VIRY.CZ

Zdravím
Známy mi přinesl PC s policejním virem
Při jakemkoli pokusu o spuštění se vždy restartuje, nefunguje nouzovy režim ani s příkazovym řádkem.
Při načítani se zestaví na řádku Windows\system32\drivers\classpnp.sys a dojde k restartu.
jde pouze spustit do normalního režimu , po spuštění naběhne okno s policejnim virem.
po zmačknuti ctrl+alt+del se oběvi systemova lišta takže se da proklikavat nabidkou start.
tam jsem zjistil ve složce po spuštěni soubor "lczj2w7d" dal jsem odstranit ,zmizel ale hned se oběvil zpět.
v nabidce start jde spustic vše, ale po spuštěni se oběvi na systemove liště a běži na pozadi za policejni hlaškou ktera je pořad otevřena přes ostatni okna,takže nejdou nijak ovladat, jde se na ně pouze podivat přes nahled na liště.
jde spustit i příkazovy řádek, ale nejde do něho psát.

V PC je Win 7 32Bit
nějaky nápad,rada??

Zdravim

Zkuste tento postup http://forum.viry.cz/viewtopic.php?f=29&t=132523

asi problem pišu z jineho PC nakaženy je zprovozněny u TV bez připojeni k internetu a na mem PC je 64Bit system a mam pouze 8Gb flešku?

8GB flash disk je zcela dostatecny, stahnete tedy 64bit Hitmana

Uvidime jestli Hitman zafunguje i bez internetu, ale nejsem si jist

Pripadne zkusime jiny postup

takže potřebuje internet

No, myslel jsem si to...

Zkuste tedy tento postup http://forum.viry.cz/viewtopic.php?f=24&t=130783

do nouzoveho režimu ani do nouzoveho režimu s příkazovym řádkem to nespustim, mužu to spustit přimo z flešky přes start, ale pokud to chce nějake potrzeni nebo souhlas tak asi narazim
Jdu to zkusit

OK, zkuste, pripadne na to pujdem jeste uplne jinak...

už jsem na to přišel jde pracovat se soubory na flešce.
ze systemove lišty jde spustit průzkumnik Windows a v něm jsem přimo z lišty spustil FRST

už skenuje až skonči tak se ozvu

Sikula, pockam si na nej

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-09-2013 04
Ran by Radim at 2013-09-14 12:08:54
Running from G:\
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 9.0 Sprint (Version: 9.01.513.58212)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.168)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.7) - Czech (Version: 10.1.7)
Akamai NetSession Interface Service
Aktualizace NVIDIA 1.10.8 (Version: 1.10.8)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665)
Big Fish Games: Game Manager (Version: 2.0.0.28)
Canon Setup Utility 2.3
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CDex - Open Source Digital Audio CD Extractor (Version: 1.70.4.2009)
CD-LabelPrint
CloneCD
ConvertXtoDVD 2.0.16 (Version: 2.0.16)
DivX Converter (Version: 7.0.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.5.0.8)
DivX Version Checker (Version: 7.0.0.19)
DVD Shrink 3.2
DVDFab 6.2.1.8 (31/12/2009)
Epson Easy Photo Print 2 (Version: 2.2.4.0)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (Version: 1.00.0000)
Epson Event Manager (Version: 2.40.0009)
EPSON Scan
EPSON SX130 Series Printer Uninstall
ESET NOD32 Antivirus (Version: 5.2.9.12)
Expert (Version: 2.0.51.0)
Google Chrome (Version: 29.0.1547.66)
Google Update Helper (Version: 1.3.21.153)
GTA San Andreas (Version: 1.00.00001)
Haali Media Splitter
High-Definition Video Playback (Version: 11.1.10400.2.65)
HitmanPro 3.7 (Version: 3.7.7.205)
Huawei Drivers (Version: 4.22.19.00)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 33 (Version: 6.0.330)
Mafia (Version: 1.02)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile CSY Language Pack (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Slovak) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (Czech) 2007 (Version: 12.0.4518.1025)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (Czech) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 22.0 (x86 cs) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero 11 (Version: 11.0.10700)
Nero 11 Disc Menus Basic (Version: 11.0.11200.12.0)
Nero 11 Effects Basic (Version: 11.0.11200.12.0)
Nero 11 Image Samples (Version: 11.0.11200.12.0)
Nero 11 Kwik Themes Basic (Version: 11.0.11200.12.0)
Nero 11 PiP Effects Basic (Version: 11.0.11300.12.0)
Nero Audio Pack 1 (Version: 11.0.11500.110.0)
Nero BackItUp 11 (Version: 6.0.16000.13.100)
Nero BackItUp 11 Help (CHM) (Version: 11.0.10200)
Nero Backup Drivers (Version: 1.0.10000.1.0)
Nero Burning ROM 11 (Version: 11.0.12200.23.100)
Nero Burning ROM 11 Help (CHM) (Version: 11.0.10300)
Nero ControlCenter 11 (Version: 11.0.12300.0.23)
Nero ControlCenter 11 Help (CHM) (Version: 11.0.10300)
Nero Core Components 11 (Version: 11.0.15000.1.12)
Nero CoverDesigner 11 (Version: 6.0.10800.11.100)
Nero CoverDesigner 11 Help (CHM) (Version: 11.0.10300)
Nero Express 11 (Version: 11.0.11700.23.100)
Nero Express 11 Help (CHM) (Version: 11.0.10300)
Nero Kwik Media (Version: 1.10.19300.93.100)
Nero Kwik Media Help (CHM) (Version: 11.0.10200)
Nero Recode 11 (Version: 5.0.13300.32.100)
Nero Recode 11 Help (CHM) (Version: 11.0.10300)
Nero RescueAgent 11 (Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (Version: 11.0.10400)
Nero SoundTrax 11 (Version: 5.0.10400.4.100)
Nero SoundTrax 11 Help (CHM) (Version: 11.0.10400)
Nero Update (Version: 11.0.10623.22.0)
Nero Video 11 (Version: 8.0.14000.21.100)
Nero Video 11 Help (CHM) (Version: 11.0.10300)
Nero WaveEditor 11 (Version: 6.0.10800.5.100)
Nero WaveEditor 11 Help (CHM) (Version: 11.0.10400)
nero.prerequisites.msi (Version: 11.0.20007)
neroxml (Version: 1.0.0)
Network Play System (Patching)
Nokia Connectivity Cable Driver (Version: 7.1.32.64)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Ovladače grafiky 307.83 (Version: 307.83)
NVIDIA Update Components (Version: 1.10.8)
NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
Opera 12.16 (Version: 12.16.1860)
Ovládací panel NVIDIA 307.83 (Version: 307.83)
Ovladače videa společnosti Pinnacle (Version: 12.1.0.030)
Pinnacle Hollywood FX for Studio
Pinnacle Studio 14 (Version: 14.0.0.7255)
Realtek AC'97 Audio (Version: 5.37)
Realtek High Definition Audio Driver (Version: 6.0.1.6043)
Registrace uživatele zařízení Canon iP5300
SmartSound Quicktracks Plugin (Version: 3.0.2.4)
Studio 9 (Version: 9.4)
The Sims Superstar
TmNationsForever
Total Commander (Remove or Repair) (Version: 7.50a)
TP-LINK Wireless Client Utility (Version: 7.0)
UltraISO Premium V9.35
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VCRedistSetup (Version: 1.0.0)
VLC media player 1.0.5 (Version: 1.0.5)
Vypínač na dobrou noc verze 1.0.1
welcome (Version: 11.0.21500.0.4)
Win7codecs (Version: 1.2.2)
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR

==================== Restore Points =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {1027E6AF-8A6F-4262-A176-F88691AD9C82} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-11] (Adobe Systems Incorporated)
Task: {3DBECC24-F435-45AD-928F-2BC56CDB0E13} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-18] (Google Inc.)
Task: {421FB23A-F841-4927-A5C6-929075FF9CBE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {47C1D462-50A6-4D9C-B7C0-F1B85B0EE31F} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: {E4423763-C0A5-405D-8E2B-E3C30E486D86} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-18] (Google Inc.)
Task: {F0FEC1C8-6958-450A-9927-84B8FBE7852A} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: {F21847A4-A4AD-41D8-863D-93FFB9D336B9} - System32\Tasks\User_Feed_Synchronization-{622894C5-84A7-46DF-924B-0E7C3F2DFACB} => C:\Windows\system32\msfeedssync.exe [2013-03-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============


==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\TEMP:592D7272

==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2013 00:02:03 PM) (Source: ESENT) (User: )
Description: taskhost (240) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (09/14/2013 11:55:18 AM) (Source: Application Error) (User: )
Description: Název chybující aplikace: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.18205, časové razítko: 0x51db96c5
Kód výjimky: 0xc0150010
Posun chyby: 0x00083fd3
ID chybujícího procesu: 0x6c0
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3

Error: (09/14/2013 11:48:15 AM) (Source: SideBySide) (User: )
Description: Generování kontextu aktivace pro Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1 se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (09/14/2013 11:45:14 AM) (Source: ESENT) (User: )
Description: taskhost (360) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (09/14/2013 10:02:29 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Služba Šifrování neinicializovala záložní objekt System Writer systému VSS.


Details:
Could not query the status of the EventSystem service.

System Error:
Probíhá vypnutí systému.
.

