VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

PolicieČR

https://forum.viry.cz:443/viewtopic.php?t=130465

Stránka 1 z 1

PolicieČR

Napsal: 25 kvě 2013 11:37
od domor
Dobrý den,objevil se mi na PC vir Policie ČR. S PC nejde pracovat, okamžitě po spuštění naskočí obrazovka Policie ČR...
Díky za pomoc!

Re: PolicieČR

Napsal: 25 kvě 2013 12:44
od domor
Rád dodám informace, ale nevím jaký...

OS Win 7. Při nabíhání do nouzového režimu se PC hned vypne...

Díky

Re: PolicieČR

Napsal: 25 kvě 2013 18:31
od domor
Tak po stisku F8 mam moznosti:

Nouzovy rezim
Povolit protokolovani spusteni
Spustit s nizkym rozlisenim
Posledni znama funkcni konfigurace
Rezim obnoveni adresarovych sluzeb
Rezim ladeni
Zakazat automaticke restart pri selhani syst
Zakazat vynuceni podpisu ovladace
Spustit obvyklym zpusobem

Volbu Opravit tento pocitac (dle navodu) nevidim, tak nevim...

Re: PolicieČR

Napsal: 28 kvě 2013 21:40
od domor
Scan FRST.exe. Díky!


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-05-2013 01
Ran by SYSTEM on 28-05-2013 22:36:05
Running from H:\
Windows 7 Ultimate (X86) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet003
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe [724352 2011-10-21] (FileOpen Systems Inc.)
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1316136 2008-06-20] (Synaptics, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [x]
HKU\Kaška\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [ 2011-08-02] (DT Soft Ltd)
HKU\Kaška\...\Run: [ICQ] "C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4 [ 2011-10-10] (ICQ, LLC.)
HKU\Kaška\...\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun [ 2013-02-28] (Skype Technologies S.A.)
HKU\Kaška\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Kaška\Documents\5e687118.exe [ 2013-05-25] (Adobe Systems Incorporated)
HKU\Kaška\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
Startup: C:\ProgramData\Start Menu\Programs\Startup\Snagit 10.lnk
ShortcutTarget: Snagit 10.lnk -> C:\Program Files\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Kaška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

========================== Services (Whitelisted) =================

S2 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2012-03-23] (Flexera Software, Inc.)
S2 hasplms; C:\Windows\system32\hasplms.exe [4180576 2010-09-27] (SafeNet Inc.)
S2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)

