VIRY.CZ

Zdravím, prosím Vás, o pomoc. Do mého notebooku se mi dostal nějaký vir nebo havěť. Nelze plně pracovat na pc. Vir mi zablokoval administrátorský účet a nejde v něm dále pracovat. Musím se přihlašovat přes druhý účet, který je také administrátorský. Na jiném účtu jde pracovat, ale první účet nelze odpojit. Předem děkuji za pomoc.


log: Logfile of random's system information tool 1.09 (written by random/random)
Run by Ivana at 2013-07-02 08:06:17
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 179 GB (41%) free of 432 GB
Total RAM: 4091 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:06:22, on 2.7.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16611)
Boot mode: Normal

Running processes:
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Ivana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivana\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ivana\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Ivana.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={2CC2E2DA-E ... 2012-12-18 19:35:56&v=13.2.0.4&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ivana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1446954214-2930582283-825936318-1003\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Admin')
O4 - HKUS\S-1-5-21-1446954214-2930582283-825936318-1003\..\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\lf48.dat,XFG00 (User 'Admin')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRA~2\STARDO~1\sdie.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Odeslat obrázek do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat stránku do zařízení &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe
O23 - Service: McNeel Update Service 5.0 (McNeelUpdate) - Robert McNeel & Associates - C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11009 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003UA.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1000UA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-02-21 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-18 192592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-02-21 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-18 192592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-07-19 98304]
"hpqSRMon"=C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-12 153136]
"Google Update"=C:\Users\Ivana\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2012-08-14 39408]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\Lenovo\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.clmp3enc"=C:\PROGRA~2\Lenovo\Power2Go\CLMP3Enc.ACM
"msacm.siren"=sirenacm.dll
"msacm.dvacm"=C:\PROGRA~2\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.divxa32"=msaud32_divx.acm
"msacm.ac3filter"=ac3filter.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-07-02 07:52:09 ----A---- C:\ProgramData\g252qs.txt
2013-07-02 07:52:09 ----A---- C:\ProgramData\84fl.js
2013-07-02 07:52:09 ----A---- C:\ProgramData\84fl.bat
2013-07-02 07:51:56 ----A---- C:\ProgramData\lf48.dat
2013-07-02 07:51:55 ----A---- C:\ProgramData\rundll32.exe
2013-06-20 22:52:36 ----D---- C:\ProgramData\GarenaMessenger
2013-06-16 08:42:08 ----A---- C:\windows\SysWOW64\iesetup.dll
2013-06-16 08:42:08 ----A---- C:\windows\SysWOW64\iernonce.dll
2013-06-16 08:42:07 ----A---- C:\windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-16 08:42:07 ----A---- C:\windows\SysWOW64\iesysprep.dll
2013-06-16 08:42:03 ----A---- C:\windows\SysWOW64\msfeeds.dll
2013-06-16 08:42:01 ----A---- C:\windows\SysWOW64\jscript.dll
2013-06-16 08:41:57 ----A---- C:\windows\SysWOW64\jscript9.dll
2013-06-16 08:41:49 ----A---- C:\windows\SysWOW64\jsproxy.dll
2013-06-16 08:41:48 ----A---- C:\windows\SysWOW64\wininet.dll
2013-06-16 08:30:27 ----A---- C:\windows\SysWOW64\urlmon.dll
2013-06-16 08:30:25 ----A---- C:\windows\SysWOW64\iertutil.dll
2013-06-16 08:30:22 ----A---- C:\windows\SysWOW64\ieui.dll
2013-06-16 08:30:18 ----A---- C:\windows\SysWOW64\ieframe.dll
2013-06-16 08:30:03 ----A---- C:\windows\SysWOW64\mshtml.dll
2013-06-12 18:06:40 ----A---- C:\windows\SysWOW64\win32spl.dll
2013-06-12 18:06:32 ----A---- C:\windows\SysWOW64\cryptdlg.dll
2013-06-12 18:06:25 ----A---- C:\windows\SysWOW64\WindowsCodecs.dll
2013-06-12 18:06:19 ----A---- C:\windows\SysWOW64\certutil.exe
2013-06-12 18:06:18 ----A---- C:\windows\SysWOW64\crypt32.dll
2013-06-12 18:06:17 ----A---- C:\windows\SysWOW64\cryptnet.dll
2013-06-12 18:06:16 ----A---- C:\windows\SysWOW64\cryptsvc.dll
2013-06-12 18:06:15 ----A---- C:\windows\SysWOW64\certenc.dll
2013-06-12 18:05:55 ----A---- C:\windows\SysWOW64\d3d11.dll
2013-06-08 03:04:28 ----A---- C:\windows\SysWOW64\msls31.dll
2013-06-08 03:04:28 ----A---- C:\windows\SysWOW64\elshyph.dll
2013-06-08 03:04:27 ----A---- C:\windows\SysWOW64\wextract.exe
2013-06-08 03:04:27 ----A---- C:\windows\SysWOW64\webcheck.dll
2013-06-08 03:04:27 ----A---- C:\windows\SysWOW64\msrating.dll
2013-06-08 03:04:27 ----A---- C:\windows\SysWOW64\mshtmlmedia.dll
2013-06-08 03:04:27 ----A---- C:\windows\SysWOW64\inseng.dll
2013-06-08 03:04:27 ----A---- C:\windows\SysWOW64\iexpress.exe
2013-06-08 03:04:26 ----A---- C:\windows\SysWOW64\vbscript.dll
2013-06-08 03:04:26 ----A---- C:\windows\SysWOW64\pngfilt.dll
2013-06-08 03:04:26 ----A---- C:\windows\SysWOW64\mshtmled.dll
2013-06-08 03:04:25 ----A---- C:\windows\SysWOW64\occache.dll
2013-06-08 03:04:25 ----A---- C:\windows\SysWOW64\mshta.exe
2013-06-08 03:04:25 ----A---- C:\windows\SysWOW64\msfeedssync.exe
2013-06-08 03:04:25 ----A---- C:\windows\SysWOW64\msfeedsbs.dll
2013-06-08 03:04:25 ----A---- C:\windows\SysWOW64\imgutil.dll
2013-06-08 03:04:25 ----A---- C:\windows\SysWOW64\ieUnatt.exe
2013-06-08 03:04:25 ----A---- C:\windows\SysWOW64\iepeers.dll
2013-06-08 03:04:25 ----A---- C:\windows\SysWOW64\IEAdvpack.dll
2013-06-08 03:04:24 ----A---- C:\windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 03:04:24 ----A---- C:\windows\SysWOW64\mshtmler.dll
2013-06-08 03:04:23 ----A---- C:\windows\SysWOW64\url.dll
2013-06-08 03:04:23 ----A---- C:\windows\SysWOW64\licmgr10.dll
2013-06-08 03:04:23 ----A---- C:\windows\SysWOW64\iedkcs32.dll
2013-06-08 03:04:23 ----A---- C:\windows\SysWOW64\ieapfltr.dll
2013-06-08 03:04:23 ----A---- C:\windows\SysWOW64\ieapfltr.dat
2013-06-08 03:04:23 ----A---- C:\windows\SysWOW64\icardie.dll
2013-06-08 03:04:23 ----A---- C:\windows\SysWOW64\dxtrans.dll
2013-06-08 03:04:23 ----A---- C:\windows\SysWOW64\dxtmsft.dll