Error: (09/14/2013 09:57:39 AM) (Source: Application Error) (User: )
Description: Název chybující aplikace: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Název chybujícího modulu: ntdll.dll, verze: 6.1.7601.18205, časové razítko: 0x51db96c5
Kód výjimky: 0xc0150010
Posun chyby: 0x00083fd3
ID chybujícího procesu: 0x6dc
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3

Error: (09/14/2013 09:57:39 AM) (Source: Application Error) (User: )
Description: Název chybující aplikace: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Název chybujícího modulu: egui.exe, verze: 5.2.7.0, časové razítko: 0x4f576eb4
Kód výjimky: 0xc0000005
Posun chyby: 0x00078d5e
ID chybujícího procesu: 0x6dc
Čas spuštění chybující aplikace: 0xegui.exe0
Cesta k chybující aplikaci: egui.exe1
Cesta k chybujícímu modulu: egui.exe2
ID zprávy: egui.exe3

Error: (09/14/2013 09:47:53 AM) (Source: ESENT) (User: )
Description: taskhost (1204) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (09/12/2013 11:20:54 PM) (Source: ESENT) (User: )
Description: taskhost (1892) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error: (09/12/2013 11:15:17 PM) (Source: ESENT) (User: )
Description: taskhost (368) Pokus o otevření souboru C:\Users\Radim\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).


System errors:
=============
Error: (09/14/2013 00:13:50 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 00:13:20 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 00:12:50 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 00:12:20 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 00:11:50 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 00:11:20 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 00:10:50 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 00:10:20 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 00:09:50 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126

Error: (09/14/2013 00:09:20 PM) (Source: Service Control Manager) (User: )
Description: Služba Služba WMI byla ukončena s následující chybou:
%%126


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 2047.55 MB
Available physical RAM: 1310.33 MB
Total Pagefile: 4095.11 MB
Available Pagefile: 3141.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:59.72 GB) NTFS
Drive g: () (Removable) (Total:0.47 GB) (Free:0.47 GB) FAT32
Drive i: (Nový svazek) (Fixed) (Total:698.64 GB) (Free:100.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 14231422)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 74C920E4)
Partition 1: (Not Active) - (Size=699 GB) - (Type=42)

========================================================
Disk: 2 (Size: 490 MB) (Disk ID: 91F72D24)
Partition 1: (Active) - (Size=490 MB) - (Type=0B)

==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-09-2013 04
Ran by Radim (administrator) on RADIM-PC on 14-09-2013 12:04:36
Running from G:\
Windows 7 Ultimate Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [CloneCDTray] - C:\Programy\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [398944 2006-10-17] (CANON INC.)
HKLM\...\Run: [NBKeyScan] - "C:\Programy\nero8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-10] (Ahead Software Gmbh)
HKLM\...\Run: [SoundMan] - C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [PinnacleDriverCheck] - C:\Windows\system32\PSDrvCheck.exe [406016 2004-03-10] ()
HKLM\...\Run: [USBToolTip] - C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-08-30] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3117344 2012-03-07] (ESET)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKCU\...\Run: [HDDtoGOLaunch] - C:\Users\Radim\AppData\Roaming\CoSoSys\HDDtoGO\HDDtoGOLaunch.exe [176128 2010-04-30] ()
HKCU\...\Run: [AlcoholAutomount] - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
HKCU\...\Run: [EPSON SX130 Series] - C:\Windows\TEMP\E_S832D.tmp [126 2011-11-20] ()
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Radim\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
MountPoints2: {1422190c-7652-11e1-ba2d-0013d3367d66} - G:\Autorun.exe
MountPoints2: {43b91d8c-9e21-11df-976d-0013d3367d66} - F:\Install.exe
MountPoints2: {6e447240-aaef-11e0-b35d-806e6f6e6963} - E:\Welcome\Welcome.exe
MountPoints2: {73d8df68-75d2-11e1-bab1-0013d3367d66} - G:\Autorun.exe
MountPoints2: {73d8df7a-75d2-11e1-bab1-0013d3367d66} - G:\Autorun.exe
Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kooperativa - PDF Server.lnk
ShortcutTarget: Kooperativa - PDF Server.lnk -> C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe ()
Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lczj2w7d.lnk
ShortcutTarget: lczj2w7d.lnk -> C:\PROGRA~2\d7w2jzcl.plz ()
Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Programy\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x515AF06DC11FCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTe ... ec38c64cbb
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programy\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programy\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.10.10.1

FireFox:
========
FF ProfilePath: C:\Users\Radim\AppData\Roaming\Mozilla\Firefox\Profiles\1rd4uxuf.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @real.com/nppl3260;version=6.0.12.69 - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF HKLM\...\FireFox\Extensions: [ntfdsaftsfdfdxx@mozilla.org] - C:\Users\Radim\AppData\Roaming\iPumper\extension_firefox.xpi
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb
CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U33) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Win7codecs\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Win7codecs\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
CHR HKLM\...\Chrome\Extension: [kekfoodhbhpjhjcdecjngamojfhknooc] - C:\Users\Radim\AppData\Roaming\iPumper\extension_chrome.crx

========================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET)
R2 EPSON_EB_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [153600 2009-09-14] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [121856 2009-09-14] (SEIKO EPSON CORPORATION)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-09-14] (SurfRight B.V.)
S3 Microsoft Office Groove Audit Service; C:\Programy\Microsoft Office\Office12\GrooveAuditService.exe [64856 2009-02-26] (Microsoft Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [641832 2011-09-23] (Nero AG)
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
S2 Winmgmt; C:\PROGRA~2\d7w2jzcl.plz [159744 2013-09-12] ()

