-4484-9233-6E7F1628B56C} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C} => Key deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41545534-2D56-3700-76A7-7A786E7484D7} => Key deleted successfully.
HKCR\CLSID\{41545534-2D56-3700-76A7-7A786E7484D7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => Key deleted successfully.
HKCR\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41545534-2D56-3700-76A7-7A786E7484D7} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{41545534-2D56-3700-76A7-7A786E7484D7} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{41545534-2D56-3700-76A7-7A786E7484D7} => Value deleted successfully.
HKCR\CLSID\{41545534-2D56-3700-76A7-7A786E7484D7} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{41545534-2D56-3700-76A7-7A786E7484D7} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{41545534-2D56-3700-76A7-7A786E7484D7} => Key not found.
CHR HomePage: hxxp://www.search.ask.com/?p2=%5EB1V%5E ... 08-29&psv= ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://google.cz/" ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: ask search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Ask Search ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://www.search.ask.com/web?p2=%5EB1V ... trgb=CR&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajfocmnnhjaajccaelhippajhaeod => Moved successfully.
C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaajfocmnnhjaajccaelhippajhaeod => Key deleted successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\ATU4-V7\CRX\ToolbarCR.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof => Key deleted successfully.
C:\ProgramData\AVG Secure Search\ChromeExt\15.5.0.2\avg.crx => Moved successfully.
APNMCP => Service deleted successfully.
vToolbarUpdater17.2.0 => Service deleted successfully.
C:\Users\Lída\AppData\LocalhefrntJlww.exe => Moved successfully.
C:\Users\Lída\AppData\LocalwIiztYWbuJ.exe => Moved successfully.
C:\Users\Lída\AppData\Roaming\svchost.exe.tmp => Moved successfully.
C:\Users\Lída\chrome.exe.tmp => Moved successfully.
C:\Users\Lída\AppData\Roaming\dwmn.exe.tmp => Moved successfully.
C:\Users\Lída\AppData\Roaming\systems.exe.tmp => Moved successfully.
C:\Users\Lída\AppData\Roaming\chrome.exe.tmp => Moved successfully.
C:\Users\Lída\trojan.exe.tmp => Moved successfully.
C:\Users\Lída\Systeme32.exe.tmp => Moved successfully.
C:\Users\Lída\AppData\Roaming\svshot.exe.tmp => Moved successfully.
C:\Users\Lída\Server.sys => Moved successfully.
C:\Users\Lída\AppData\Roaming\explOrer.exe.tmp => Moved successfully.
C:\Users\Lída\AppData\Roaming\trojan.exe.tmp => Moved successfully.
C:\Users\Lída\Downloads\.tmp => Moved successfully.
C:\Users\Lída\Downloads\AVG-AntiVirus-Free.exe => Moved successfully.
"C:\Users\Lída\AppData\LocalwIiztYWbuJ.exe" => File/Directory not found.
C:\Program Files (x86)\Common Files\AVG Secure Search => Moved successfully.
C:\Program Files (x86)\AskPartnerNetwork => Moved successfully.
C:\Program Files (x86)\AVG Secure Search => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========



The system needs a manual reboot.

==== End of Fixlog ====

[vyosek]

Poprosim o novy log z FRST

[mishel]

Nový log zde

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2013
Ran by Lída (administrator) on HP4545S on 11-12-2013 23:07:31
Running from C:\Users\Lída\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SMSC) C:\Program Files\SGFX\sgfxmgr.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NUSB3MON] - C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2184520 2009-03-23] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-03-17] (CANON INC.)
HKCU\...\Run: [HMMNET~1] - "C:\Users\LDA~1\AppData\Local\Temp\HMMNET~1.VBS" <===== ATTENTION
HKCU\...\Run: [GYIMTT~1] - "C:\Users\LDA~1\AppData\Local\Temp\GYIMTT~1.VBS" <===== ATTENTION
HKCU\...\Run: [gyimttbobx] - "C:\Users\LDA~1\AppData\Local\Temp\gyimttbobx..vbs" <===== ATTENTION
HKCU\...\Run: [hmmnetrkjq] - "C:\Users\LDA~1\AppData\Local\Temp\hmmnetrkjq..vbs" <===== ATTENTION
HKCU\...\Run: [xiksvkhxzu] - "C:\Users\LDA~1\AppData\Local\Temp\xiksvkhxzu..vbs" <===== ATTENTION
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630952 2012-07-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [x]