======List of files/folders modified in the last 1 month======

2013-07-02 08:06:22 ----D---- C:\windows\Prefetch
2013-07-02 08:06:20 ----D---- C:\Program Files (x86)\trend micro
2013-07-02 08:06:14 ----D---- C:\windows\Temp
2013-07-02 08:05:55 ----HD---- C:\ProgramData
2013-07-02 07:59:57 ----D---- C:\Windows
2013-07-02 07:28:03 ----D---- C:\windows\System32
2013-07-02 07:28:03 ----D---- C:\windows\inf
2013-07-01 13:34:36 ----SHD---- C:\System Volume Information
2013-06-30 22:33:54 ----D---- C:\windows\SysWOW64
2013-06-30 22:33:49 ----A---- C:\windows\SysWOW64\FlashPlayerApp.exe
2013-06-30 22:30:50 ----D---- C:\windows\Tasks
2013-06-20 22:55:27 ----RD---- C:\Program Files
2013-06-18 14:44:59 ----SHD---- C:\windows\Installer
2013-06-17 21:14:10 ----D---- C:\windows\Panther
2013-06-17 21:14:06 ----D---- C:\windows\debug
2013-06-17 18:11:51 ----D---- C:\windows\rescache
2013-06-16 18:11:22 ----D---- C:\windows\Microsoft.NET
2013-06-16 18:09:51 ----RSD---- C:\windows\assembly
2013-06-16 13:25:00 ----D---- C:\windows\winsxs
2013-06-16 13:21:50 ----D---- C:\Program Files (x86)\Internet Explorer
2013-06-16 13:21:49 ----D---- C:\windows\SysWOW64\cs-CZ
2013-06-16 08:51:14 ----HD---- C:\Config.Msi
2013-06-16 08:51:07 ----A---- C:\windows\win.ini
2013-06-16 08:40:44 ----A---- C:\windows\SysWOW64\PerfStringBackup.INI
2013-06-08 11:28:24 ----D---- C:\windows\Logs
2013-06-08 03:28:39 ----D---- C:\windows\SysWOW64\migration
2013-06-08 03:28:39 ----D---- C:\windows\SysWOW64\en-US
2013-06-08 03:28:38 ----D---- C:\windows\PolicyDefinitions

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\windows\system32\DRIVERS\AtiPcie64.sys []
R0 LHDmgr;LHDmgr; C:\windows\System32\DRIVERS\LhdX64.sys []
R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys []
R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys []
R2 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys []
R3 ACPIVPC;Lenovo Virtual Power Controller Driver; C:\windows\system32\DRIVERS\AcpiVpc.sys []
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys []
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys []
R3 usbsmi;Lenovo EasyCamera; C:\windows\system32\DRIVERS\SMIksdrv.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys []
S3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys []
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys []
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys []
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys []
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys []
S3 Dot4;MS IEEE-1284.4 Driver; C:\windows\system32\DRIVERS\Dot4.sys []
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\windows\system32\DRIVERS\Dot4Prt.sys []
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\windows\system32\DRIVERS\dot4usb.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys []
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys []
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\k57nd60a.sys []
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\windows\system32\DRIVERS\netw5v64.sys []
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\windows\system32\drivers\nmwcdnsux64.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys []
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\windows\system32\DRIVERS\ss_bbus.sys []
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys []
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys []
S3 WimFltr;WimFltr; C:\windows\system32\DRIVERS\wimfltr.sys []
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys []
S3 wsvd;wsvd; C:\windows\system32\DRIVERS\wsvd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe []
R2 Autodesk Content Service;Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
R2 btwdins;Bluetooth Service; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [2009-08-11 864032]
R2 Capture Device Service;Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\windows\system32\svchost.exe [2009-07-14 20992]
R2 KMService;KMService; C:\windows\system32\srvany.exe [2012-04-23 8192]
R2 McNeelUpdate;McNeel Update Service 5.0; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [2012-10-25 67752]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2009-07-14 20992]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-30 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-01-30 1431888]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-14 194032]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe []
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

Zdravim

Poprosim o log z FRST http://forum.viry.cz/viewtopic.php?f=13&t=130781

Ještě jednou zdravím, mám problém spsutit Notebook v nouzovém režimu, po restartu mám na výběr F12 -bootovací sekvnce,

F8- zotavení systému windows z chyb. Zde stojí "systém se nepodařilo spustit. Důvodem může být
nedávné změny hardwaru nebo softwaru."
na výběr tu jsou dvě možnosti
-Spustit nástroj Oprava spouštění systému
- Spustit systém Windows běžným způsobem

[NERAD VÁM PŘIDĚLÁVÁM NADBYTEČNOU PRÁCI, ALE OMYLEM JSEM V "Boot device priority" PRAVDĚPODOBNĚ PROHODIL NĚJAKÉ POLOŽKY, AČ NECHTĚNĚ A NASTAVENÍ SE ULOŽILO. NEJSEM SI JISTÝ JAKÉ MÁ BÝT SPRÁVNÉ POŘADÍ.]