==================== Drivers (Whitelisted) ====================

S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R3 ASAPIW2k; C:\Windows\System32\drivers\ASAPIW2k.sys [11264 2004-03-10] (Pinnacle Systems GmbH)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 DumaNT; C:\Windows\System32\DRIVERS\dumant.sys [399700 2002-11-18] (NVIDIA Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [169080 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [34760 2007-02-16] (SlySoft, Inc.)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [103112 2012-03-14] (ESET)
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [90368 2011-02-25] (Huawei Technologies Co., Ltd.)
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
R1 PCLEPCI; C:\Windows\system32\drivers\pclepci.sys [14165 2004-07-16] (Pinnacle Systems GmbH)
R3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-14] (NXP Semiconductors)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2011-07-10] ()
U3 atuoc28y; C:\Windows\System32\Drivers\atuoc28y.sys [0 ] (Advanced Micro Devices)
U3 axrk6hic; C:\Windows\System32\Drivers\axrk6hic.sys [0 ] (Advanced Micro Devices)
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
S3 MSICPL; \??\D:\install4\MSICPL.sys [x]
S3 NTACCESS; \??\D:\NTACCESS.sys [x]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\61883.sys BEB5E6A8C17C3C7485563281E0F9E77E
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 9EBBBA55060F786F0FCAA3893BFA2806
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVAC.SYS 7997B6F02CBDA0E31FA18CC85871B938
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\drivers\ASAPIW2k.sys 4F9CBBF95E8F7A0D4C0EDCFE3B78102E
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athr.sys 0F4B6B99D6CDC1D93DF1FA690796B2F7
C:\Windows\System32\DRIVERS\avc.sys C44BDD77E06053CF5AFE046F3A47C16B
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 247B4CE2DAB1160CD422D532D5241E1F
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dumant.sys 5B40D257176B7C1ED4367532C737E8A7
C:\Windows\System32\drivers\dxgkrnl.sys 16498EBC04AE9DD07049A8884B205C05
C:\Windows\System32\DRIVERS\eamonm.sys 8A45015E85A4DCE0086B9973F0FD9A20
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 5412ED24FFFCA64E2F0168399B86C952
C:\Windows\System32\Drivers\ElbyCDFL.sys CE37E3D51912E59C80C6D84337C0B4CD
C:\Windows\System32\Drivers\ElbyCDIO.sys 178CC9403816C082D22A1D47FA1F9C85
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\epfwwfpr.sys 0A587BB99A22F8DC3597471425D43314
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_hwusbdev.sys 57C171EA22F0A7F068FCB0CAEDD1E8E7
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ew_jucdcacm.sys 3170044AA8090F80839D3D4330BF733A
C:\Windows\System32\DRIVERS\ew_jubusenum.sys F44461E66F1B7DD267957FE9BAA63ED0
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys B7895B4182C0D16F6EFADEB8081E8D36
C:\Windows\System32\Drivers\ksecpkg.sys D30159AC9237519FBC62C6EC247D2D46
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MarvinBus.sys A3E700D78EEC390F1208098CDCA5C6B6
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msdv.sys 114B67C324D64C8195FD3BF93B4DF02A
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NBVol.sys E240F3204E86B7B6CCF266B2A2AD32B4
C:\Windows\System32\DRIVERS\NBVolUp.sys C0CF3CCCCE3C75F7280C89029AB47866
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\ccdcmb.sys B0A67DE1A128389AEA4D42C5A56215FD
C:\Windows\System32\drivers\ccdcmbo.sys 025C54F9F8C8BC1894EA38529C742C54
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x32.sys B5E37E31C053BC9950455A257526514B
C:\Windows\System32\DRIVERS\nvlddmkm.sys 9A77B1C13BCCEDDF78DFD7AFC25B4F5E
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\System32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pclepci.sys 1BEBE7DE8508A02650CDCE45C664C2A2
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcouffin.sys 5B6C11DE7E839C05248CED8825470FEF
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Ph3xIB32.sys 8B7AEC0ABA77DE5D2FEAC1824C15A3FA
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rtnicxp.sys 4E20765744BFBC16F6D6E5BD5598786B
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 4E8B9BE71B807B3BAEDB7F4243F85E3C
C:\Windows\System32\DRIVERS\tcpip.sys 4E8B9BE71B807B3BAEDB7F4243F85E3C
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbser_lowerflt.sys 78B74AF8727A28C128E164E9B53A5413
C:\Windows\System32\DRIVERS\usbccgp.sys BD9C55D7023C5DE374507ACC7A14E2AC
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys F92DE757E4B7CE9C07C5E65423F3AE3B
C:\Windows\System32\DRIVERS\usbhub.sys 8DC94AEC6A7E644A06135AE7506DC2E9
C:\Windows\System32\DRIVERS\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\drivers\usbser.sys 31181DE6190B39FC8007DFFD1A48FFD6
C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys 4F8FBC51A1C0A17310846B417A447F91
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 68DF884CF41CDADA664BEB01DAF67E3D
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\Drivers\atuoc28y.sys
C:\Windows\System32\Drivers\axrk6hic.sys