==================== Drivers (Whitelisted) ====================

S2 aksfridge; C:\Windows\System32\DRIVERS\aksfridge.sys [356864 2010-09-27] (SafeNet Inc.)
S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [238208 2010-09-27] (Aladdin Knowledge Systems Ltd.)
S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [46336 2010-09-27] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [16384 2010-09-27] (Aladdin Knowledge Systems Ltd.)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [232512 2011-10-26] (DT Soft Ltd)
S2 Hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2010-09-27] (SafeNet Inc.)
S2 Haspnt; C:\Windows\system32\drivers\Haspnt.sys [47616 2011-11-04] (Aladdin Knowledge Systems)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-28 22:35 - 2013-05-28 22:35 - 00000000 ____D C:\FRST
2013-05-26 18:37 - 2013-05-26 18:37 - 00131072 ____N C:\Windows\Minidump\052613-22885-01.dmp
2013-05-25 18:04 - 2013-05-25 18:04 - 00131072 ____N C:\Windows\Minidump\052513-88078-01.dmp
2013-05-25 17:59 - 2013-05-25 17:59 - 00131072 ____N C:\Windows\Minidump\052513-81806-01.dmp
2013-05-25 12:37 - 2013-05-25 12:37 - 00131072 ____N C:\Windows\Minidump\052513-35646-01.dmp
2013-05-25 12:21 - 2013-05-25 12:21 - 00131072 ____N C:\Windows\Minidump\052513-28048-01.dmp
2013-05-25 09:38 - 2013-05-25 09:38 - 00159744 ____A C:\Users\Kaška\8354134.dll
2013-05-25 09:35 - 2013-05-25 09:35 - 01029432 ____A C:\ProgramData\2433f433
2013-05-25 09:35 - 2013-05-25 09:35 - 01029389 ____A C:\Users\Kaška\AppData\Local\2433f433
2013-05-25 09:35 - 2013-05-25 09:35 - 01029383 ____A C:\Users\Kaška\AppData\Roaming\2433f433
2013-05-25 09:34 - 2013-05-25 09:34 - 00038400 ____A (Adobe Systems Incorporated) C:\Users\Kaška\Documents\5e687118.exe
2013-05-25 09:34 - 2013-05-25 09:34 - 00038400 ____A (Adobe Systems Incorporated) C:\Users\Kaška\Documents\5e687118.dll
2013-05-23 19:58 - 2013-05-23 20:09 - 733073408 ____A C:\Users\Kaška\Downloads\Tajemstvi - The Secret (2006) CZ.avi
2013-05-23 08:45 - 2013-05-23 08:45 - 00131072 ____N C:\Windows\Minidump\052313-26410-01.dmp
2013-05-23 01:11 - 2013-05-23 01:11 - 00828407 ____A C:\Users\Kaška\Desktop\situace - Standard.zip
2013-05-22 21:35 - 2013-05-23 01:11 - 00000000 ____D C:\Users\Kaška\Desktop\konečná verze
2013-05-22 07:00 - 2013-05-22 07:00 - 00131072 ____N C:\Windows\Minidump\052213-29140-01.dmp
2013-05-21 21:21 - 2013-05-21 21:21 - 329756672 ____A C:\Users\Kaška\Desktop\Popelka-Walt-Disney-cz.avi.aeiv72x.partial
2013-05-21 12:37 - 2013-05-21 21:23 - 472959864 ____A C:\Users\Kaška\Desktop\Medvedi-Bratri-2-Cz..avi
2013-05-21 11:16 - 2013-05-21 11:56 - 370975656 ____A C:\Users\Kaška\Desktop\Lvi-kral-1.avi
2013-05-21 05:54 - 2013-05-21 05:54 - 00131072 ____N C:\Windows\Minidump\052113-32807-01.dmp
2013-05-19 07:27 - 2013-05-19 07:27 - 00131072 ____N C:\Windows\Minidump\051913-84942-01.dmp
2013-05-18 21:36 - 2013-04-05 06:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-18 21:36 - 2013-04-05 06:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-18 21:36 - 2013-04-05 06:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-18 21:36 - 2013-04-05 06:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-18 21:36 - 2013-04-05 06:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-18 21:36 - 2013-04-05 06:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-18 21:36 - 2013-04-05 06:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-18 21:36 - 2013-04-05 06:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-18 21:36 - 2013-04-05 06:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-18 21:36 - 2013-04-05 06:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-18 21:36 - 2013-04-05 06:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-18 21:36 - 2013-04-05 06:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-18 21:36 - 2013-04-05 06:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-18 21:36 - 2013-04-05 06:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-18 21:36 - 2013-04-05 05:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-18 21:36 - 2013-04-05 04:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-17 21:24 - 2013-05-17 21:24 - 00131072 ____N C:\Windows\Minidump\051713-31995-01.dmp
2013-05-17 13:14 - 2013-04-10 06:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-17 13:14 - 2013-04-10 06:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-17 13:14 - 2013-04-10 04:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-17 13:14 - 2013-03-19 05:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-17 13:14 - 2013-03-19 04:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-17 13:14 - 2013-02-27 06:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-17 13:14 - 2013-02-27 05:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-17 13:14 - 2013-02-27 05:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-17 13:14 - 2013-02-27 05:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-17 13:14 - 2013-02-27 05:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-14 21:31 - 2013-05-14 21:31 - 00001814 ____A C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-05-14 21:31 - 2013-05-14 21:31 - 00000000 ____D C:\Program Files\PDF24
2013-05-08 06:13 - 2013-05-08 06:13 - 00000000 ____D C:\Users\Kaška\Desktop\1-5000 konečná odevzdaná verze
2013-05-08 06:13 - 2013-04-11 06:58 - 00646550 ____A C:\Users\Kaška\Desktop\1-5000.dwg
2013-05-08 05:50 - 2013-05-09 20:55 - 00000000 ____D C:\Users\Kaška\Desktop\sjezdy
2013-05-07 20:37 - 2013-05-07 20:37 - 00000218 ____A C:\Users\Kaška\AppData\Local\recently-used.xbel
2013-05-02 21:38 - 2013-04-19 09:23 - 00906912 ____A C:\Users\Kaška\Desktop\situace.dwg
2013-05-02 21:36 - 2013-03-06 16:10 - 00713012 ____A C:\Users\Kaška\Desktop\Situace var DZ.dwg
2013-05-02 21:33 - 2013-05-02 21:34 - 50174791 ____A C:\Users\Kaška\Downloads\12-25 II-160 Krumlov.zip
2013-05-01 15:12 - 2013-05-01 15:18 - 00000000 ____D C:\Users\Kaška\Desktop\12-25 II-160 Krumlov