F2. Po zmáčknutí F2 se mi nezobrazí tabulka s výběrem spuštění systému windows, ale tabulka s informacemi o PC, konfigurací pc, zabezpečení, "boot device priority", a dále už jen exit.

P.S. Velmi si vážím vaší pomoci. Děkuji

Zdravím,
sám nevím jak, ale už jsem se dostal k postupu získání logu. A dále podle postupu pokračuji, předchozí problém už nemusíte brát v potaz. Doufám v pochopení mých "nadbytečných" otázek (leč pro mne je to úplná záhada.). Děkuji mnohokrát

Zdravím,
vím, že nejsem zdaleka sám, kdo potřebuje poradit, ale vyskytla se mi další komplikace. Během scanu se mi notebook vypnul, opakoval jsem proces, to nevedlo k jinému výsledku. (baterie by měla být dostatečně nabitá, nebo je možné, že se mi notebook v nouzovém režimu neabíjí?). Děkuji za pomoc

Zdravicko

Ja jsem v praci, takze sem jen nakukuji...

Zkuste tedy sken spustit v normalnim rezimu = spustte FRST z flash disku a pak pokracujte dle navodu...

Nema cenu se driv a piplat s tim bootovanim, aspon tedy zatim

Zdravíčko,
nakonec jsem to tedy spustil v normálním režimu. Scan proběhl bez komplikácí. Díky

Log FRST - Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-07-2013
Ran by Admin_ (administrator) on 02-07-2013 11:19:29
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
() C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
() C:\windows\SysWOW64\srvany.exe
() C:\windows\KMService.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\windows\system32\taskmgr.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11448424 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2120808 2010-08-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1894696 2010-01-07] (Synaptics Incorporated)
HKLM\...\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-07-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKU\Admin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
HKU\Admin\...\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-17] (Google Inc.)
HKU\Admin\...\Run: [Facebook Update] "C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-03-27] (Facebook Inc.)
HKU\Admin\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\lf48.dat,XFG00 [147456 2013-07-02] (Microsoft Corporation)
HKU\Ivana\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [153136 2007-03-12] (Nero AG)
HKU\Ivana\...\Run: [Google Update] "C:\Users\Ivana\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-17] (Google Inc.)
HKU\Ivana\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: msdaipp - No CLSID Value -
Handler-x32: msdaipp - No CLSID Value -
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) =================

R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-08-11] (Broadcom Corporation.)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2012-04-23] ()
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67752 2012-10-25] (Robert McNeel & Associates)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-06-27] (DT Soft Ltd)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [200704 2010-04-20] (SMI)
U3 BcmSqlStartupSvc;
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [x]
U2 IAStorDataMgrSvc;
U3 IGRS;
U2 IviRegMgr;
U2 ReadyComm.DirectRouter;
U2 RichVideo;
U3 SQLWriter;