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-14 12:06 - 2013-09-14 12:06 - 00030976 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-09-14 12:04 - 2013-09-14 12:04 - 00000000 ____D C:\FRST
2013-09-14 11:48 - 2013-09-14 11:48 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-12 22:46 - 2013-09-12 22:46 - 00016181 ____T C:\ProgramData\fez8.exe
2013-09-12 22:45 - 2013-09-14 12:01 - 00000000 _____ C:\ProgramData\lczj2w7d.ctrl
2013-09-12 22:45 - 2013-09-12 23:20 - 95025368 ____T C:\ProgramData\lczj2w7d.pff
2013-09-12 22:45 - 2013-09-12 22:45 - 00159744 _____ C:\ProgramData\d7w2jzcl.plz
2013-09-12 13:59 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 13:59 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 13:59 - 2013-08-10 05:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 13:59 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 13:59 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 13:59 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 13:59 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 04:44 - 2013-08-08 03:03 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 04:44 - 2013-08-05 03:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 04:44 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 04:44 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 04:43 - 2013-08-02 03:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 04:43 - 2013-08-02 03:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 04:43 - 2013-08-02 03:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 04:43 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 04:43 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-08 11:46 - 2013-09-12 19:07 - 00000210 _____ C:\Users\Radim\Desktop\!0.1!.txt
2013-09-05 22:15 - 2013-09-11 22:15 - 00056832 _____ C:\Users\Radim\Desktop\Plán seminářů - září - september 2013.xls
2013-09-05 22:13 - 2013-09-11 22:14 - 00012775 _____ C:\Users\Radim\Desktop\Plán tréninků 09 2013.xlsx
2013-08-27 00:03 - 2013-09-12 13:49 - 00000252 _____ C:\Users\Radim\Desktop\DNES.txt
2013-08-24 12:46 - 2013-08-24 12:46 - 14012484 _____ C:\Users\Radim\Downloads\SaltLakesDeadSea.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 22843406 _____ C:\Users\Radim\Downloads\AucklandOneTreeHillIanRushton.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 15412792 _____ C:\Users\Radim\Downloads\Hawaii.themepack
2013-08-19 14:43 - 2013-08-19 14:43 - 00000140 _____ C:\Users\Radim\Desktop\NÁVOD-ZFP.txt
2013-08-15 08:14 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 08:14 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-15 08:14 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 08:14 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 08:14 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 08:14 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 08:14 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 08:14 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 08:13 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 08:13 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 08:13 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 08:12 - 2013-06-15 05:40 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-15 08:12 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