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?tpid=ATU4-V7 ... 08-29&psv=
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.41.1

Chrome:
=======
CHR HomePage: hxxp://google.cz/
CHR RestoreOnStartup: "hxxp://google.cz/"
CHR DefaultSearchKeyword: ask search
CHR DefaultSearchProvider: Ask Search
CHR DefaultSearchURL: http://www.search.ask.com/web?p2=%5EB1V ... earchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Lída\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-25] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8998800 2013-05-09] (DisplayLink Corp.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 SGFXMgr; C:\Program Files\SGFX\sgfxmgr.exe [8481280 2013-05-01] (SMSC)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
R4 sgfxk; C:\Windows\System32\drivers\sgfxk64.sys [157432 2013-05-02] (SMSC)
R0 sgfxl; C:\Windows\System32\drivers\sgfxl64.sys [18168 2013-05-02] (SMSC)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-11 23:07 - 2013-12-11 23:08 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-11 23:03 - 2013-12-11 23:07 - 87529432 _____ (AVAST Software) C:\Users\Lída\Downloads\avast_free_antivirus_setup.exe
2013-12-11 22:50 - 2013-12-11 22:47 - 00063545 _____ C:\Users\Lída\Desktop\FRST.txt
2013-12-11 22:50 - 2013-12-11 22:47 - 00000917 _____ C:\Users\Lída\Desktop\Addition.txt
2013-12-11 22:47 - 2013-12-11 22:47 - 00000917 _____ C:\Users\Lída\Downloads\Addition.txt
2013-12-11 22:46 - 2013-12-11 23:08 - 00012163 _____ C:\Users\Lída\Downloads\FRST.txt
2013-12-11 22:46 - 2013-12-11 23:00 - 00000000 ____D C:\FRST
2013-12-11 22:45 - 2013-12-11 22:45 - 01926944 _____ (Farbar) C:\Users\Lída\Downloads\FRST64.exe
2013-12-11 22:45 - 2013-12-11 22:45 - 01926944 _____ (Farbar) C:\Users\Lída\Downloads\FRST64 (1).exe
2013-12-11 22:39 - 2013-12-11 22:39 - 00032916 _____ C:\ComboFix.txt
2013-12-11 21:52 - 2013-12-11 22:39 - 00000000 ____D C:\Qoobox
2013-12-11 21:52 - 2013-12-11 22:37 - 00000000 ____D C:\Windows\erdnt
2013-12-11 21:52 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-11 21:52 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-11 21:52 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-11 21:52 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-11 21:52 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-11 21:52 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-11 21:52 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-11 21:52 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-11 21:43 - 2013-12-11 21:45 - 00006718 _____ C:\Users\Lída\Desktop\Rkill.txt
2013-12-11 21:43 - 2013-12-11 21:43 - 00000000 ____D C:\Users\Lída\Desktop\rkill
2013-12-11 21:39 - 2013-12-11 21:41 - 05153140 ____R (Swearware) C:\Users\Lída\Desktop\ComboFix.exe
2013-12-11 21:39 - 2013-12-11 21:40 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lída\Desktop\WiNlOgOn.exe
2013-12-11 21:38 - 2013-12-11 21:39 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lída\Desktop\rkill.com
2013-12-11 21:24 - 2013-12-11 21:41 - 00014848 ___SH C:\Users\Lída\AppData\Thumbs.db
2013-12-11 20:51 - 2013-12-11 20:52 - 00000000 ____D C:\rsit
2013-12-11 20:51 - 2013-12-11 20:52 - 00000000 ____D C:\Program Files\trend micro
2013-12-11 20:51 - 2013-12-11 20:51 - 00935175 _____ C:\Users\Lída\Downloads\RSITx64.exe
2013-12-11 15:02 - 2013-12-11 14:55 - 00026072 _____ C:\Users\Lída\Documents\Přednáška%206.pptx_1.odp
2013-12-11 14:19 - 2013-12-11 14:19 - 00082822 _____ C:\Users\Lída\Downloads\Přednáška 9.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00079081 _____ C:\Users\Lída\Downloads\Přednáška 10.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00073014 _____ C:\Users\Lída\Downloads\Přednáška 8.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00072203 _____ C:\Users\Lída\Downloads\Přednáška 11.pptx
2013-12-11 14:18 - 2013-12-11 14:18 - 00104049 _____ C:\Users\Lída\Downloads\Přednáška 6.pptx
2013-12-11 14:18 - 2013-12-11 14:18 - 00077121 _____ C:\Users\Lída\Downloads\Přednáška 7.pptx
2013-12-10 20:47 - 2013-12-10 20:47 - 00000000 ____D C:\Users\Lída\AppData\Local\IsolatedStorage
2013-12-10 19:33 - 2013-12-10 19:33 - 00000000 ____D C:\Users\Lída\AppData\Roaming\Windows
2013-12-09 21:03 - 2013-12-09 21:03 - 04436952 _____ (AVG Technologies) C:\Users\Lída\Downloads\avg_isct_stb_all_2014_4259.exe
2013-12-09 17:07 - 2013-12-09 18:09 - 00164352 _____ C:\Users\Lída\Downloads\přednáška4.ppt
2013-12-09 17:07 - 2013-12-09 17:18 - 00284672 _____ C:\Users\Lída\Downloads\přednáška3.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00188928 _____ C:\Users\Lída\Downloads\Přednáška2.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00139264 _____ C:\Users\Lída\Downloads\přednáška1.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00051394 _____ C:\Users\Lída\Downloads\Přednáška 5.pptx