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AcpiVpc.sys DC201246A14CB3B274DF59FAF539AB07
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 59A119E7AE39A95755BB1C0E889C7FAD
C:\Windows\System32\DRIVERS\atikmpag.sys DC746FE518C2E63DB4C8954772FA4F71
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys CCA705CDF038D5BC243203CE4416B345
C:\Windows\System32\DRIVERS\AtiPcie64.sys E82E61F46D1336447F4DEFF8C074F13E
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\drivers\btusbflt.sys 6E04458E98DAF28826482E41A7A62DF5
C:\Windows\System32\drivers\btwaudio.sys 6BCFDC2B5B7F66D484486D4BD4B39A6B
C:\Windows\System32\drivers\btwavdt.sys 82DC8B7C626E526681C1BEBED2BC3FF9
C:\Windows\System32\DRIVERS\btwl2cap.sys 6149301DC3F81D6F9667A3FBAC410975
C:\Windows\System32\DRIVERS\btwrchid.sys 28E105AD3B79F440BF94780F507BF66A
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dtsoftbus01.sys 46571ED73AE84469DCA53081D33CF3C8
C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 72190080AB7D7D876F4210A048A0A892
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60a.sys 7DBAFE10C1B777305C80BEA42FBDA710
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 55480B9C63F3F91A8EBBADCBF28FE581
C:\Windows\System32\DRIVERS\LhdX64.sys BE166935083F9C38EDFDC21B9A7A679B
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys F8A10560B35C66F9DE212F03DAD5BFA7
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 162100E0BC8377710F9D170631921C03
C:\Windows\System32\drivers\nmwcdnsux64.sys 9573223E205907247AE6D948E3453770
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 5AAB4808E8CCAE8C2ECDA5B791260616
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ss_bbus.sys EF806D212D34B0E173BAEB3564D53E37
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys E5D73228176C9F69072D1F91CED83484
C:\Windows\System32\drivers\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\DRIVERS\tcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SMIksdrv.sys 310ABD644511CBEEE16814095759D670
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-02 10:55 - 2013-07-02 10:55 - 00000000 ____D C:\FRST
2013-07-02 10:34 - 2013-07-02 11:17 - 00000112 ____A C:\Windows\setupact.log
2013-07-02 10:34 - 2013-07-02 10:34 - 00000000 ____A C:\Windows\setuperr.log
2013-07-02 08:40 - 2013-07-02 08:40 - 00000000 ____D C:\Users\Admin_\AppData\Roaming\GRETECH
2013-07-02 08:35 - 2013-07-02 10:44 - 00029508 ____A C:\Windows\WindowsUpdate.log
2013-07-02 08:34 - 2013-07-02 08:34 - 00163136 ____A C:\Users\Admin_\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 08:34 - 2013-07-02 08:34 - 00000000 ____D C:\Users\Admin_\AppData\Roaming\ATI
2013-07-02 08:34 - 2013-07-02 08:34 - 00000000 ____D C:\Users\Admin_\AppData\Local\ATI
2013-07-02 08:26 - 2013-07-02 09:27 - 00003050 ____A C:\Users\Admin_\Documents\startup.txt
2013-07-02 08:20 - 2013-07-02 08:20 - 00000000 ____D C:\Users\Admin_\AppData\Roaming\Adobe
2013-07-02 08:19 - 2013-07-02 08:20 - 00000000 ____D C:\users\Admin_
2013-07-02 08:19 - 2013-07-02 08:19 - 00000020 ___SH C:\Users\Admin_\ntuser.ini
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Šablony
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Soubory cookie
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Poslední
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Okolní tiskárny
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Okolní síť
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Nabídka Start
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Dokumenty
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Documents\Obrázky
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Documents\Hudba
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Documents\Filmy
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Data aplikací
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\AppData\Local\Data aplikací
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 ____D C:\Users\Admin_\AppData\Local\VirtualStore
2013-07-02 08:19 - 2011-06-14 23:25 - 00002104 ____A C:\Users\Admin_\Desktop\OneKey Recovery.lnk
2013-07-02 08:19 - 2011-06-14 23:18 - 00001140 ____A C:\Users\Admin_\Desktop\Cyberlink Power2Go.lnk
2013-07-02 08:19 - 2011-06-14 23:17 - 00002198 ____A C:\Users\Admin_\Desktop\CyberLink YouCam.lnk
2013-07-02 08:18 - 2013-07-02 08:18 - 00000000 ____D C:\Users\Ivana\Desktop\Admin
2013-07-02 08:12 - 2013-07-02 08:12 - 00000048 ____A C:\Users\Ivana\Desktop\vir.txt
2013-07-02 08:06 - 2013-07-02 08:06 - 00781383 ____A C:\Users\Ivana\Downloads\RSIT.exe
2013-07-02 08:01 - 2013-07-02 08:01 - 00011136 ____A C:\Users\Ivana\Documents\cc_20130702_080129.reg
2013-07-02 07:52 - 2013-07-02 08:15 - 95023320 ___AT C:\ProgramData\84fl.pad
2013-07-02 07:52 - 2013-07-02 07:52 - 00002630 ____A C:\ProgramData\84fl.js
2013-07-02 07:52 - 2013-07-02 07:52 - 00000150 ____A C:\ProgramData\84fl.reg
2013-07-02 07:52 - 2013-07-02 07:52 - 00000055 ____A C:\ProgramData\84fl.bat
2013-07-02 07:52 - 2013-07-02 07:52 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-07-02 07:51 - 2013-07-02 07:51 - 00147456 ____A (Microsoft Corporation) C:\ProgramData\lf48.dat
2013-07-02 07:51 - 2013-07-02 07:51 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-30 22:30 - 2013-07-02 09:33 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-30 19:35 - 2013-06-30 19:35 - 00019384 ____A C:\Users\Admin\Documents\cc_20130630_193545.reg
2013-06-28 20:28 - 2013-06-28 20:28 - 00001236 ____A C:\Users\Admin\Downloads\dovolena_chorvatsko (2).txt
2013-06-28 20:27 - 2013-06-28 20:29 - 00001236 ____A C:\Users\Admin\Downloads\dovolena_chorvatsko (1).txt
2013-06-28 20:26 - 2013-06-28 20:26 - 00001236 ____A C:\Users\Admin\Downloads\dovolena_chorvatsko.txt
2013-06-24 13:44 - 2013-06-24 13:44 - 00098816 ____A C:\Users\Admin\Downloads\rozvrh bazenu cervenec_aktual 2005.xls
2013-06-21 00:34 - 2013-06-21 00:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GarenaPlus
2013-06-20 22:55 - 2013-06-20 22:55 - 00000000 ____D C:\Program Files\warcraft III
2013-06-20 22:52 - 2013-06-21 00:34 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-06-20 22:51 - 2013-06-20 22:51 - 64166776 ____A C:\Users\Admin\Downloads\GarenaPlus_Install.exe
2013-06-20 13:46 - 2013-06-20 13:46 - 00030208 ____A C:\Users\Admin\Downloads\prehled_VR.xls
2013-06-19 17:34 - 2013-06-19 17:40 - 80525986 ____A C:\Users\Admin\Downloads\Smrtonostna.Zbran.2.XViD.AC3.SK-DJRoccoiNc.avi
2013-06-17 21:12 - 2013-06-17 21:12 - 04378864 ____A (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup402.exe
2013-06-17 21:08 - 2013-06-17 21:10 - 00000000 ____D C:\Users\Admin\Desktop\Matematické Inženýrství