==================== One Month Modified Files and Folders ========

2013-05-28 22:35 - 2013-05-28 22:35 - 00000000 ____D C:\FRST
2013-05-28 21:20 - 2012-04-19 22:31 - 00000934 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-28 21:20 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-28 21:20 - 2009-07-14 05:39 - 00103003 ____A C:\Windows\setupact.log
2013-05-26 18:37 - 2013-05-26 18:37 - 00131072 ____N C:\Windows\Minidump\052613-22885-01.dmp
2013-05-26 18:37 - 2011-11-07 18:10 - 00000000 ____D C:\Windows\Minidump
2013-05-25 18:04 - 2013-05-25 18:04 - 00131072 ____N C:\Windows\Minidump\052513-88078-01.dmp
2013-05-25 17:59 - 2013-05-25 17:59 - 00131072 ____N C:\Windows\Minidump\052513-81806-01.dmp
2013-05-25 12:37 - 2013-05-25 12:37 - 00131072 ____N C:\Windows\Minidump\052513-35646-01.dmp
2013-05-25 12:30 - 2009-07-14 05:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-25 12:30 - 2009-07-14 05:34 - 00014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-25 12:21 - 2013-05-25 12:21 - 00131072 ____N C:\Windows\Minidump\052513-28048-01.dmp
2013-05-25 10:01 - 2011-10-26 08:20 - 01203791 ____A C:\Windows\WindowsUpdate.log
2013-05-25 09:44 - 2012-01-26 19:09 - 00000000 ___RD C:\Program Files\Skype
2013-05-25 09:38 - 2013-05-25 09:38 - 00159744 ____A C:\Users\Kaška\8354134.dll
2013-05-25 09:38 - 2011-10-26 08:27 - 00000000 ____D C:\users\Kaška
2013-05-25 09:35 - 2013-05-25 09:35 - 01029432 ____A C:\ProgramData\2433f433
2013-05-25 09:35 - 2013-05-25 09:35 - 01029389 ____A C:\Users\Kaška\AppData\Local\2433f433
2013-05-25 09:35 - 2013-05-25 09:35 - 01029383 ____A C:\Users\Kaška\AppData\Roaming\2433f433
2013-05-25 09:34 - 2013-05-25 09:34 - 00038400 ____A (Adobe Systems Incorporated) C:\Users\Kaška\Documents\5e687118.exe
2013-05-25 09:34 - 2013-05-25 09:34 - 00038400 ____A (Adobe Systems Incorporated) C:\Users\Kaška\Documents\5e687118.dll
2013-05-25 09:33 - 2012-01-26 19:09 - 00000000 ____D C:\Users\Kaška\AppData\Roaming\Skype
2013-05-25 09:20 - 2012-08-17 13:09 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-25 08:43 - 2012-04-19 22:31 - 00000938 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-23 20:09 - 2013-05-23 19:58 - 733073408 ____A C:\Users\Kaška\Downloads\Tajemstvi - The Secret (2006) CZ.avi
2013-05-23 08:45 - 2013-05-23 08:45 - 00131072 ____N C:\Windows\Minidump\052313-26410-01.dmp
2013-05-23 01:11 - 2013-05-23 01:11 - 00828407 ____A C:\Users\Kaška\Desktop\situace - Standard.zip
2013-05-23 01:11 - 2013-05-22 21:35 - 00000000 ____D C:\Users\Kaška\Desktop\konečná verze
2013-05-22 09:07 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-05-22 07:00 - 2013-05-22 07:00 - 00131072 ____N C:\Windows\Minidump\052213-29140-01.dmp
2013-05-21 21:23 - 2013-05-21 12:37 - 472959864 ____A C:\Users\Kaška\Desktop\Medvedi-Bratri-2-Cz..avi
2013-05-21 21:21 - 2013-05-21 21:21 - 329756672 ____A C:\Users\Kaška\Desktop\Popelka-Walt-Disney-cz.avi.aeiv72x.partial
2013-05-21 11:56 - 2013-05-21 11:16 - 370975656 ____A C:\Users\Kaška\Desktop\Lvi-kral-1.avi
2013-05-21 05:54 - 2013-05-21 05:54 - 00131072 ____N C:\Windows\Minidump\052113-32807-01.dmp
2013-05-19 22:59 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-19 07:27 - 2013-05-19 07:27 - 00131072 ____N C:\Windows\Minidump\051913-84942-01.dmp
2013-05-19 07:23 - 2011-11-04 21:51 - 00000000 ____D C:\Users\Kaška\AppData\Roaming\ICQ
2013-05-19 07:20 - 2009-07-14 05:33 - 00484864 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-18 21:39 - 2012-03-22 13:24 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-18 21:33 - 2011-10-26 08:32 - 01597052 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-18 21:28 - 2011-10-30 16:10 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-17 21:24 - 2013-05-17 21:24 - 00131072 ____N C:\Windows\Minidump\051713-31995-01.dmp
2013-05-14 21:31 - 2013-05-14 21:31 - 00001814 ____A C:\Users\Public\Desktop\PDF24 Editor.lnk
2013-05-14 21:31 - 2013-05-14 21:31 - 00000000 ____D C:\Program Files\PDF24
2013-05-14 21:20 - 2012-06-24 23:18 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-14 21:20 - 2011-10-26 17:20 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-12 21:11 - 2011-11-01 18:11 - 00141296 ____A C:\Users\Kaška\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-11 23:29 - 2012-03-21 09:35 - 00000000 ____D C:\Program Files\TeamViewer
2013-05-09 20:55 - 2013-05-08 05:50 - 00000000 ____D C:\Users\Kaška\Desktop\sjezdy
2013-05-08 06:13 - 2013-05-08 06:13 - 00000000 ____D C:\Users\Kaška\Desktop\1-5000 konečná odevzdaná verze
2013-05-07 20:37 - 2013-05-07 20:37 - 00000218 ____A C:\Users\Kaška\AppData\Local\recently-used.xbel
2013-05-07 20:37 - 2013-04-11 19:51 - 00000000 ____D C:\Users\Kaška\AppData\Roaming\BitLord
2013-05-02 21:34 - 2013-05-02 21:33 - 50174791 ____A C:\Users\Kaška\Downloads\12-25 II-160 Krumlov.zip
2013-05-02 01:06 - 2011-10-26 16:35 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 15:18 - 2013-05-01 15:12 - 00000000 ____D C:\Users\Kaška\Desktop\12-25 II-160 Krumlov

Other Malware:
===========
C:\Users\Kaška\8354134.dll

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-25 08:09:21

==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 4094.05 MB
Available physical RAM: 3555.68 MB
Total Pagefile: 4092.32 MB
Available Pagefile: 3566.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1935.23 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:96.95 GB) (Free:15.87 GB) NTFS
Drive d: () (Fixed) (Total:87.79 GB) (Free:32.37 GB) NTFS
Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS
Drive g: (GRMC(X)FREOEM_CS_DVD) (CDROM) (Total:3.71 GB) (Free:0 GB) UDF
Drive h: (KINGSTON) (Removable) (Total:1.86 GB) (Free:0.6 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: E43B3866)
Partition 1: (Not Active) - (Size=1 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=88 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=97 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 2 GB) (Disk ID: B9B6A68B)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


Last Boot: 2013-05-18 23:00

==================== End Of Log ============================

Re: PolicieČR

Napsal: 29 kvě 2013 19:00
od domor
Tak se zadařilo. Super!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-05-2013 01
Ran by SYSTEM at 2013-05-29 19:51:42 Run:1
Running from H:\
Boot Mode: Recovery

==============================================

HKEY_USERS\Kaška\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKEY_USERS\Kaška\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\Kaška\8354134.dll => Moved successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Kaška\AppData\Local\2433f433 => Moved successfully.
C:\Users\Kaška\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Kaška\Documents\5e687118.exe => Moved successfully.
C:\Users\Kaška\Documents\5e687118.dll => Moved successfully.