==================== One Month Modified Files and Folders =======

2013-09-14 12:06 - 2013-09-14 12:06 - 00030976 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2013-09-14 12:04 - 2013-09-14 12:04 - 00000000 ____D C:\FRST
2013-09-14 12:02 - 2010-04-18 23:56 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-14 12:01 - 2013-09-12 22:45 - 00000000 _____ C:\ProgramData\lczj2w7d.ctrl
2013-09-14 12:01 - 2012-01-28 16:56 - 00000000 ____D C:\Program Files\Common Files\Akamai
2013-09-14 12:01 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-14 12:01 - 2009-07-14 06:39 - 00212531 _____ C:\Windows\setupact.log
2013-09-14 11:55 - 2010-04-09 15:50 - 01976656 _____ C:\Windows\WindowsUpdate.log
2013-09-14 11:52 - 2009-07-14 06:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-14 11:52 - 2009-07-14 06:34 - 00014224 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-14 11:48 - 2013-09-14 11:48 - 00001897 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\ProgramData\HitmanPro
2013-09-14 11:48 - 2013-09-14 11:48 - 00000000 ____D C:\Program Files\HitmanPro
2013-09-14 10:00 - 2010-04-10 12:54 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-14 09:56 - 2013-01-04 14:57 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 23:20 - 2013-09-12 22:45 - 95025368 ____T C:\ProgramData\lczj2w7d.pff
2013-09-12 22:46 - 2013-09-12 22:46 - 00016181 ____T C:\ProgramData\fez8.exe
2013-09-12 22:45 - 2013-09-12 22:45 - 00159744 _____ C:\ProgramData\d7w2jzcl.plz
2013-09-12 22:33 - 2010-04-18 23:56 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-12 22:23 - 2013-08-04 17:45 - 00000719 _____ C:\Users\Radim\Desktop\!0!.txt
2013-09-12 22:21 - 2010-04-10 19:32 - 00000000 ____D C:\Users\Radim\AppData\Roaming\vlc
2013-09-12 21:10 - 2010-04-22 00:58 - 00000000 ____D C:\Users\Radim\AppData\Roaming\dvdcss
2013-09-12 20:59 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-09-12 20:53 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-09-12 19:07 - 2013-09-08 11:46 - 00000210 _____ C:\Users\Radim\Desktop\!0.1!.txt
2013-09-12 19:02 - 2010-04-09 16:03 - 01478586 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-12 18:54 - 2009-07-14 06:33 - 00484768 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 13:56 - 2013-07-25 12:36 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 13:52 - 2010-04-10 19:16 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 13:49 - 2013-08-27 00:03 - 00000252 _____ C:\Users\Radim\Desktop\DNES.txt
2013-09-12 11:32 - 2013-07-18 22:26 - 00000302 _____ C:\Users\Radim\Desktop\! 1 !.txt
2013-09-12 10:38 - 2013-04-12 11:44 - 00000823 _____ C:\Users\Radim\Desktop\! ! ! ! !.txt
2013-09-11 22:15 - 2013-09-05 22:15 - 00056832 _____ C:\Users\Radim\Desktop\Plán seminářů - září - september 2013.xls
2013-09-11 22:14 - 2013-09-05 22:13 - 00012775 _____ C:\Users\Radim\Desktop\Plán tréninků 09 2013.xlsx
2013-09-11 20:56 - 2013-06-07 23:12 - 00000415 _____ C:\Users\Radim\Desktop\Peníze.txt
2013-09-11 20:56 - 2013-01-04 14:57 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-11 20:56 - 2011-06-01 21:08 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-08 14:26 - 2011-09-18 11:24 - 00000000 ____D C:\Users\Radim\Desktop\Lemmings
2013-09-06 10:13 - 2013-08-06 13:32 - 00000560 _____ C:\Users\Radim\Desktop\D.txt
2013-08-30 10:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-26 19:46 - 2009-07-14 06:53 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-24 12:46 - 2013-08-24 12:46 - 14012484 _____ C:\Users\Radim\Downloads\SaltLakesDeadSea.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 22843406 _____ C:\Users\Radim\Downloads\AucklandOneTreeHillIanRushton.themepack
2013-08-24 12:36 - 2013-08-24 12:36 - 15412792 _____ C:\Users\Radim\Downloads\Hawaii.themepack
2013-08-21 23:19 - 2013-07-11 11:23 - 00000349 _____ C:\Users\Radim\Desktop\!.txt
2013-08-20 23:01 - 2013-04-03 23:30 - 00000259 _____ C:\Users\Radim\Desktop\! !.txt
2013-08-19 14:43 - 2013-08-19 14:43 - 00000140 _____ C:\Users\Radim\Desktop\NÁVOD-ZFP.txt
2013-08-16 20:43 - 2012-12-29 12:06 - 00026112 _____ C:\Users\Radim\Desktop\výměna věcí z auta.xls
2013-08-15 19:58 - 2013-02-11 23:57 - 00020992 _____ C:\Users\Radim\Desktop\Zbylé kontakty.xls

Files to move or delete:
====================
C:\ProgramData\d7w2jzcl.plz
C:\ProgramData\fez8.exe
C:\ProgramData\lczj2w7d.ctrl
C:\ProgramData\lczj2w7d.pff


Some content of TEMP:
====================
C:\Users\Radim\AppData\Local\Temp\DivXSetup.exe
C:\Users\Radim\AppData\Local\Temp\fgowwarwqqaphiohrio.bfg
C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Radim\AppData\Local\Temp\KoopFlash10FF.exe
C:\Users\Radim\AppData\Local\Temp\KoopFlash10IE.exe
C:\Users\Radim\AppData\Local\Temp\ose00000.exe
C:\Users\Radim\AppData\Local\Temp\RTBK.EXE
C:\Users\Radim\AppData\Local\Temp\Setup.exe
C:\Users\Radim\AppData\Local\Temp\tmpCE53.exe
C:\Users\Radim\AppData\Local\Temp\toolbar2332031.exe
C:\Users\Radim\AppData\Local\Temp\uninstall13719890.exe
C:\Users\Radim\AppData\Local\Temp\uninstall13729984.exe
C:\Users\Radim\AppData\Local\Temp\wervwyuu0.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Spr vce spouçtŘnˇ syst‚mu Windows
--------------------
identifik tor {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale cs-CZ
inherit {globalsettings}
default {current}
resumeobject {b9173850-43e6-11df-b384-d82d81895164}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale cs-CZ
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {b9173850-43e6-11df-b384-d82d81895164}
nx OptIn

Obnovenˇ z hibernace
---------------------
identifik tor {b9173850-43e6-11df-b384-d82d81895164}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale cs-CZ
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Testov nˇ pamŘti syst‚mu Windows
---------------------
identifik tor {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Diagnostika pamŘti syst‚mu Windows
locale cs-CZ
inherit {globalsettings}
badmemoryaccess Yes

Nastavenˇ slu§by EMS
------------
identifik tor {emssettings}
bootems Yes

Nastavenˇ ladicˇho programu
-----------------
identifik tor {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

Chyby pamŘti RAM
-----------
identifik tor {badmemory}

Glob lnˇ nastavenˇ
---------------
identifik tor {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Nastavenˇ spouçtŘcˇho zavadŘźe
--------------------
identifik tor {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Nastavenˇ hypervisoru
-------------------
identifik tor {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Nastavenˇ zavadŘźe obnovenˇ
----------------------
identifik tor {resumeloadersettings}
inherit {globalsettings}