2013-06-16 11:09 - 2013-06-16 11:09 - 06431744 ___AH C:\Users\Admin\Downloads\~WRL1335.tmp
2013-06-16 10:03 - 2013-06-16 10:03 - 25734144 ____A C:\Users\Admin\Downloads\13-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 12485120 ____A C:\Users\Admin\Downloads\12-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 10921984 ____A C:\Users\Admin\Downloads\09-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 09671680 ____A C:\Users\Admin\Downloads\11-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 06731264 ____A C:\Users\Admin\Downloads\10-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 05590528 ____A C:\Users\Admin\Downloads\07-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 04419072 ____A C:\Users\Admin\Downloads\05-BUM (1).ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 04370432 ____A C:\Users\Admin\Downloads\08-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 01706496 ____A C:\Users\Admin\Downloads\07a-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 01543680 ____A C:\Users\Admin\Downloads\05a-BUM (2).ppt
2013-06-16 10:02 - 2013-06-16 10:03 - 07547904 ____A C:\Users\Admin\Downloads\01-BUM (2).ppt
2013-06-16 10:02 - 2013-06-16 10:03 - 07433216 ____A C:\Users\Admin\Downloads\03-BUM (2).ppt
2013-06-16 10:02 - 2013-06-16 10:03 - 05779456 ____A C:\Users\Admin\Downloads\02-BUM (4).ppt
2013-06-16 10:02 - 2013-06-16 10:03 - 02317824 ____A C:\Users\Admin\Downloads\04-BUM.ppt
2013-06-16 08:42 - 2013-05-17 03:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-16 08:42 - 2013-05-17 03:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-16 08:42 - 2013-05-17 03:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-16 08:42 - 2013-05-17 03:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-16 08:42 - 2013-05-17 03:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-16 08:42 - 2013-05-17 02:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-16 08:42 - 2013-05-17 02:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-16 08:42 - 2013-05-17 02:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-16 08:42 - 2013-05-17 02:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-16 08:42 - 2013-05-17 02:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-16 08:42 - 2013-05-17 02:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-16 08:42 - 2013-05-14 14:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-16 08:42 - 2013-05-14 10:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-16 08:41 - 2013-05-17 03:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-16 08:41 - 2013-05-17 03:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-16 08:41 - 2013-05-17 03:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-16 08:41 - 2013-05-17 02:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-16 08:41 - 2013-05-17 02:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-16 08:41 - 2013-05-17 02:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-16 08:30 - 2013-06-08 16:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-16 08:30 - 2013-06-08 16:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-16 08:30 - 2013-06-08 16:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-16 08:30 - 2013-06-08 16:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-16 08:30 - 2013-06-08 16:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-16 08:30 - 2013-06-08 14:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-16 08:30 - 2013-06-08 13:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-16 08:30 - 2013-06-08 13:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-16 08:30 - 2013-06-08 13:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-16 08:30 - 2013-06-08 13:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-16 08:30 - 2013-06-08 13:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-16 08:30 - 2013-06-08 13:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 18:06 - 2013-05-13 07:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 18:06 - 2013-05-13 07:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 18:06 - 2013-05-13 07:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 18:06 - 2013-05-13 07:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 18:06 - 2013-05-13 06:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 18:06 - 2013-05-13 06:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 18:06 - 2013-05-13 06:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 18:06 - 2013-05-13 05:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 18:06 - 2013-05-13 05:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 18:06 - 2013-05-13 05:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 18:06 - 2013-05-10 07:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 18:06 - 2013-05-10 05:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 18:06 - 2013-05-08 08:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 18:06 - 2013-04-26 07:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 18:06 - 2013-04-26 06:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 18:06 - 2013-04-17 09:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 18:06 - 2013-04-17 08:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 18:05 - 2013-04-26 01:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 18:05 - 2013-04-01 00:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 19:37 - 2013-06-11 19:37 - 05223820 ____A C:\Users\Admin\Downloads\pozvanka.jpg.zip
2013-06-08 11:27 - 2013-06-08 11:27 - 00129528 ____A C:\Users\Admin\Documents\cc_20130608_112708.reg
2013-06-08 11:27 - 2013-06-08 11:27 - 00037490 ____A C:\Users\Admin\Documents\cc_20130608_112736.reg
2013-06-08 03:04 - 2013-06-08 03:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 03:04 - 2013-06-08 03:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 03:04 - 2013-06-08 03:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 03:04 - 2013-06-08 03:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 03:04 - 2013-06-08 03:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 03:04 - 2013-06-08 03:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 03:04 - 2013-06-08 03:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 03:04 - 2013-06-08 03:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 03:04 - 2013-06-08 03:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-06 22:55 - 2013-06-06 22:55 - 01204224 ____A C:\Users\Admin\Downloads\18._Vyuka_Pohybove_vady___MO.ppt
2013-06-05 19:03 - 2013-06-05 19:11 - 120906413 ____A C:\Users\Admin\Downloads\SLA (1).rar
2013-06-03 23:00 - 2013-06-03 23:06 - 63517020 ____A C:\Users\Admin\Downloads\Pediatrie.zip