==== End of Fixlog ====

Re: PolicieČR

Napsal: 29 kvě 2013 19:09
od domor
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kaška at 2013-05-29 20:01:08
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 16 GB (16%) free of 99 GB
Total RAM: 3310 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:01:16, on 29.5.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WerFault.exe
C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PDF24\pdf24.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ICQ7.6\ICQ.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kaška\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJ6ZBFQI\RSIT.exe
C:\Program Files\trend micro\Kaška.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker32.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.6\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Snagit 10.lnk = C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.oracle.com/update/1.6 ... s-i586.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FileOpen Manager Service (FileOpenManagerSvc) - FileOpen Systems Inc. - C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - SafeNet Inc. - C:\Windows\system32\hasplms.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

--
End of file - 8135 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13 63304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14 4531320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2013-04-21 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13 206152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"FileOpenBroker"=C:\Program Files\FileOpen\Services\FileOpenBroker32.exe [2011-10-21 724352]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-06-20 1316136]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"PDFPrint"=C:\Program Files\PDF24\pdf24.exe [2013-03-20 162856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]
"ICQ"=C:\Program Files\ICQ7.6\ICQ.exe [2011-10-10 127040]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-02-28 18642024]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snagit 10.lnk - C:\Program Files\TechSmith\Snagit 10\Snagit32.exe

C:\Users\Kaška\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-05-29 20:01:08 ----D---- C:\rsit
2013-05-29 20:01:08 ----D---- C:\Program Files\trend micro
2013-05-28 23:35:55 ----D---- C:\FRST
2013-05-25 13:12:05 ----A---- C:\Windows\ntbtlog.txt
2013-05-18 22:36:26 ----A---- C:\Windows\system32\jscript.dll
2013-05-18 22:36:25 ----A---- C:\Windows\system32\jscript9.dll
2013-05-18 22:36:24 ----A---- C:\Windows\system32\jsproxy.dll
2013-05-18 22:36:24 ----A---- C:\Windows\system32\iesetup.dll
2013-05-18 22:36:22 ----A---- C:\Windows\system32\ieui.dll
2013-05-18 22:36:21 ----A---- C:\Windows\system32\urlmon.dll
2013-05-18 22:36:21 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-05-18 22:36:21 ----A---- C:\Windows\system32\msfeeds.dll
2013-05-18 22:36:21 ----A---- C:\Windows\system32\iesysprep.dll
2013-05-18 22:36:21 ----A---- C:\Windows\system32\iernonce.dll
2013-05-18 22:36:21 ----A---- C:\Windows\system32\ie4uinit.exe
2013-05-18 22:36:20 ----A---- C:\Windows\system32\iertutil.dll
2013-05-18 22:36:18 ----A---- C:\Windows\system32\wininet.dll
2013-05-18 22:36:17 ----A---- C:\Windows\system32\ieframe.dll
2013-05-18 22:36:14 ----A---- C:\Windows\system32\mshtml.dll
2013-05-17 14:14:44 ----A---- C:\Windows\system32\win32k.sys
2013-05-17 14:14:40 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-17 14:14:39 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-17 14:14:37 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-17 14:14:37 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-17 14:14:10 ----A---- C:\Windows\system32\shell32.dll
2013-05-17 14:14:09 ----A---- C:\Windows\system32\consent.exe
2013-05-17 14:14:09 ----A---- C:\Windows\system32\authui.dll
2013-05-17 14:14:08 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-17 14:14:08 ----A---- C:\Windows\system32\appinfo.dll
2013-05-14 22:31:22 ----D---- C:\Program Files\PDF24