LastRegBack: 2013-09-01 09:49

==================== End Of Log ============================

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [CloneCDTray] - C:\Programy\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
  HKLM\...\Run: [GrooveMonitor] - C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
  HKLM\...\Run: [NBKeyScan] - "C:\Programy\nero8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
  HKLM\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-10] (Ahead Software Gmbh)
  HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
  HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
  HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
  HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
  HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
  HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
  HKCU\...\Run: [HDDtoGOLaunch] - C:\Users\Radim\AppData\Roaming\CoSoSys\HDDtoGO\HDDtoGOLaunch.exe [176128 2010-04-30] ()
  HKCU\...\Run: [AlcoholAutomount] - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
  HKCU\...\Run: [EPSON SX130 Series] - C:\Windows\TEMP\E_S832D.tmp [126 2011-11-20] ()
  HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Radim\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
  MountPoints2: {1422190c-7652-11e1-ba2d-0013d3367d66} - G:\Autorun.exe
  MountPoints2: {43b91d8c-9e21-11df-976d-0013d3367d66} - F:\Install.exe
  MountPoints2: {6e447240-aaef-11e0-b35d-806e6f6e6963} - E:\Welcome\Welcome.exe
  MountPoints2: {73d8df68-75d2-11e1-bab1-0013d3367d66} - G:\Autorun.exe
  MountPoints2: {73d8df7a-75d2-11e1-bab1-0013d3367d66} - G:\Autorun.exe
  Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lczj2w7d.lnk
  ShortcutTarget: lczj2w7d.lnk -> C:\PROGRA~2\d7w2jzcl.plz ()
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x515AF06DC11FCB01
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
  SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTerms}&affID=116632&tt=0113_8&babsrc=SP_ss&mntrId=b891b345000000000000f4ec38c64cbb
  SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
  Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
  
  CHR HomePage: hxxp://isearch.babylon.com/?affID=11663 ... ec38c64cbb
  CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb"
  
  S2 Winmgmt; C:\PROGRA~2\d7w2jzcl.plz [159744 2013-09-12] ()
  S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
  S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
  S3 MSICPL; \??\D:\install4\MSICPL.sys [x]
  S3 NTACCESS; \??\D:\NTACCESS.sys [x]
  S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [x]
  S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
  S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
  S3 VGPU; System32\drivers\rdvgkmd.sys [x]
  
  C:\ProgramData\d7w2jzcl.plz
  C:\ProgramData\fez8.exe
  C:\ProgramData\lczj2w7d.ctrl
  C:\ProgramData\lczj2w7d.pff
  C:\Users\Radim\AppData\Local\Temp\DivXSetup.exe
  C:\Users\Radim\AppData\Local\Temp\fgowwarwqqaphiohrio.bfg
  C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate.exe
  C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate01.exe
  C:\Users\Radim\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
  C:\Users\Radim\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
  C:\Users\Radim\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
  C:\Users\Radim\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
  C:\Users\Radim\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
  C:\Users\Radim\AppData\Local\Temp\KoopFlash10FF.exe
  C:\Users\Radim\AppData\Local\Temp\KoopFlash10IE.exe
  C:\Users\Radim\AppData\Local\Temp\ose00000.exe
  C:\Users\Radim\AppData\Local\Temp\RTBK.EXE
  C:\Users\Radim\AppData\Local\Temp\Setup.exe
  C:\Users\Radim\AppData\Local\Temp\tmpCE53.exe
  C:\Users\Radim\AppData\Local\Temp\toolbar2332031.exe
  C:\Users\Radim\AppData\Local\Temp\uninstall13719890.exe
  C:\Users\Radim\AppData\Local\Temp\uninstall13729984.exe
  C:\Users\Radim\AppData\Local\Temp\wervwyuu0.exe
  C:\Users\Radim\AppData\Local\Akamai
  
  Hosts:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

• Kliknete na Fix
• Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

proběhla oprava vyhodilo to chybu

autoit error
line 15751 (file "G:\FRST.EXE""):
ERROR: subscript used with non-Array variable

po kliknuti na OK se program vypnul
Restartoval jsem PC a naběhla chyba

RunDLL
při spouštěni soubor u d7w2jzcl.plz došlo k problemu
uvedeny modul nebyl nylezen

po kliknuti na OK PC naběhl bez policejniho okna

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-09-2013 04
Ran by Radim at 2013-09-14 13:40:14 Run:1
Running from G:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [CloneCDTray] - C:\Programy\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-30] (SlySoft, Inc.)
HKLM\...\Run: [GrooveMonitor] - C:\Programy\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [NBKeyScan] - "C:\Programy\nero8\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\...\Run: [NeroFilterCheck] - C:\Windows\system32\NeroCheck.exe [155648 2001-07-10] (Ahead Software Gmbh)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] ()
HKLM\...\Run: [NBAgent] - C:\Program Files\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1493288 2011-09-20] (Nero AG)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKCU\...\Run: [HDDtoGOLaunch] - C:\Users\Radim\AppData\Roaming\CoSoSys\HDDtoGO\HDDtoGOLaunch.exe [176128 2010-04-30] ()
HKCU\...\Run: [AlcoholAutomount] - C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [33120 2010-08-20] (Alcohol Soft Development Team)
HKCU\...\Run: [EPSON SX130 Series] - C:\Windows\TEMP\E_S832D.tmp [126 2011-11-20] ()
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Radim\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
MountPoints2: {1422190c-7652-11e1-ba2d-0013d3367d66} - G:\Autorun.exe
MountPoints2: {43b91d8c-9e21-11df-976d-0013d3367d66} - F:\Install.exe
MountPoints2: {6e447240-aaef-11e0-b35d-806e6f6e6963} - E:\Welcome\Welcome.exe
MountPoints2: {73d8df68-75d2-11e1-bab1-0013d3367d66} - G:\Autorun.exe
MountPoints2: {73d8df7a-75d2-11e1-bab1-0013d3367d66} - G:\Autorun.exe
Startup: C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lczj2w7d.lnk
ShortcutTarget: lczj2w7d.lnk -> C:\PROGRA~2\d7w2jzcl.plz ()

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x515AF06DC11FCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://isearch.babylon.com/?q={searchTe ... ec38c64cbb
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

CHR HomePage: hxxp://isearch.babylon.com/?affID=11663 ... ec38c64cbb
CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb"

S2 Winmgmt; C:\PROGRA~2\d7w2jzcl.plz [159744 2013-09-12] ()
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [46976 2009-07-14] (Microsoft Corporation)
S3 GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS [x]
S3 MSICPL; \??\D:\install4\MSICPL.sys [x]
S3 NTACCESS; \??\D:\NTACCESS.sys [x]
S3 SetupNTGLM7X; \??\D:\NTGLM7X.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

C:\ProgramData\d7w2jzcl.plz
C:\ProgramData\fez8.exe
C:\ProgramData\lczj2w7d.ctrl
C:\ProgramData\lczj2w7d.pff
C:\Users\Radim\AppData\Local\Temp\DivXSetup.exe
C:\Users\Radim\AppData\Local\Temp\fgowwarwqqaphiohrio.bfg
C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Radim\AppData\Local\Temp\FlashPlayerUpdate01.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Radim\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Radim\AppData\Local\Temp\KoopFlash10FF.exe
C:\Users\Radim\AppData\Local\Temp\KoopFlash10IE.exe
C:\Users\Radim\AppData\Local\Temp\ose00000.exe
C:\Users\Radim\AppData\Local\Temp\RTBK.EXE
C:\Users\Radim\AppData\Local\Temp\Setup.exe
C:\Users\Radim\AppData\Local\Temp\tmpCE53.exe
C:\Users\Radim\AppData\Local\Temp\toolbar2332031.exe
C:\Users\Radim\AppData\Local\Temp\uninstall13719890.exe
C:\Users\Radim\AppData\Local\Temp\uninstall13729984.exe
C:\Users\Radim\AppData\Local\Temp\wervwyuu0.exe
C:\Users\Radim\AppData\Local\Akamai

Hosts:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CloneCDTray => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NBKeyScan => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NBAgent => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\HDDtoGOLaunch => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\EPSON SX130 Series => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1422190c-7652-11e1-ba2d-0013d3367d66} => Key deleted successfully.
HKCR\CLSID\{1422190c-7652-11e1-ba2d-0013d3367d66} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43b91d8c-9e21-11df-976d-0013d3367d66} => Key deleted successfully.
HKCR\CLSID\{43b91d8c-9e21-11df-976d-0013d3367d66} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6e447240-aaef-11e0-b35d-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{6e447240-aaef-11e0-b35d-806e6f6e6963} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d8df68-75d2-11e1-bab1-0013d3367d66} => Key deleted successfully.
HKCR\CLSID\{73d8df68-75d2-11e1-bab1-0013d3367d66} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73d8df7a-75d2-11e1-bab1-0013d3367d66} => Key deleted successfully.
HKCR\CLSID\{73d8df7a-75d2-11e1-bab1-0013d3367d66} => Key not found.
C:\Users\Radim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lczj2w7d.lnk => Moved successfully.
C:\PROGRA~2\d7w2jzcl.plz => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
CHR HomePage: hxxp://isearch.babylon.com/?affID=11663 ... ec38c64cbb ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://isearch.babylon.com/?affID=116632&tt=0113_8&babsrc=HP_ss&mntrId=b891b345000000000000f4ec38c64cbb" ==> The Chrome "Settings" can be used to fix the entry.
Winmgmt => Service restored successfully.
61883 => Service deleted successfully.
GMSIPCI => Service deleted successfully.
MSICPL => Service deleted successfully.
NTACCESS => Service deleted successfully.
SetupNTGLM7X => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
"C:\ProgramData\d7w2jzcl.plz" => File/Directory not found.
C:\ProgramData\fez8.exe => Moved successfully.