==================== One Month Modified Files and Folders =======

2013-07-02 11:17 - 2013-07-02 10:34 - 00000112 ____A C:\Windows\setupact.log
2013-07-02 11:17 - 2013-02-11 00:33 - 00000948 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-02 11:17 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 11:13 - 2011-06-14 13:45 - 00666200 ____A C:\Windows\System32\perfh005.dat
2013-07-02 11:13 - 2011-06-14 13:45 - 00139896 ____A C:\Windows\System32\perfc005.dat
2013-07-02 11:13 - 2009-07-14 07:13 - 01576582 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-02 10:55 - 2013-07-02 10:55 - 00000000 ____D C:\FRST
2013-07-02 10:44 - 2013-07-02 08:35 - 00029508 ____A C:\Windows\WindowsUpdate.log
2013-07-02 10:42 - 2009-07-14 06:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-02 10:42 - 2009-07-14 06:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-02 10:34 - 2013-07-02 10:34 - 00000000 ____A C:\Windows\setuperr.log
2013-07-02 09:34 - 2013-02-11 00:33 - 00000952 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-02 09:33 - 2013-06-30 22:30 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-02 09:27 - 2013-07-02 08:26 - 00003050 ____A C:\Users\Admin_\Documents\startup.txt
2013-07-02 09:04 - 2013-02-17 09:59 - 00000962 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003UA.job
2013-07-02 09:00 - 2013-01-26 13:23 - 00000962 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1000UA.job
2013-07-02 08:40 - 2013-07-02 08:40 - 00000000 ____D C:\Users\Admin_\AppData\Roaming\GRETECH
2013-07-02 08:40 - 2013-03-27 21:35 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003UA.job
2013-07-02 08:40 - 2011-12-17 22:26 - 00000000 ____D C:\users\Admin
2013-07-02 08:34 - 2013-07-02 08:34 - 00163136 ____A C:\Users\Admin_\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-02 08:34 - 2013-07-02 08:34 - 00000000 ____D C:\Users\Admin_\AppData\Roaming\ATI
2013-07-02 08:34 - 2013-07-02 08:34 - 00000000 ____D C:\Users\Admin_\AppData\Local\ATI
2013-07-02 08:20 - 2013-07-02 08:20 - 00000000 ____D C:\Users\Admin_\AppData\Roaming\Adobe
2013-07-02 08:20 - 2013-07-02 08:19 - 00000000 ____D C:\users\Admin_
2013-07-02 08:19 - 2013-07-02 08:19 - 00000020 ___SH C:\Users\Admin_\ntuser.ini
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Šablony
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Soubory cookie
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Poslední
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Okolní tiskárny
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Okolní síť
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Nabídka Start
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Dokumenty
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Documents\Obrázky
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Documents\Hudba
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Documents\Filmy
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\Data aplikací
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 __SHD C:\Users\Admin_\AppData\Local\Data aplikací
2013-07-02 08:19 - 2013-07-02 08:19 - 00000000 ____D C:\Users\Admin_\AppData\Local\VirtualStore
2013-07-02 08:18 - 2013-07-02 08:18 - 00000000 ____D C:\Users\Ivana\Desktop\Admin
2013-07-02 08:15 - 2013-07-02 07:52 - 95023320 ___AT C:\ProgramData\84fl.pad
2013-07-02 08:12 - 2013-07-02 08:12 - 00000048 ____A C:\Users\Ivana\Desktop\vir.txt
2013-07-02 08:06 - 2013-07-02 08:06 - 00781383 ____A C:\Users\Ivana\Downloads\RSIT.exe
2013-07-02 08:03 - 2011-12-17 21:19 - 00002364 ____A C:\Users\Ivana\Desktop\Google Chrome.lnk
2013-07-02 08:01 - 2013-07-02 08:01 - 00011136 ____A C:\Users\Ivana\Documents\cc_20130702_080129.reg
2013-07-02 07:52 - 2013-07-02 07:52 - 00002630 ____A C:\ProgramData\84fl.js
2013-07-02 07:52 - 2013-07-02 07:52 - 00000150 ____A C:\ProgramData\84fl.reg
2013-07-02 07:52 - 2013-07-02 07:52 - 00000055 ____A C:\ProgramData\84fl.bat
2013-07-02 07:52 - 2013-07-02 07:52 - 00000000 ____A C:\ProgramData\g252qs.txt
2013-07-02 07:51 - 2013-07-02 07:51 - 00147456 ____A (Microsoft Corporation) C:\ProgramData\lf48.dat
2013-07-02 07:51 - 2013-07-02 07:51 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-07-02 07:40 - 2013-03-27 21:35 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003Core.job
2013-07-02 00:52 - 2013-01-26 13:23 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1000Core.job
2013-07-01 10:04 - 2013-02-17 09:59 - 00000910 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003Core.job
2013-06-30 22:33 - 2012-04-28 12:19 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-30 22:33 - 2011-12-17 21:16 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-30 19:35 - 2013-06-30 19:35 - 00019384 ____A C:\Users\Admin\Documents\cc_20130630_193545.reg
2013-06-30 17:20 - 2012-01-21 11:11 - 00000000 ____D C:\Users\Admin\Desktop\movie
2013-06-30 17:08 - 2012-12-27 23:18 - 00000000 ____D C:\Users\Admin\Desktop\mamka
2013-06-28 20:29 - 2013-06-28 20:27 - 00001236 ____A C:\Users\Admin\Downloads\dovolena_chorvatsko (1).txt
2013-06-28 20:28 - 2013-06-28 20:28 - 00001236 ____A C:\Users\Admin\Downloads\dovolena_chorvatsko (2).txt
2013-06-28 20:26 - 2013-06-28 20:26 - 00001236 ____A C:\Users\Admin\Downloads\dovolena_chorvatsko.txt
2013-06-24 13:44 - 2013-06-24 13:44 - 00098816 ____A C:\Users\Admin\Downloads\rozvrh bazenu cervenec_aktual 2005.xls
2013-06-21 00:34 - 2013-06-21 00:34 - 00000000 ____D C:\Users\Admin\AppData\Roaming\GarenaPlus
2013-06-21 00:34 - 2013-06-20 22:52 - 00000000 ____D C:\ProgramData\GarenaMessenger
2013-06-20 22:55 - 2013-06-20 22:55 - 00000000 ____D C:\Program Files\warcraft III
2013-06-20 22:51 - 2013-06-20 22:51 - 64166776 ____A C:\Users\Admin\Downloads\GarenaPlus_Install.exe
2013-06-20 13:46 - 2013-06-20 13:46 - 00030208 ____A C:\Users\Admin\Downloads\prehled_VR.xls
2013-06-19 17:40 - 2013-06-19 17:34 - 80525986 ____A C:\Users\Admin\Downloads\Smrtonostna.Zbran.2.XViD.AC3.SK-DJRoccoiNc.avi
2013-06-17 21:14 - 2009-07-29 09:00 - 00000000 ____D C:\Windows\Panther
2013-06-17 21:13 - 2012-01-28 20:34 - 00000000 ____D C:\Program Files\CCleaner
2013-06-17 21:12 - 2013-06-17 21:12 - 04378864 ____A (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup402.exe
2013-06-17 21:10 - 2013-06-17 21:08 - 00000000 ____D C:\Users\Admin\Desktop\Matematické Inženýrství
2013-06-17 18:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-06-16 11:09 - 2013-06-16 11:09 - 06431744 ___AH C:\Users\Admin\Downloads\~WRL1335.tmp
2013-06-16 10:03 - 2013-06-16 10:03 - 25734144 ____A C:\Users\Admin\Downloads\13-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 12485120 ____A C:\Users\Admin\Downloads\12-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 10921984 ____A C:\Users\Admin\Downloads\09-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 09671680 ____A C:\Users\Admin\Downloads\11-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 06731264 ____A C:\Users\Admin\Downloads\10-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 05590528 ____A C:\Users\Admin\Downloads\07-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 04419072 ____A C:\Users\Admin\Downloads\05-BUM (1).ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 04370432 ____A C:\Users\Admin\Downloads\08-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 01706496 ____A C:\Users\Admin\Downloads\07a-BUM.ppt
2013-06-16 10:03 - 2013-06-16 10:03 - 01543680 ____A C:\Users\Admin\Downloads\05a-BUM (2).ppt
2013-06-16 10:03 - 2013-06-16 10:02 - 07547904 ____A C:\Users\Admin\Downloads\01-BUM (2).ppt
2013-06-16 10:03 - 2013-06-16 10:02 - 07433216 ____A C:\Users\Admin\Downloads\03-BUM (2).ppt
2013-06-16 10:03 - 2013-06-16 10:02 - 05779456 ____A C:\Users\Admin\Downloads\02-BUM (4).ppt
2013-06-16 10:03 - 2013-06-16 10:02 - 02317824 ____A C:\Users\Admin\Downloads\04-BUM.ppt
2013-06-16 08:43 - 2011-12-24 14:31 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-16 08:40 - 2012-01-30 22:20 - 01555804 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-06-11 19:37 - 2013-06-11 19:37 - 05223820 ____A C:\Users\Admin\Downloads\pozvanka.jpg.zip
2013-06-08 16:08 - 2013-06-16 08:30 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 16:07 - 2013-06-16 08:30 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 16:06 - 2013-06-16 08:30 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 16:06 - 2013-06-16 08:30 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 16:06 - 2013-06-16 08:30 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 14:28 - 2013-06-16 08:30 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 13:42 - 2013-06-16 08:30 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 13:40 - 2013-06-16 08:30 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 13:40 - 2013-06-16 08:30 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 13:40 - 2013-06-16 08:30 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 13:40 - 2013-06-16 08:30 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 13:13 - 2013-06-16 08:30 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-08 11:27 - 2013-06-08 11:27 - 00129528 ____A C:\Users\Admin\Documents\cc_20130608_112708.reg
2013-06-08 11:27 - 2013-06-08 11:27 - 00037490 ____A C:\Users\Admin\Documents\cc_20130608_112736.reg
2013-06-08 03:28 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-08 03:04 - 2013-06-08 03:04 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-08 03:04 - 2013-06-08 03:04 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-08 03:04 - 2013-06-08 03:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-08 03:04 - 2013-06-08 03:04 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-08 03:04 - 2013-06-08 03:04 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-08 03:04 - 2013-06-08 03:04 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-08 03:04 - 2013-06-08 03:04 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-08 03:04 - 2013-06-08 03:04 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-08 03:04 - 2013-06-08 03:04 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-08 03:04 - 2013-06-08 03:04 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-08 03:04 - 2013-06-08 03:04 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-07 12:34 - 2011-12-17 21:16 - 00000000 ____D C:\Users\Ivana\AppData\Local\Google
2013-06-06 22:55 - 2013-06-06 22:55 - 01204224 ____A C:\Users\Admin\Downloads\18._Vyuka_Pohybove_vady___MO.ppt
2013-06-05 19:11 - 2013-06-05 19:03 - 120906413 ____A C:\Users\Admin\Downloads\SLA (1).rar
2013-06-03 23:06 - 2013-06-03 23:00 - 63517020 ____A C:\Users\Admin\Downloads\Pediatrie.zip

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\84fl.bat
C:\ProgramData\84fl.pad
C:\ProgramData\84fl.reg
C:\ProgramData\lf48.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Spr vce spouçtŘnˇ syst‚mu Windows
--------------------
identifik tor {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {4fa59c7c-967d-11e0-a5ca-b870f4117a2c}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {current}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale cs-CZ
inherit {bootloadersettings}
recoverysequence {4fa59c7e-967d-11e0-a5ca-b870f4117a2c}
recoveryenabled Yes
osdevice partition=C:
systemroot \windows
resumeobject {4fa59c7c-967d-11e0-a5ca-b870f4117a2c}
nx OptIn

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {4fa59c7e-967d-11e0-a5ca-b870f4117a2c}
device ramdisk=[C:]\Recovery\4fa59c7e-967d-11e0-a5ca-b870f4117a2c\Winre.wim,{4fa59c7f-967d-11e0-a5ca-b870f4117a2c}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\4fa59c7e-967d-11e0-a5ca-b870f4117a2c\Winre.wim,{4fa59c7f-967d-11e0-a5ca-b870f4117a2c}
systemroot \windows
nx OptIn
winpe Yes

Obnovenˇ z hibernace
---------------------
identifik tor {4fa59c7c-967d-11e0-a5ca-b870f4117a2c}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Testov nˇ pamŘti syst‚mu Windows
---------------------
identifik tor {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes

Nastavenˇ slu§by EMS
------------
identifik tor {emssettings}
bootems Yes

Nastavenˇ ladicˇho programu
-----------------
identifik tor {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Chyby pamŘti RAM
-----------
identifik tor {badmemory}

Glob lnˇ nastavenˇ
---------------
identifik tor {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Nastavenˇ spouçtŘcˇho zavadŘźe
--------------------
identifik tor {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Nastavenˇ hypervisoru
-------------------
identifik tor {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Nastavenˇ zavadŘźe obnovenˇ
----------------------
identifik tor {resumeloadersettings}
inherit {globalsettings}

Parametry zaýˇzenˇ
--------------
identifik tor {4fa59c7f-967d-11e0-a5ca-b870f4117a2c}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\4fa59c7e-967d-11e0-a5ca-b870f4117a2c\boot.sdi



LastRegBack: 2013-06-24 01:00

==================== End Of Log ============================

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [926896 2012-09-23] (Adobe Systems Incorporated)
  HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
  HKU\Admin\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
  HKU\Admin\...\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-17] (Google Inc.)
  HKU\Admin\...\Run: [Facebook Update] "C:\Users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-03-27] (Facebook Inc.)
  HKU\Admin\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\lf48.dat,XFG00 [147456 2013-07-02] (Microsoft Corporation)
  HKU\Ivana\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [153136 2007-03-12] (Nero AG)
  HKU\Ivana\...\Run: [Google Update] "C:\Users\Ivana\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-17] (Google Inc.)
  HKU\Ivana\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2012-08-14] (Google Inc.)
  Handler: msdaipp - No CLSID Value - 
  Handler-x32: msdaipp - No CLSID Value - 
  Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
  U3 BcmSqlStartupSvc;
  U2 IAStorDataMgrSvc; 
  U3 IGRS; 
  U2 IviRegMgr; 
  U2 ReadyComm.DirectRouter; 
  U2 RichVideo; 
  U3 SQLWriter;
  2013-07-02 07:52 - 2013-07-02 08:15 - 95023320 ___AT C:\ProgramData\84fl.pad
  2013-07-02 07:52 - 2013-07-02 07:52 - 00002630 ____A C:\ProgramData\84fl.js
  2013-07-02 07:52 - 2013-07-02 07:52 - 00000150 ____A C:\ProgramData\84fl.reg
  2013-07-02 07:52 - 2013-07-02 07:52 - 00000055 ____A C:\ProgramData\84fl.bat
  2013-07-02 07:52 - 2013-07-02 07:52 - 00000000 ____A C:\ProgramData\g252qs.txt
  2013-07-02 07:51 - 2013-07-02 07:51 - 00147456 ____A (Microsoft Corporation) C:\ProgramData\lf48.dat
  2013-07-02 07:51 - 2013-07-02 07:51 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
  C:\windows\tasks\Adobe Flash Player Updater.job
  C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003Core.job
  C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003UA.job
  C:\windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1000Core.job
  C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1000UA.job
  C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003Core.job
  C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003UA.job
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