2013-12-08 16:34 - 2013-12-08 16:43 - 00000000 ____D C:\Users\Lída\AppData\Local\Microsoft Games
2013-12-06 22:34 - 2013-12-06 22:35 - 00275384 _____ C:\Windows\Minidump\120613-46909-01.dmp
2013-12-06 22:34 - 2013-12-06 22:34 - 469349430 _____ C:\Windows\MEMORY.DMP
2013-12-06 22:34 - 2013-12-06 22:34 - 00000000 ____D C:\Windows\Minidump
2013-12-06 17:57 - 2013-12-08 16:20 - 00009846 _____ C:\Users\Lída\Desktop\Botanic.ods
2013-12-05 09:59 - 2013-12-05 09:59 - 00115200 _____ C:\Users\Lída\Downloads\obchodni-korporace-2101 (1).ppt
2013-12-04 07:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-04 07:36 - 2013-12-04 07:36 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-04 07:36 - 2013-12-04 07:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-04 07:36 - 2013-12-04 07:36 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-04 07:36 - 2013-12-04 07:36 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-04 07:36 - 2013-12-04 07:36 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-04 07:36 - 2013-12-04 07:36 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-04 07:36 - 2013-12-04 07:36 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-04 07:36 - 2013-12-04 07:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-04 07:36 - 2013-12-04 07:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-04 07:36 - 2013-12-04 07:36 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-04 07:36 - 2013-12-04 07:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-04 07:35 - 2013-12-04 07:41 - 00009961 _____ C:\Windows\IE11_main.log
2013-12-02 16:24 - 2013-12-02 16:37 - 00295424 _____ C:\Users\Lída\Downloads\obchodni-korporace-2101.ppt
2013-11-27 17:11 - 2013-11-27 17:12 - 03393763 _____ C:\Users\Lída\Downloads\fwbankovnictvvpoty2 (1).zip
2013-11-25 11:37 - 2013-11-25 16:45 - 00128512 _____ C:\Users\Lída\Downloads\PO-dle-obcan-zak-2094.ppt
2013-11-23 00:18 - 2013-11-23 19:30 - 00012909 _____ C:\Users\Lída\Documents\.....odt
2013-11-20 14:24 - 2013-11-20 14:24 - 00000000 ____D C:\Users\Lída\Desktop\Tiskárna
2013-11-17 17:28 - 2013-11-17 17:28 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-11-17 12:00 - 2013-12-04 13:11 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-17 12:00 - 2013-11-17 12:00 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenu
2013-11-17 11:54 - 2013-11-17 11:54 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-11-17 11:52 - 2013-11-17 11:52 - 00002354 _____ C:\Users\Public\Desktop\Canon MP250 series Příručka online.lnk
2013-11-17 11:52 - 2013-11-17 11:52 - 00000000 ____D C:\Program Files\Canon
2013-11-17 11:46 - 2013-11-17 12:00 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-16 20:32 - 2013-11-16 21:30 - 00408576 _____ C:\Users\Lída\Downloads\Podnikani-ll-2058.ppt
2013-11-14 08:21 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 08:21 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 08:21 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 08:21 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 08:21 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 08:21 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 08:21 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 08:21 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 08:21 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 08:21 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 08:21 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 08:21 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 08:21 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 08:21 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 08:21 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 08:21 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 08:21 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 08:21 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 08:21 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 08:21 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 08:21 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 08:21 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 08:21 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 08:21 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 08:21 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 08:21 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 08:21 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 08:21 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 08:21 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 08:21 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

==================== One Month Modified Files and Folders =======

2013-12-11 23:08 - 2013-12-11 23:07 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-11 23:08 - 2013-12-11 22:46 - 00012163 _____ C:\Users\Lída\Downloads\FRST.txt
2013-12-11 23:07 - 2013-12-11 23:03 - 87529432 _____ (AVAST Software) C:\Users\Lída\Downloads\avast_free_antivirus_setup.exe
2013-12-11 23:06 - 2013-08-23 09:13 - 01314746 _____ C:\Windows\WindowsUpdate.log
2013-12-11 23:06 - 2009-07-14 16:18 - 00678000 _____ C:\Windows\system32\perfh005.dat
2013-12-11 23:06 - 2009-07-14 16:18 - 00139556 _____ C:\Windows\system32\perfc005.dat
2013-12-11 23:06 - 2009-07-14 06:13 - 01601480 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-11 23:02 - 2013-08-23 10:54 - 00010652 _____ C:\Windows\PFRO.log
2013-12-11 23:02 - 2013-08-23 10:14 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-11 23:02 - 2012-09-26 08:53 - 00000967 _____ C:\Windows\SysWOW64\bscs.ini
2013-12-11 23:02 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 23:02 - 2009-07-14 05:51 - 00032827 _____ C:\Windows\setupact.log
2013-12-11 23:00 - 2013-12-11 22:46 - 00000000 ____D C:\FRST
2013-12-11 23:00 - 2013-08-23 09:22 - 00000000 ___RD C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-11 23:00 - 2013-08-23 09:22 - 00000000 ____D C:\Users\Lída
2013-12-11 22:53 - 2013-08-23 10:33 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 22:47 - 2013-12-11 22:50 - 00063545 _____ C:\Users\Lída\Desktop\FRST.txt
2013-12-11 22:47 - 2013-12-11 22:50 - 00000917 _____ C:\Users\Lída\Desktop\Addition.txt
2013-12-11 22:47 - 2013-12-11 22:47 - 00000917 _____ C:\Users\Lída\Downloads\Addition.txt
2013-12-11 22:45 - 2013-12-11 22:45 - 01926944 _____ (Farbar) C:\Users\Lída\Downloads\FRST64.exe
2013-12-11 22:45 - 2013-12-11 22:45 - 01926944 _____ (Farbar) C:\Users\Lída\Downloads\FRST64 (1).exe
2013-12-11 22:39 - 2013-12-11 22:39 - 00032916 _____ C:\ComboFix.txt
2013-12-11 22:39 - 2013-12-11 21:52 - 00000000 ____D C:\Qoobox
2013-12-11 22:39 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-12-11 22:37 - 2013-12-11 21:52 - 00000000 ____D C:\Windows\erdnt
2013-12-11 22:36 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-12-11 22:20 - 2013-08-23 10:14 - 00000948 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-11 21:45 - 2013-12-11 21:43 - 00006718 _____ C:\Users\Lída\Desktop\Rkill.txt
2013-12-11 21:43 - 2013-12-11 21:43 - 00000000 ____D C:\Users\Lída\Desktop\rkill
2013-12-11 21:41 - 2013-12-11 21:39 - 05153140 ____R (Swearware) C:\Users\Lída\Desktop\ComboFix.exe
2013-12-11 21:41 - 2013-12-11 21:24 - 00014848 ___SH C:\Users\Lída\AppData\Thumbs.db
2013-12-11 21:40 - 2013-12-11 21:39 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lída\Desktop\WiNlOgOn.exe
2013-12-11 21:39 - 2013-12-11 21:38 - 01937144 _____ (Bleeping Computer, LLC) C:\Users\Lída\Desktop\rkill.com
2013-12-11 20:54 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 20:54 - 2009-07-14 05:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 20:52 - 2013-12-11 20:51 - 00000000 ____D C:\rsit
2013-12-11 20:52 - 2013-12-11 20:51 - 00000000 ____D C:\Program Files\trend micro
2013-12-11 20:51 - 2013-12-11 20:51 - 00935175 _____ C:\Users\Lída\Downloads\RSITx64.exe
2013-12-11 20:40 - 2013-09-22 18:29 - 00003154 _____ C:\Windows\System32\Tasks\WinZipDriverUpdaterRunAtStartup
2013-12-11 17:54 - 2013-08-23 10:33 - 00003852 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 17:53 - 2013-08-23 10:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 17:53 - 2013-08-23 10:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 14:55 - 2013-12-11 15:02 - 00026072 _____ C:\Users\Lída\Documents\Přednáška%206.pptx_1.odp
2013-12-11 14:19 - 2013-12-11 14:19 - 00082822 _____ C:\Users\Lída\Downloads\Přednáška 9.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00079081 _____ C:\Users\Lída\Downloads\Přednáška 10.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00073014 _____ C:\Users\Lída\Downloads\Přednáška 8.pptx
2013-12-11 14:19 - 2013-12-11 14:19 - 00072203 _____ C:\Users\Lída\Downloads\Přednáška 11.pptx
2013-12-11 14:18 - 2013-12-11 14:18 - 00104049 _____ C:\Users\Lída\Downloads\Přednáška 6.pptx
2013-12-11 14:18 - 2013-12-11 14:18 - 00077121 _____ C:\Users\Lída\Downloads\Přednáška 7.pptx
2013-12-11 13:44 - 2013-08-23 10:22 - 00000000 ____D C:\ProgramData\MFAData
2013-12-10 21:04 - 2013-08-29 15:20 - 00000000 ____D C:\Users\Lída\AppData\Roaming\vlc
2013-12-10 20:47 - 2013-12-10 20:47 - 00000000 ____D C:\Users\Lída\AppData\Local\IsolatedStorage
2013-12-10 19:33 - 2013-12-10 19:33 - 00000000 ____D C:\Users\Lída\AppData\Roaming\Windows
2013-12-10 16:45 - 2013-08-23 11:54 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-12-09 21:03 - 2013-12-09 21:03 - 04436952 _____ (AVG Technologies) C:\Users\Lída\Downloads\avg_isct_stb_all_2014_4259.exe
2013-12-09 18:09 - 2013-12-09 17:07 - 00164352 _____ C:\Users\Lída\Downloads\přednáška4.ppt
2013-12-09 17:18 - 2013-12-09 17:07 - 00284672 _____ C:\Users\Lída\Downloads\přednáška3.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00188928 _____ C:\Users\Lída\Downloads\Přednáška2.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00139264 _____ C:\Users\Lída\Downloads\přednáška1.ppt
2013-12-09 17:07 - 2013-12-09 17:07 - 00051394 _____ C:\Users\Lída\Downloads\Přednáška 5.pptx
2013-12-08 20:47 - 2013-08-23 15:00 - 00000061 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-12-08 18:41 - 2013-08-23 15:00 - 00003619 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-12-08 17:02 - 2013-09-29 13:55 - 00000131 _____ C:\Windows\SysWOW64\REMOTEDEVICE.INI
2013-12-08 16:43 - 2013-12-08 16:34 - 00000000 ____D C:\Users\Lída\AppData\Local\Microsoft Games
2013-12-08 16:20 - 2013-12-06 17:57 - 00009846 _____ C:\Users\Lída\Desktop\Botanic.ods
2013-12-08 14:45 - 2013-08-23 09:22 - 00000000 ____D C:\Users\Lída\AppData\Local\VirtualStore
2013-12-06 22:35 - 2013-12-06 22:34 - 00275384 _____ C:\Windows\Minidump\120613-46909-01.dmp
2013-12-06 22:34 - 2013-12-06 22:34 - 469349430 _____ C:\Windows\MEMORY.DMP
2013-12-06 22:34 - 2013-12-06 22:34 - 00000000 ____D C:\Windows\Minidump
2013-12-06 09:09 - 2013-08-23 10:20 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-05 18:15 - 2013-08-23 10:14 - 00003944 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-05 18:14 - 2013-08-23 10:14 - 00003692 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-05 09:59 - 2013-12-05 09:59 - 00115200 _____ C:\Users\Lída\Downloads\obchodni-korporace-2101 (1).ppt
2013-12-04 13:11 - 2013-11-17 12:00 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-12-04 13:11 - 2013-08-26 12:00 - 00001397 _____ C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 13:11 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-04 13:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-04 07:41 - 2013-12-04 07:35 - 00009961 _____ C:\Windows\IE11_main.log
2013-12-04 07:36 - 2013-12-04 07:36 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-04 07:36 - 2013-12-04 07:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-04 07:36 - 2013-12-04 07:36 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-04 07:36 - 2013-12-04 07:36 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-04 07:36 - 2013-12-04 07:36 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-04 07:36 - 2013-12-04 07:36 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-04 07:36 - 2013-12-04 07:36 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-04 07:36 - 2013-12-04 07:36 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-04 07:36 - 2013-12-04 07:36 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-04 07:36 - 2013-12-04 07:36 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-04 07:36 - 2013-12-04 07:36 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-04 07:36 - 2013-12-04 07:36 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-04 07:36 - 2013-12-04 07:36 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-02 16:37 - 2013-12-02 16:24 - 00295424 _____ C:\Users\Lída\Downloads\obchodni-korporace-2101.ppt
2013-11-30 20:51 - 2013-09-14 20:06 - 00000000 ____D C:\Users\Lída\Documents\škola
2013-11-27 17:12 - 2013-11-27 17:11 - 03393763 _____ C:\Users\Lída\Downloads\fwbankovnictvvpoty2 (1).zip
2013-11-25 16:45 - 2013-11-25 11:37 - 00128512 _____ C:\Users\Lída\Downloads\PO-dle-obcan-zak-2094.ppt
2013-11-25 10:26 - 2009-07-14 16:36 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-11-23 19:30 - 2013-11-23 00:18 - 00012909 _____ C:\Users\Lída\Documents\.....odt
2013-11-23 16:57 - 2013-09-29 10:10 - 00011681 _____ C:\Users\Lída\Desktop\Oriflame.ods
2013-11-20 17:54 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-20 14:24 - 2013-11-20 14:24 - 00000000 ____D C:\Users\Lída\Desktop\Tiskárna
2013-11-17 17:28 - 2013-11-17 17:28 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-11-17 12:00 - 2013-11-17 12:00 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenu
2013-11-17 12:00 - 2013-11-17 11:46 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-17 11:54 - 2013-11-17 11:54 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-11-17 11:52 - 2013-11-17 11:52 - 00002354 _____ C:\Users\Public\Desktop\Canon MP250 series Příručka online.lnk
2013-11-17 11:52 - 2013-11-17 11:52 - 00000000 ____D C:\Program Files\Canon
2013-11-16 21:30 - 2013-11-16 20:32 - 00408576 _____ C:\Users\Lída\Downloads\Podnikani-ll-2058.ppt
2013-11-14 21:00 - 2013-08-25 22:02 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 20:59 - 2013-08-25 22:02 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 17:50

==================== End Of Log ============================

[vyosek]

Nyni sken dle tohoto http://forum.viry.cz/viewtopic.php?f=29&t=132523

[mishel]

Hotovo, LOG zde

Kód: Vybrat vše

HitmanPro 3.7.8.208
www.hitmanpro.com

   Computer name . . . . : HP4545S
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : HP4545s\Lída
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-12-11 23:25:49
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 37s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 4
   Traces  . . . . . . . : 6

   Objects scanned . . . : 1 632 616
   Files scanned . . . . : 20 386
   Remnants scanned  . . : 311 018 files / 1 301 212 keys

Malware _____________________________________________________________________

   C:\FRST\Quarantine\LocalhefrntJlww.exe -> Deleted
      Size . . . . . . . : 42 792 bytes
      Age  . . . . . . . : 0.2 days (2013-12-11 18:45:55)
      Entropy  . . . . . : 5.7
      SHA-256  . . . . . : 0AE57561CBF35D97BFF27810AEF5C7412EF5A8E43750BD537D010639444E491F
    > Bitdefender  . . . : Gen:Variant.Zusy.65659
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
          0.0s C:\FRST\Quarantine\LocalhefrntJlww.exe
          0.0s C:\FRST\Quarantine\LocalhefrntJlww.exe
          0.0s C:\FRST\Quarantine\LocalhefrntJlww.exe
          0.1s C:\Users\Lída\AppData\LocalTnwjnjwSAN.jpg

   C:\FRST\Quarantine\LocalwIiztYWbuJ.exe -> Deleted
      Size . . . . . . . : 29 696 bytes
      Age  . . . . . . . : 0.3 days (2013-12-11 16:37:35)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : BAB0EBF7ECE665F97C68679CE890D9D3563FFF16B1CCC0470B87012058B01BA4
    > Bitdefender  . . . : Gen:Variant.Barys.7801
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
      Fuzzy  . . . . . . : 108.0
      Forensic Cluster
          0.0s C:\FRST\Quarantine\LocalwIiztYWbuJ.exe
          0.1s C:\Users\Lída\AppData\LocalaxYiyFdjfK..jpg

   C:\FRST\Quarantine\maram‮gpj.Scr -> Quarantined
      Size . . . . . . . : 69 632 bytes
      Age  . . . . . . . : 0.2 days (2013-12-11 18:51:19)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 311C48D6769A6F84463B46ACEAAEF2A8271F286AE716B46E12F0623A2B580E82
      Description  . . . :  
      Version  . . . . . : 0.0.0.0
      Copyright  . . . . :  
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
      Fuzzy  . . . . . . : 129.0
      Forensic Cluster
          0.0s C:\FRST\Quarantine\maram‮gpj.Scr
          0.0s C:\FRST\Quarantine\maram‮gpj.Scr

   C:\Users\Lída\AppData\Roaming\Windows\Windows Update.exe -> Deleted
      Size . . . . . . . : 98 304 bytes
      Age  . . . . . . . : 1.2 days (2013-12-10 19:33:02)
      Entropy  . . . . . : 5.8
      SHA-256  . . . . . : 634A8303346CFCF1A6E46F58F3BC1F46B78E365217B3B5401F5C7250DECB7D27
      Description  . . . :  
      Version  . . . . . : 0.0.0.0
      Copyright  . . . . :  
    > Bitdefender  . . . : Gen:Heur.MSIL.Krypt.2
    > Kaspersky  . . . . : HEUR:Trojan.Win32.Generic
      Fuzzy  . . . . . . : 113.0
      Forensic Cluster
         -0.0s C:\Users\Lída\AppData\Roaming\Windows\
          0.0s C:\Users\Lída\AppData\Roaming\Windows\Windows Update.exe
          0.0s C:\Users\Lída\AppData\Roaming\Windows\Windows Update.exe
          1.0s C:\Qoobox\Quarantine\C\Users\Lída\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZRPaFQCKz95ZWs8sHxUSZ69Hbcd.exe.vir


Cookies _____________________________________________________________________

   C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Cookies\EQ73QRHJ.txt
   C:\Users\Lída\AppData\Roaming\Microsoft\Windows\Cookies\lída@adtech[1].txt

[vyosek]

Dobre rano,

poprosim o novy log z RSIT