======List of files/folders modified in the last 1 month======

2013-05-29 20:51:44 ----HD---- C:\ProgramData
2013-05-29 20:01:15 ----D---- C:\Windows\Temp
2013-05-29 20:01:08 ----RD---- C:\Program Files
2013-05-29 20:00:45 ----D---- C:\Windows\System32
2013-05-29 20:00:45 ----D---- C:\Windows\inf
2013-05-29 20:00:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-29 19:58:24 ----D---- C:\Users\Kaška\AppData\Roaming\Skype
2013-05-26 19:37:35 ----D---- C:\Windows\Minidump
2013-05-26 19:37:35 ----D---- C:\Windows
2013-05-25 13:27:00 ----D---- C:\Windows\system32\config
2013-05-25 10:46:03 ----D---- C:\Windows\Prefetch
2013-05-25 10:44:27 ----SHD---- C:\Windows\Installer
2013-05-25 10:44:25 ----RD---- C:\Program Files\Skype
2013-05-25 09:09:21 ----SHD---- C:\System Volume Information
2013-05-22 10:07:44 ----D---- C:\Windows\rescache
2013-05-19 23:59:43 ----D---- C:\Windows\Microsoft.NET
2013-05-19 23:58:58 ----RSD---- C:\Windows\assembly
2013-05-19 08:23:20 ----D---- C:\Users\Kaška\AppData\Roaming\ICQ
2013-05-19 08:22:04 ----D---- C:\Windows\winsxs
2013-05-19 00:31:48 ----D---- C:\Program Files\Internet Explorer
2013-05-19 00:31:47 ----D---- C:\Windows\system32\drivers
2013-05-19 00:31:47 ----D---- C:\Windows\system32\cs-CZ
2013-05-19 00:31:47 ----D---- C:\Windows\AppPatch
2013-05-18 22:39:00 ----D---- C:\ProgramData\Microsoft Help
2013-05-18 22:37:01 ----D---- C:\Windows\system32\catroot
2013-05-18 22:36:59 ----D---- C:\Windows\system32\catroot2
2013-05-18 22:28:27 ----A---- C:\Windows\system32\MRT.exe
2013-05-14 22:20:23 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-05-12 00:30:00 ----RSD---- C:\Windows\Fonts
2013-05-12 00:29:45 ----D---- C:\Program Files\TeamViewer
2013-05-12 00:29:43 ----D---- C:\Windows\system32\Tasks
2013-05-07 21:37:12 ----D---- C:\Users\Kaška\AppData\Roaming\BitLord
2013-05-07 21:35:51 ----A---- C:\Users\Kaška\AppData\Roaming\bitlord_log.txt
2013-05-02 02:06:08 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\system32\DRIVERS\TVALZ_O.SYS [2007-11-09 23640]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-26 232512]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aksfridge;Sentinel HASP Fridge; C:\Windows\system32\DRIVERS\aksfridge.sys [2010-09-27 356864]
R2 Haspnt;Haspnt; \??\C:\Windows\system32\drivers\Haspnt.sys [2011-11-04 47616]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-14 1035776]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-21 1218048]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-18 4994560]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 84992]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-06-20 200112]
S2 Hardlock;hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2010-09-27 588800]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 akshasp;SafeNet Inc. HASP Key; C:\Windows\system32\DRIVERS\akshasp.sys [2010-09-27 238208]
S3 akshhl;SafeNet Inc. Sentinel HASP Key; C:\Windows\system32\DRIVERS\akshhl.sys [2010-09-27 46336]
S3 aksusb;SafeNet Inc. USB Key; C:\Windows\system32\DRIVERS\aksusb.sys [2010-09-27 16384]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;Filtr SIS sběrnice AGP; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;Filtr VIA sběrnice AGP; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-18 176128]
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FileOpenManagerSvc;FileOpen Manager Service; C:\Program Files\FileOpen\Services\FileOpenManagerSvc32.exe [2011-10-21 213376]
R2 hasplms;HASP License Manager; C:\Windows\system32\hasplms.exe [2010-09-27 4180576]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2013-04-23 3574624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-19 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2011-11-01 85096]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-03-23 1044816]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-19 136176]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-29 1343400]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz