mám pc po napadení virem který 2/3 souborů zakodoval a dal jim příponu encrypted. Současně požaduje zaplatit za to, že pošle dekodovací klíč. Vir přišel respektive byl aktivován 17.11.2014 kolem 14té hodiny - podvodné stránky české pošty a kamarádka zrovínka čekala balík
, tak ho aktivovala. Bylo jí ale divné, že to PC tak "pracuje", tak ho po chvíli vypnula. Eset při zapnutí ve 20:40 dal jeden soubor do karanteny a po aktualizace virové db a testu pc nic nenašel. Nejsem si jistý, zda je v pc vše OK, tak prosím touto cestou o pomoc či radu. Současně nevím, jestli je nějaká šance na získání klíče pro dekodování souborů jinak, než někomu poslat 10000,- (chějí 1 bitCoin). Udělal jsem logy rsit a frst, tak je mohu poslat obratem.Děkuji
Jaroslav Nedvěd
Logfile of random's system information tool 1.10 (written by random/random)
Run by Jiří Morysek at 2014-11-19 18:18:42
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 312 GB (65%) free of 477 GB
Total RAM: 3839 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:18:46, on 19.11.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\IRIS Desktop Search\IRISDesktopSearch.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1159615.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Jiří Morysek.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/?rlz=1W4CHBA_csCZ552
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
F3 - REG:win.ini: load=c:\users\jimory~1\dxscph.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: I.R.I.S. Desktop Search - {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - C:\Program Files (x86)\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll
O3 - Toolbar: vShare Toolbar - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [I.R.I.S. Desktop Search] "C:\Program Files (x86)\IRIS Desktop Search\IRISDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1159615.exe" -Update
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1968914764-1880111062-1386222938-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1968914764-1880111062-1386222938-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Přeložit - {230D1201-7607-4CF6-A11F-9E4BF0A333E0} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: (no name) - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra 'Tools' menuitem: Internetový překladač... - {2C73F784-D2DE-4422-B070-2E3332FE5744} - C:\Program Files (x86)\Verdict Free\etnxp.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12721 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
"C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\HPSIsvc.exe
"C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe" -service
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files (x86)\IRIS Desktop Search\IRISDesktopSearch.exe" /tray
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1159615.exe" -Update
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
"C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe"
"C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE"
"C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE" -Embedding
C:\Windows\splwow64.exe 8192
"C:\Program Files\Internet Explorer\iexplore.exe"
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:267521 /prefetch:2
"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"
"C:\Windows\System32\MsSpellCheckingFacility.exe" -Embedding
C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe -Embedding
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:3151333 /prefetch:2
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:1643821 /prefetch:2
taskeng.exe {880D91B1-5F8A-4AFC-BF93-6B6C519495C1}
TeamViewer.exe --HostService --sessionID 1
C:\Windows\System32\svchost.exe -k swprv
"C:\Program Files\Altap Salamander\salamand.exe"
"C:\Program Files\Altap Salamander\utils\salmon.exe" "SalmonDB7" "czech.slg"
taskeng.exe {B0BF8353-7964-444C-B634-07A4B36F5044}
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="5324.0.203500831\1571705729" --supports-dual-gpus=false --gpu-driver-bug-workarounds=1,16,44 --disable-accelerated-video-decode --gpu-vendor-id=0x10de --gpu-device-id=0x03d6 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.783 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Bootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Disable/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="5324.2.662183621\471083955" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="5324.5.845919638\1776048691" --ppapi-flash-args=enable_hw_video_decode=1 --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group3 pct:10c stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/Bootstrap/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Disable/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-accelerated-video-decode --channel="5324.6.148272764\1200690017" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe44_ Global\UsGthrCtrlFltPipeMssGthrPipe44 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Jiří Morysek\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job - C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe update all silent repair
C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\Windows\tasks\Norton Security Scan for Jiří Morysek.job - C:\PROGRA~2\NORTON~2\Engine\410~1.28\Nss.exe /scan-quick /scheduled
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-29 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14 2117216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}]
vShare Toolbar - C:\Program Files (x86)\vShare\vshare_toolbar.dll [2011-05-12 482360]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-29 194504]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Click to Call for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14 1709152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11 1154720]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-29 256456]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{577EBCA9-8ED3-45FC-A514-55B3817D4BCF} - I.R.I.S. Desktop Search - C:\Program Files (x86)\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll [2006-01-11 1385768]
{043C5167-00BB-4324-AF7E-62013FAEDACF} - vShare Toolbar - C:\Program Files (x86)\vShare\vshare_toolbar.dll [2011-05-12 482360]
{D4027C7F-154A-4066-A1AD-4243D8127440} -
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11 1431712]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-29 194504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP LaserJet M1522 MFP Series Fax"=C:\Program Files (x86)\HP\hp LaserJet M1522\hppfaxprintersrv.exe [2009-09-22 3700736]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-18 2919168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-12-23 39408]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"I.R.I.S. Desktop Search"=C:\Program Files (x86)\IRIS Desktop Search\IRISDesktopSearch.exe [2006-01-11 5193512]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1159615.exe [2010-10-22 467224]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-08-21 959176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [2007-08-31 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-08-27 22041192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25 256896]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2010-05-24 2439072]
"ToolBoxFX"=C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [2010-03-03 53248]
"PMBVolumeWatcher"=C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [2010-11-26 648032]
""= []
"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2014-11-19 18:18:42 ----D---- C:\rsit
2014-11-19 18:18:42 ----D---- C:\Program Files\trend micro
2014-11-19 18:12:07 ----D---- C:\FRST
2014-11-19 08:42:48 ----D---- C:\Program Files\Altap Salamander
2014-11-18 22:39:55 ----D---- C:\zaloha
2014-11-18 16:57:48 ----A---- C:\Windows\ntbtlog.txt
2014-11-17 13:26:32 ----D---- C:\ProgramData\ilydiroxygajowok
2014-11-12 10:45:12 ----A---- C:\Windows\system32\generaltel.dll
2014-11-12 10:45:11 ----A---- C:\Windows\system32\aepdu.dll
2014-11-12 10:45:11 ----A---- C:\Windows\system32\aeinv.dll
2014-11-12 10:44:46 ----A---- C:\Windows\system32\termsrv.dll
2014-11-12 10:44:45 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2014-11-12 10:44:45 ----A---- C:\Windows\system32\lsasrv.dll
2014-11-12 10:44:45 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-11-12 10:44:45 ----A---- C:\Windows\system32\adtschema.dll
2014-11-12 10:44:44 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2014-11-12 10:44:44 ----A---- C:\Windows\SYSWOW64\secur32.dll
2014-11-12 10:44:44 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2014-11-12 10:44:44 ----A---- C:\Windows\system32\msaudite.dll
2014-11-12 10:44:24 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-11-12 10:44:24 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-11-12 10:44:24 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-11-12 10:44:24 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-11-12 10:44:24 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-11-12 10:44:24 ----A---- C:\Windows\system32\ie4uinit.exe
2014-11-12 10:44:23 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-11-12 10:44:23 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-11-12 10:44:23 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-12 10:44:23 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-11-12 10:44:23 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-11-12 10:44:23 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 10:44:23 ----A---- C:\Windows\system32\iernonce.dll
2014-11-12 10:44:22 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-11-12 10:44:21 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-11-12 10:44:21 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-11-12 10:44:21 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-11-12 10:44:21 ----A---- C:\Windows\system32\urlmon.dll
2014-11-12 10:44:21 ----A---- C:\Windows\system32\iedkcs32.dll
2014-11-12 10:44:20 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-11-12 10:44:20 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-11-12 10:44:20 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-11-12 10:44:20 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-11-12 10:44:20 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-11-12 10:44:20 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 10:44:20 ----A---- C:\Windows\system32\msfeeds.dll
2014-11-12 10:44:20 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 10:44:20 ----A---- C:\Windows\system32\dxtrans.dll
2014-11-12 10:44:19 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-11-12 10:44:19 ----A---- C:\Windows\system32\iesetup.dll
2014-11-12 10:44:19 ----A---- C:\Windows\system32\ieapfltr.dll
2014-11-12 10:44:18 ----A---- C:\Windows\system32\iertutil.dll
2014-11-12 10:44:17 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-11-12 10:44:17 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-11-12 10:44:17 ----A---- C:\Windows\SYSWOW64\mshtmlmedia.dll
2014-11-12 10:44:17 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-11-12 10:44:17 ----A---- C:\Windows\system32\jsproxy.dll
2014-11-12 10:44:17 ----A---- C:\Windows\system32\ieUnatt.exe
2014-11-12 10:44:16 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-11-12 10:44:16 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-11-12 10:44:16 ----A---- C:\Windows\system32\ieui.dll
2014-11-12 10:44:16 ----A---- C:\Windows\system32\dxtmsft.dll
2014-11-12 10:44:15 ----A---- C:\Windows\system32\mshtmlmedia.dll
2014-11-12 10:44:15 ----A---- C:\Windows\system32\mshtmled.dll
2014-11-12 10:44:15 ----A---- C:\Windows\system32\jscript9diag.dll
2014-11-12 10:44:15 ----A---- C:\Windows\system32\ieframe.dll
2014-11-12 10:44:14 ----A---- C:\Windows\system32\wininet.dll
2014-11-12 10:44:14 ----A---- C:\Windows\system32\vbscript.dll
2014-11-12 10:44:14 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-11-12 10:44:14 ----A---- C:\Windows\system32\jscript9.dll
2014-11-12 10:44:13 ----A---- C:\Windows\system32\msrating.dll
2014-11-12 10:44:12 ----A---- C:\Windows\system32\mshtml.dll
2014-11-12 10:42:49 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2014-11-12 10:42:49 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-11-12 10:42:49 ----A---- C:\Windows\system32\msxml3r.dll
2014-11-12 10:42:49 ----A---- C:\Windows\system32\msxml3.dll
2014-11-12 10:42:21 ----A---- C:\Windows\SYSWOW64\IMJP10K.DLL
2014-11-12 10:42:21 ----A---- C:\Windows\system32\IMJP10K.DLL
2014-11-12 10:41:53 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-11-12 10:41:53 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-11-12 10:41:52 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-11-12 10:41:52 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-11-12 10:41:52 ----A---- C:\Windows\system32\EncDump.dll
2014-11-12 10:41:52 ----A---- C:\Windows\system32\audiosrv.dll
2014-11-12 10:41:52 ----A---- C:\Windows\system32\AudioSes.dll
2014-11-12 10:41:52 ----A---- C:\Windows\system32\AudioEng.dll
2014-11-12 10:41:30 ----A---- C:\Windows\system32\schannel.dll
2014-11-12 10:41:30 ----A---- C:\Windows\system32\ncrypt.dll
2014-11-12 10:41:29 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-11-12 10:41:29 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2014-11-12 10:41:29 ----A---- C:\Windows\SYSWOW64\msv1_0.dll
2014-11-12 10:41:29 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-11-12 10:41:29 ----A---- C:\Windows\system32\wdigest.dll
2014-11-12 10:41:29 ----A---- C:\Windows\system32\msv1_0.dll
2014-11-12 10:41:29 ----A---- C:\Windows\system32\kerberos.dll
2014-11-12 10:41:28 ----A---- C:\Windows\SYSWOW64\wdigest.dll
2014-11-12 10:41:28 ----A---- C:\Windows\SYSWOW64\TSpkg.dll
2014-11-12 10:41:28 ----A---- C:\Windows\system32\TSpkg.dll
2014-11-12 10:41:28 ----A---- C:\Windows\system32\credssp.dll
2014-11-12 10:41:27 ----A---- C:\Windows\SYSWOW64\credssp.dll
2014-11-12 10:40:27 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-11-12 10:40:27 ----A---- C:\Windows\system32\packager.dll
2014-11-12 10:39:59 ----A---- C:\Windows\system32\win32k.sys
2014-11-12 10:39:34 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-11-12 10:39:34 ----A---- C:\Windows\system32\msi.dll
2014-11-12 10:39:03 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2014-11-12 10:39:03 ----A---- C:\Windows\system32\oleaut32.dll
======List of files/folders modified in the last 1 month======
2014-11-19 18:18:47 ----D---- C:\Windows\Prefetch
2014-11-19 18:18:44 ----D---- C:\Windows\Temp
2014-11-19 18:18:42 ----RD---- C:\Program Files
2014-11-19 18:14:21 ----D---- C:\Windows
2014-11-19 18:08:03 ----D---- C:\Users\Jiří Morysek\AppData\Roaming\Skype
2014-11-19 17:26:20 ----D---- C:\Aplikace MB
2014-11-19 13:23:00 ----D---- C:\Windows\system32\config
2014-11-19 13:12:46 ----D---- C:\Windows\winsxs
2014-11-19 13:07:55 ----D---- C:\Windows\Tasks
2014-11-18 23:17:21 ----D---- C:\Windows\System32
2014-11-18 23:17:21 ----D---- C:\Windows\inf
2014-11-18 23:17:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-11-18 17:22:30 ----SHD---- C:\System Volume Information
2014-11-17 14:00:23 ----D---- C:\totalcmd
2014-11-17 13:32:23 ----D---- C:\M1522_Full_Solution_Win7_4_3_EMEA2
2014-11-17 13:26:32 ----HD---- C:\ProgramData
2014-11-15 14:28:50 ----D---- C:\Windows\system32\NDF
2014-11-13 20:42:53 ----D---- C:\Windows\Minidump
2014-11-13 20:42:53 ----D---- C:\Windows\debug
2014-11-13 15:57:15 ----D---- C:\Windows\rescache
2014-11-13 09:16:38 ----D---- C:\Windows\Microsoft.NET
2014-11-13 09:16:16 ----RSD---- C:\Windows\assembly
2014-11-13 09:09:13 ----D---- C:\Windows\system32\Tasks
2014-11-13 09:06:43 ----SD---- C:\Windows\system32\CompatTel
2014-11-13 09:06:42 ----D---- C:\Windows\SYSWOW64\cs-CZ
2014-11-13 09:06:42 ----D---- C:\Windows\SysWOW64
2014-11-13 09:06:42 ----D---- C:\Windows\system32\drivers
2014-11-13 09:06:42 ----D---- C:\Windows\system32\cs-CZ
2014-11-13 09:06:42 ----D---- C:\Program Files\Internet Explorer
2014-11-13 09:06:41 ----D---- C:\Windows\SYSWOW64\en-US
2014-11-13 09:06:41 ----D---- C:\Windows\system32\en-US
2014-11-13 09:06:41 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-13 08:50:30 ----SHD---- C:\Windows\Installer
2014-11-13 08:50:29 ----HD---- C:\Config.Msi
2014-11-13 08:48:29 ----D---- C:\Windows\system32\MRT
2014-11-13 08:41:16 ----A---- C:\Windows\system32\MRT.exe
2014-11-12 20:12:10 ----RD---- C:\Program Files (x86)
2014-11-12 10:38:20 ----D---- C:\Windows\system32\catroot2
2014-11-11 22:20:38 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-11-04 14:30:58 ----N---- C:\Windows\system32\MpSigStub.exe
2014-11-01 11:12:04 ----D---- C:\Program Files (x86)\Ask.com
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-11-22 69152]
R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys [2010-04-08 244328]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2014-09-11 487216]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 141264]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-09-03 170104]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 126320]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-05-10 17152]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 mvusbews;USB EWS Device; C:\Windows\System32\Drivers\mvusbews.sys [2012-12-24 20480]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6264.sys [2010-03-04 349416]
R3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 42496]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2010-05-15 1327520]
S0 PxHelp20;PxHelp20; C:\Windows\system32\Drivers\PxHelp20.sys []
S3 HPEWSFXBULK;HPEWSFXBULK; C:\Windows\system32\drivers\hpfx64bulk.sys [2009-02-25 20504]
S3 HPFXBULK;HPFXBULK; C:\Windows\system32\drivers\hpfx64bulk.sys [2009-02-25 20504]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2014-09-12 64704]
R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-18 810144]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2010-01-21 496232]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 HPSIService;HP SI Service; C:\Windows\system32\HPSIsvc.exe [2012-11-08 126856]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2012-09-21 1737728]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2010-01-21 209000]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-01-31 878368]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-02-19 1259296]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R2 TeamViewer5;TeamViewer 5; C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [2014-03-11 247968]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [2014-03-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S2 HP LaserJet Service;HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-03-03 136192]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11 267440]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-18 42360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20 107912]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-16 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-11-06 114688]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-12-18 1255736]
S4 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
-----------------EOF-----------------
ať už autor viru nebo léčitel nechá zaplatit.
Přispějete na provoz fóra?