• Kliknete na Fix
• Probehne oprava a na flash disku se vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt a napiste co PC

Zdravím,

vkládám fixlog. Ohledně dotazu k PC; hlavní problém, který mě tížil je pryč. Nevyskakují mi

zde žádná nevyžádaná okna a nic podobného, jako tomu bylo před vaší pomocí. Jsem Vám nesmírně

vděčný za vaši pomoc při odvirovávání PC a rychlost jakou jste reagoval na moje otázky.

Měl bych na Vás ještě jednu prosbu. Co mi můžete poradít jako prevenci proti dalším nevyžádaným

"červům". Měl bych se důsledně vyhýbat typům stránek, kde jsem k danému problému příšel nebo se

stačí bránit nějakým volně dostupným antivirem a firewallem?

Ještě jednou děkuji za pomoc.


Log:Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-07-2013
Ran by Admin_ at 2013-07-02 11:42:47 Run:1
Running from G:\
Boot Mode: Normal
==============================================

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\Admin\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.
HKU\Admin\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKU\Admin\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKU\Admin\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe => Value deleted successfully.
HKU\Ivana\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => Value deleted successfully.
HKU\Ivana\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKU\Ivana\Software\Microsoft\Windows\CurrentVersion\Run\\swg => Value deleted successfully.
HKCR\PROTOCOLS\Handler\msdaipp => Key deleted successfully.
HKCR\Wow6432Node\PROTOCOLS\Handler\msdaipp => Key not found.
HKCR\PROTOCOLS\Filter\text/xml => Key deleted successfully.
HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945} => Key not found.
U3 BcmSqlStartupSvc; => Service not found.
IAStorDataMgrSvc => Service deleted successfully.
IGRS => Service deleted successfully.
IviRegMgr => Service deleted successfully.
ReadyComm.DirectRouter => Service deleted successfully.
RichVideo => Service deleted successfully.
U3 SQLWriter; => Service not found.
C:\ProgramData\84fl.pad => Moved successfully.
C:\ProgramData\84fl.js => Moved successfully.
C:\ProgramData\84fl.reg => Moved successfully.
C:\ProgramData\84fl.bat => Moved successfully.
C:\ProgramData\g252qs.txt => Moved successfully.
C:\ProgramData\lf48.dat => Moved successfully.
C:\ProgramData\rundll32.exe => Moved successfully.
C:\windows\tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003Core.job => Moved successfully.
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003UA.job => Moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1000Core.job => Moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1000UA.job => Moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003Core.job => Moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1446954214-2930582283-825936318-1003UA.job => Moved successfully.

==== End of Fixlog ====

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

• Ulozte nejlepe na Plochu
• U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
• Kliknete na Scan
• Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

S timto typem haveti (ransomware - policejni vir) je hodne problemu a je problem se jim branit. Ale staci bezna ochrana (AV+FW) a davat pozor kam lezu

Laco_ESET píše:Dobrý den,

rodina malware Win32/Ransom (tzv. Policejní virus) rozhodně není standardní malware a je to jeden z nejvíce modifikovaných rootkitů vůbec. U nás se šíří v několika vizuálech, které se již několikrát objevily a proto si naprostá většina uživatelů myslí, že se jedná o ten samý virus. Záměrně píši „vizuálech“. Bohužel pravda je taková, že těch mutací je v řádu několika stovek, spíš přes tisíc! Každá varianta je jiná, většina z nich používá rozličné cesty, jak se do PC dostat a infikovat ho.
Některé varianty se šíří s pomocí jiného malware, z napadených stránek, v e-mail přílohách atp. Objevily se rovněž varianty, které se šířili a PC infikovaly s pomocí zneužitelných bezpečnostních děr v aplikacích Java, Adobe Flash Player a Adobe Reader, Explorer, Firefox, Google Chrome, apod. I většinu těchto bezpečnostních děr "záplatujeme", i když to není primární funkce antiviru. Toto má zajistit výrobce daného programu. Pokud se tedy do PC dostane zdrojový virus, stáhne si vizuál podle toho, v jaké zemi se PC nachází.

Pravdou je, že drtivou většinu těchto hrozeb detekujeme a blokujeme! Zdrojový kód se tedy mění poměrně rychle (denně nové varianty) a tvůrci malware se snaží nové varianty napsat tak, aby ho antivirové programy nedetekovaly. Náš VirusLab se snaží reagovat na každou mutaci, která se objeví.

Obecně platí, že žádný antivirový produkt nezaručí 100% bezpečnost před viry. Na internetu se denně pohybuje kolem 10.000 infiltrací a podrobné informace máme jen o části z nich. Denně také může vzniknout několik variant stejného viru, kdy tak některé varianty detekovány jsou a jiné nikoliv. Vždy nejdříve vzniká vir a teprve poté je možné na něj vydat "protilék". Je to stejné jako v medicíně.

Navíc je nutné udržovat nejenom aktuální virovou databázi, ale i aktualizace operačního systému (Windows) a také aktualizace všech programů v něm! Pokud není některý program aktualizován a při tom obsahuje bezpečnostní díru, antivir nemusí průnik skrze tuto díru zachytit.

S pozdravem,
Ladislav Jukl
Specialista technické podpory
ESET software spol. s r.o.

Zdravím,

posílám log :

Farbar Service Scanner Version: 06-07-2013
Ran by Admin_ (administrator) on 08-07-2013 at 03:29:52
Running from "C:\Users\Admin_\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Tak jeste uklidime

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse