Dobrý večer,
před časem jsem zde na foru řešil problém s PC, kdy jsem měl podezření na rootkit, blbla myš jako kdyby bylo pořád zapnuté pravé tlačítko, objevovaly se i BSOD zprávy, po analýze zde na foru se PC pročistilo, vše se vrátilo do normálu, ale dnes se zase objevil stejný problém s myší. Samo od sebe vyskakuje menu jako kdyby bylo stisknuté pravé tlačítko a levé nereaguje, při stisknutí klávesnice se objevuje cinkání a vyskočí menu, takže defacto nelze psát. Poté co jsem vypnul trackpoint už menu nevyskakuje, ale zdá se, že v PC je zase asi nějaký virus. Bylo by možné zkontrolovat ještě jednou registry? Původní problém jsem řešil s uživatelem Marty84.
Děkuji.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Rootkit se asi vrátil
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rootkit se asi vrátil
Zdravím! Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rootkit se asi vrátil
Dobrý den,
dnes po zapnutí počítače jsem měl vypnutý avast, musel jsem ho reaktivovat.
přikládám logy:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by Dan (administrator) on CYPRIS on 31-10-2014 22:38:47
Running from C:\Users\Dan\Desktop
Loaded Profile: Dan (Available profiles: Dan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-01-27] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-17] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default
FF Homepage: http://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-29]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-30]
CHR Extension: (Disk Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-30]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-30]
CHR Extension: (Vyhledávání Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-30]
CHR Extension: (avast! Online Security) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-30]
CHR Extension: (Peněženka Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-30]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-31]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-30] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-11-25] (Lenovo Group Limited) [File not signed]
S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-31] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-10-31] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-31] ()
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-31 22:38 - 2014-10-31 22:39 - 00013983 _____ () C:\Users\Dan\Desktop\FRST.txt
2014-10-31 22:38 - 2014-10-31 22:38 - 00000000 ____D () C:\FRST
2014-10-31 22:34 - 2014-10-31 22:34 - 00002041 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2014-10-31 22:34 - 2014-10-31 22:34 - 00001981 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-10-31 22:34 - 2014-10-31 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-10-31 22:33 - 2014-10-31 22:34 - 02113536 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2014-10-31 22:33 - 2014-10-31 22:33 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-10-31 22:33 - 2014-10-31 22:33 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-31 22:33 - 2014-10-31 22:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-31 22:33 - 2014-10-31 22:33 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-10-29 22:18 - 2014-10-29 22:22 - 171209840 _____ () C:\Users\Dan\Downloads\hp_LJ_P1005_P1505_Full_Solution_ROW(1).exe
2014-10-28 22:31 - 2014-10-28 22:31 - 00002124 _____ () C:\Users\Public\Desktop\Nákup spotřebního materiálu HP.lnk
2014-10-28 22:31 - 2014-10-28 22:31 - 00000000 ____D () C:\ProgramData\HPSSUPPLY
2014-10-28 22:30 - 2014-10-28 22:30 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-10-28 22:30 - 2014-10-28 22:30 - 00000000 ____D () C:\Program Files\Avago-HP
2014-10-28 22:30 - 2010-06-29 15:22 - 00403968 _____ (Software 2000 Limited) C:\Windows\system32\HP1006LM.DLL
2014-10-28 22:30 - 2010-01-13 12:43 - 00080399 _____ () C:\Windows\system32\WRes1200.txt
2014-10-28 22:30 - 2010-01-13 12:43 - 00001071 _____ () C:\Windows\system32\W600dpi.txt
2014-10-28 22:30 - 2010-01-13 12:42 - 00080399 _____ () C:\Windows\system32\HRes600.txt
2014-10-28 22:30 - 2010-01-13 12:42 - 00080399 _____ () C:\Windows\system32\HRes1200.txt
2014-10-28 22:30 - 2010-01-13 12:41 - 00064512 _____ () C:\Windows\system32\HPPLVS.dll
2014-10-28 22:23 - 2014-10-28 22:30 - 00000000 ___HD () C:\Program Files (x86)\Avago-HP
2014-10-28 22:20 - 2014-10-28 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-28 22:20 - 2014-10-28 22:20 - 00003612 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series
2014-10-28 22:20 - 2014-10-28 22:20 - 00002295 _____ () C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00002002 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00001910 _____ () C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00001212 _____ () C:\Users\Public\Desktop\Zakoupit spotřební materiál - HP Deskjet 3050A J611 series.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\HpUpdate
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\ProgramData\Visan
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\ProgramData\HP
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\Program Files\HP
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-10-28 22:20 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMa011.dll
2014-10-28 22:19 - 2014-10-29 22:23 - 00000000 ____D () C:\Users\Dan\AppData\Local\HP
2014-10-28 22:17 - 2014-10-28 22:31 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-10-28 22:17 - 2014-10-28 22:17 - 00000000 ____D () C:\Users\Dan\AppData\Local\Hewlett-Packard
2014-10-28 22:17 - 2014-10-28 22:17 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-28 22:14 - 2014-10-28 22:15 - 05152768 _____ () C:\Users\Dan\Downloads\HPSupportSolutionsFramework-11.51.0027(1).msi
2014-10-28 22:14 - 2014-10-28 22:14 - 05152768 _____ () C:\Users\Dan\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-10-28 22:13 - 2014-10-28 22:32 - 00000000 __SHD () C:\Users\Dan\AppData\Roaming\.#
2014-10-28 22:07 - 2014-10-28 22:12 - 171209840 _____ () C:\Users\Dan\Downloads\hp_LJ_P1005_P1505_Full_Solution_ROW.exe
2014-10-19 21:33 - 2014-10-19 21:33 - 00144384 _____ () C:\Users\Dan\Desktop\402014_Beníšek.xls
2014-10-19 20:53 - 2014-10-19 21:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-19 20:53 - 2014-10-19 20:53 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-19 20:52 - 2014-10-19 21:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-19 20:52 - 2014-10-19 20:52 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-18 08:55 - 2014-10-18 09:27 - 00000000 ____D () C:\Users\Dan\Desktop\SD_VIDEO
2014-10-18 08:55 - 2014-10-18 08:55 - 00000000 ____D () C:\Users\Dan\Desktop\100JVCSO
2014-10-17 18:25 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 18:25 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 18:25 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 18:25 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 18:25 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 18:25 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 18:25 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 18:25 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 18:25 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 18:25 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 18:25 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 18:25 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 18:25 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 18:25 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 18:25 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 18:25 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 18:25 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 18:25 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 18:25 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 18:25 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 18:25 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 18:25 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 18:25 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 18:25 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 18:25 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 18:25 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 18:25 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 18:25 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 18:25 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 18:25 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 18:25 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 18:25 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 18:25 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 18:25 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 18:25 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 18:25 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 18:25 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 18:25 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 18:25 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 18:25 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 18:25 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 18:25 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 18:25 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 18:25 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 18:25 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 18:25 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 18:25 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 18:25 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 18:25 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 18:25 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 18:25 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 18:25 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 18:25 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 18:25 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 18:25 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 18:25 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 18:25 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 18:25 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 18:25 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 18:25 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 18:25 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-17 18:25 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 18:25 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 18:21 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 18:21 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 18:20 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 18:20 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 18:19 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 18:19 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 18:19 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 18:19 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 18:19 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 18:19 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 18:19 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 18:19 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-13 21:28 - 2014-10-13 21:29 - 00000000 ____D () C:\rsit
2014-10-11 14:33 - 2014-10-11 14:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-11 13:22 - 2014-10-31 22:38 - 00000000 ____D () C:\Users\Dan\Documents\Újezd
2014-10-11 11:34 - 2014-10-11 11:34 - 00000000 ____D () C:\Users\Dan\Documents\Recenze Týden
2014-10-11 11:34 - 2014-10-11 11:34 - 00000000 ____D () C:\Users\Dan\Documents\Filípek a Ivuška
2014-10-11 11:33 - 2014-10-11 11:33 - 00000000 ____D () C:\Users\Dan\Downloads\world
2014-10-11 11:33 - 2014-08-06 21:44 - 08662826 _____ () C:\Users\Dan\Downloads\vyjádření.zip
2014-10-11 11:33 - 2014-08-05 19:29 - 03149424 _____ () C:\Users\Dan\Downloads\C1.pdf(3).zip
2014-10-11 11:33 - 2014-08-05 19:29 - 03149424 _____ () C:\Users\Dan\Downloads\C1.pdf(2).zip
2014-10-11 11:33 - 2014-08-05 19:29 - 03149424 _____ () C:\Users\Dan\Downloads\C1.pdf(1).zip
2014-10-11 11:33 - 2014-07-27 14:13 - 00014539 _____ () C:\Users\Dan\Documents\Tabulka.xlsx
2014-10-11 11:33 - 2014-07-22 20:43 - 00017456 _____ () C:\Users\Dan\Documents\Výdaje Provence.xlsx
2014-10-11 11:33 - 2014-07-11 20:20 - 00046031 _____ () C:\Users\Dan\Documents\Pavouk Brazílie.xlsx
2014-10-11 11:33 - 2014-06-26 21:14 - 00017729 _____ () C:\Users\Dan\Downloads\Pavouk_Brazílie.ods
2014-10-11 11:33 - 2014-06-04 12:01 - 00010903 _____ () C:\Users\Dan\Documents\ubytování Provence.xlsx
2014-10-11 11:33 - 2014-03-19 22:33 - 1081652453 _____ () C:\Users\Dan\Downloads\Romantické_25(76)_Deník_Bridget_Jonesové_1_CZ[@].mp4
2014-10-11 11:33 - 2014-03-15 11:38 - 00360448 _____ () C:\Users\Dan\Documents\Database2.accdb
2014-10-11 11:33 - 2014-02-08 21:32 - 00356352 _____ () C:\Users\Dan\Documents\Database1.accdb
2014-10-11 11:33 - 2014-02-08 18:14 - 00009431 _____ () C:\Users\Dan\Documents\Filípek rozvrh.xlsx
2014-10-11 11:26 - 2014-10-11 11:26 - 00000000 ____D () C:\Users\Dan\Documents\Soubory aplikace Outlook
2014-10-11 11:26 - 2014-10-11 11:26 - 00000000 ____D () C:\Users\Dan\Documents\samsung
2014-10-11 11:26 - 2014-08-12 14:05 - 00000000 ____D () C:\Users\Dan\Documents\SelfMV
2014-10-11 11:19 - 2014-10-11 11:19 - 00000000 ____D () C:\Users\Dan\Documents\NeroVideo
2014-10-11 11:19 - 2014-10-11 11:19 - 00000000 ____D () C:\Users\Dan\Documents\BackUp
2014-10-11 11:19 - 2013-08-30 21:58 - 00010567 _____ () C:\Users\Dan\Documents\Mateřská.xlsx
2014-10-11 11:19 - 2013-08-19 22:18 - 00010362 _____ () C:\Users\Dan\Documents\Velikost.xlsx
2014-10-11 11:19 - 2013-07-15 23:08 - 00009992 _____ () C:\Users\Dan\Documents\benzín Principina.xlsx
2014-10-11 11:19 - 2012-10-15 13:23 - 00072154 _____ () C:\Users\Dan\Documents\procexp.chm
2014-10-11 11:19 - 2012-10-01 08:23 - 00066582 _____ () C:\Users\Dan\Documents\Pstools.chm
2014-10-11 11:19 - 2012-02-24 10:33 - 00014385 _____ () C:\Users\Dan\Documents\VYUCTSRZ.XFDF
2014-10-11 11:19 - 2011-12-07 11:07 - 00007903 _____ () C:\Users\Dan\Documents\readme.txt
2014-10-11 11:19 - 2011-11-28 10:46 - 00063582 _____ () C:\Users\Dan\Documents\procmon.chm
2014-10-11 11:19 - 2010-10-27 12:57 - 00051747 _____ () C:\Users\Dan\Documents\Vmmap.chm
2014-10-11 11:19 - 2010-07-02 15:03 - 00041074 _____ () C:\Users\Dan\Documents\tcpview.chm
2014-10-11 11:19 - 2009-11-19 11:31 - 00040683 _____ () C:\Users\Dan\Documents\Disk2vhd.chm
2014-10-11 11:19 - 2007-11-06 08:17 - 00000039 _____ () C:\Users\Dan\Documents\psversion.txt
2014-10-11 11:19 - 2006-07-28 08:32 - 00007005 _____ () C:\Users\Dan\Documents\Eula.txt
2014-10-11 11:19 - 2005-12-07 14:19 - 00102160 _____ () C:\Users\Dan\Documents\RootkitRevealer.chm
2014-10-11 11:19 - 2005-09-15 08:49 - 00068539 _____ () C:\Users\Dan\Documents\dbgview.chm
2014-10-11 11:13 - 2014-10-17 17:53 - 00000000 ____D () C:\Users\Dan\Desktop\záloha
2014-10-11 11:13 - 2012-08-14 22:47 - 00048200 _____ () C:\Users\Dan\Documents\Olympiáda Londýn.xlsx
2014-10-11 10:40 - 2014-10-13 21:52 - 00000000 ____D () C:\Users\Dan\Desktop\Sken systému
2014-10-09 21:17 - 2014-10-17 17:52 - 00000000 ____D () C:\Program Files\Defraggler
2014-10-09 21:06 - 2014-10-17 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-09 21:06 - 2014-10-17 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-09 20:44 - 2014-10-17 17:52 - 00000000 ___SD () C:\uninstall
2014-10-08 21:46 - 2014-10-08 21:46 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-10-08 17:31 - 2014-10-17 17:52 - 00000000 ____D () C:\_OTL
2014-10-06 19:19 - 2014-10-06 19:19 - 00602112 _____ (OldTimer Tools) C:\Users\Dan\Desktop\OTL.exe
2014-10-06 18:41 - 2014-10-06 18:41 - 01222144 _____ () C:\Users\Dan\Downloads\RSITx64(1).exe
2014-10-06 18:11 - 2014-10-06 18:11 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Macromedia
2014-10-06 18:11 - 2014-10-06 18:11 - 00000000 ____D () C:\Users\Dan\AppData\Local\Macromedia
2014-10-06 18:01 - 2014-10-06 18:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-06 18:01 - 2014-10-06 18:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-06 18:01 - 2014-10-06 18:11 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-06 18:01 - 2014-10-06 18:01 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-06 18:00 - 2014-10-19 21:06 - 00000000 ____D () C:\Users\Dan\AppData\Local\Adobe
2014-10-05 14:08 - 2014-10-05 14:08 - 00000017 _____ () C:\Users\Dan\AppData\Local\resmon.resmoncfg
2014-10-05 13:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-05 13:32 - 2014-10-17 17:52 - 00000000 ____D () C:\Windows\erdnt
2014-10-03 18:01 - 2014-10-03 18:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-10-03 18:00 - 2014-10-03 18:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-10-02 21:56 - 2014-10-02 21:56 - 00002982 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-10-02 20:21 - 2014-10-02 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-02 20:13 - 2014-10-17 17:52 - 00000000 ____D () C:\AdwCleaner
2014-10-02 20:13 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-02 20:11 - 2014-10-02 20:11 - 01375089 _____ () C:\Users\Dan\Desktop\adwcleaner_3.311.exe
2014-10-02 06:14 - 2014-10-02 06:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-10-02 06:14 - 2014-10-02 06:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-10-02 06:09 - 2014-10-02 06:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-02 06:08 - 2014-10-02 06:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-02 06:08 - 2014-10-02 06:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-31 22:36 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-31 22:36 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-31 22:34 - 2011-08-03 01:53 - 00668376 _____ () C:\Windows\system32\perfh005.dat
2014-10-31 22:34 - 2011-08-03 01:53 - 00141004 _____ () C:\Windows\system32\perfc005.dat
2014-10-31 22:34 - 2009-07-14 06:13 - 01582262 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 22:33 - 2014-09-30 21:48 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-31 22:33 - 2014-09-30 21:46 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-31 22:33 - 2011-08-03 02:02 - 01487592 _____ () C:\Windows\WindowsUpdate.log
2014-10-31 22:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-31 22:27 - 2009-07-14 05:51 - 00058617 _____ () C:\Windows\setupact.log
2014-10-30 20:20 - 2010-11-21 04:47 - 00866890 _____ () C:\Windows\PFRO.log
2014-10-28 22:26 - 2009-07-14 05:45 - 00345408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 22:17 - 2014-09-25 19:37 - 00089512 _____ () C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-20 20:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-19 21:06 - 2014-09-26 05:37 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Adobe
2014-10-19 15:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 10:53 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-18 09:36 - 2014-09-26 02:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 09:16 - 2014-09-30 20:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 09:01 - 2014-09-25 21:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 08:56 - 2014-09-25 21:16 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 17:56 - 2014-09-25 19:15 - 00000000 ____D () C:\Users\Dan
2014-10-17 17:52 - 2014-09-30 17:55 - 00000000 ____D () C:\Program Files\trend micro
2014-10-17 17:52 - 2014-09-28 16:25 - 00000000 ____D () C:\Windows\Minidump
2014-10-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-17 17:51 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-17 17:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-17 17:46 - 2014-09-30 20:00 - 00000000 __RHD () C:\MSOCache
2014-10-17 17:46 - 2011-08-03 02:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-09 21:08 - 2011-02-15 10:42 - 00000000 ____D () C:\Windows\Panther
2014-10-05 20:19 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-05 14:23 - 2011-08-03 02:33 - 00000000 ____D () C:\ProgramData\Norton
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 18:27
==================== End Of Log ============================
dnes po zapnutí počítače jsem měl vypnutý avast, musel jsem ho reaktivovat.
přikládám logy:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by Dan (administrator) on CYPRIS on 31-10-2014 22:38:47
Running from C:\Users\Dan\Desktop
Loaded Profile: Dan (Available profiles: Dan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-01-27] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-17] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default
FF Homepage: http://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-29]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-30]
CHR Extension: (Disk Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-30]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-30]
CHR Extension: (Vyhledávání Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-30]
CHR Extension: (avast! Online Security) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-30]
CHR Extension: (Peněženka Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-30]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-31]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-30] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-11-25] (Lenovo Group Limited) [File not signed]
S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-31] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-10-31] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-31] ()
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-31 22:38 - 2014-10-31 22:39 - 00013983 _____ () C:\Users\Dan\Desktop\FRST.txt
2014-10-31 22:38 - 2014-10-31 22:38 - 00000000 ____D () C:\FRST
2014-10-31 22:34 - 2014-10-31 22:34 - 00002041 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2014-10-31 22:34 - 2014-10-31 22:34 - 00001981 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-10-31 22:34 - 2014-10-31 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-10-31 22:33 - 2014-10-31 22:34 - 02113536 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2014-10-31 22:33 - 2014-10-31 22:33 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-10-31 22:33 - 2014-10-31 22:33 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-31 22:33 - 2014-10-31 22:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-31 22:33 - 2014-10-31 22:33 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-10-29 22:18 - 2014-10-29 22:22 - 171209840 _____ () C:\Users\Dan\Downloads\hp_LJ_P1005_P1505_Full_Solution_ROW(1).exe
2014-10-28 22:31 - 2014-10-28 22:31 - 00002124 _____ () C:\Users\Public\Desktop\Nákup spotřebního materiálu HP.lnk
2014-10-28 22:31 - 2014-10-28 22:31 - 00000000 ____D () C:\ProgramData\HPSSUPPLY
2014-10-28 22:30 - 2014-10-28 22:30 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-10-28 22:30 - 2014-10-28 22:30 - 00000000 ____D () C:\Program Files\Avago-HP
2014-10-28 22:30 - 2010-06-29 15:22 - 00403968 _____ (Software 2000 Limited) C:\Windows\system32\HP1006LM.DLL
2014-10-28 22:30 - 2010-01-13 12:43 - 00080399 _____ () C:\Windows\system32\WRes1200.txt
2014-10-28 22:30 - 2010-01-13 12:43 - 00001071 _____ () C:\Windows\system32\W600dpi.txt
2014-10-28 22:30 - 2010-01-13 12:42 - 00080399 _____ () C:\Windows\system32\HRes600.txt
2014-10-28 22:30 - 2010-01-13 12:42 - 00080399 _____ () C:\Windows\system32\HRes1200.txt
2014-10-28 22:30 - 2010-01-13 12:41 - 00064512 _____ () C:\Windows\system32\HPPLVS.dll
2014-10-28 22:23 - 2014-10-28 22:30 - 00000000 ___HD () C:\Program Files (x86)\Avago-HP
2014-10-28 22:20 - 2014-10-28 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-28 22:20 - 2014-10-28 22:20 - 00003612 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series
2014-10-28 22:20 - 2014-10-28 22:20 - 00002295 _____ () C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00002002 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00001910 _____ () C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00001212 _____ () C:\Users\Public\Desktop\Zakoupit spotřební materiál - HP Deskjet 3050A J611 series.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\HpUpdate
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\ProgramData\Visan
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\ProgramData\HP
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\Program Files\HP
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-10-28 22:20 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMa011.dll
2014-10-28 22:19 - 2014-10-29 22:23 - 00000000 ____D () C:\Users\Dan\AppData\Local\HP
2014-10-28 22:17 - 2014-10-28 22:31 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-10-28 22:17 - 2014-10-28 22:17 - 00000000 ____D () C:\Users\Dan\AppData\Local\Hewlett-Packard
2014-10-28 22:17 - 2014-10-28 22:17 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-28 22:14 - 2014-10-28 22:15 - 05152768 _____ () C:\Users\Dan\Downloads\HPSupportSolutionsFramework-11.51.0027(1).msi
2014-10-28 22:14 - 2014-10-28 22:14 - 05152768 _____ () C:\Users\Dan\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-10-28 22:13 - 2014-10-28 22:32 - 00000000 __SHD () C:\Users\Dan\AppData\Roaming\.#
2014-10-28 22:07 - 2014-10-28 22:12 - 171209840 _____ () C:\Users\Dan\Downloads\hp_LJ_P1005_P1505_Full_Solution_ROW.exe
2014-10-19 21:33 - 2014-10-19 21:33 - 00144384 _____ () C:\Users\Dan\Desktop\402014_Beníšek.xls
2014-10-19 20:53 - 2014-10-19 21:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-19 20:53 - 2014-10-19 20:53 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-19 20:52 - 2014-10-19 21:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-19 20:52 - 2014-10-19 20:52 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-18 08:55 - 2014-10-18 09:27 - 00000000 ____D () C:\Users\Dan\Desktop\SD_VIDEO
2014-10-18 08:55 - 2014-10-18 08:55 - 00000000 ____D () C:\Users\Dan\Desktop\100JVCSO
2014-10-17 18:25 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 18:25 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 18:25 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 18:25 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 18:25 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 18:25 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 18:25 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 18:25 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 18:25 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 18:25 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 18:25 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 18:25 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 18:25 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 18:25 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 18:25 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 18:25 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 18:25 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 18:25 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 18:25 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 18:25 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 18:25 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 18:25 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 18:25 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 18:25 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 18:25 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 18:25 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 18:25 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 18:25 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 18:25 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 18:25 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 18:25 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 18:25 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 18:25 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 18:25 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 18:25 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 18:25 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 18:25 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 18:25 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 18:25 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 18:25 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 18:25 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 18:25 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 18:25 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 18:25 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 18:25 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 18:25 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 18:25 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 18:25 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 18:25 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 18:25 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 18:25 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 18:25 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 18:25 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 18:25 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 18:25 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 18:25 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 18:25 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 18:25 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 18:25 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 18:25 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 18:25 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-17 18:25 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 18:25 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 18:21 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 18:21 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 18:20 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 18:20 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 18:19 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 18:19 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 18:19 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 18:19 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 18:19 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 18:19 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 18:19 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 18:19 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-13 21:28 - 2014-10-13 21:29 - 00000000 ____D () C:\rsit
2014-10-11 14:33 - 2014-10-11 14:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-11 13:22 - 2014-10-31 22:38 - 00000000 ____D () C:\Users\Dan\Documents\Újezd
2014-10-11 11:34 - 2014-10-11 11:34 - 00000000 ____D () C:\Users\Dan\Documents\Recenze Týden
2014-10-11 11:34 - 2014-10-11 11:34 - 00000000 ____D () C:\Users\Dan\Documents\Filípek a Ivuška
2014-10-11 11:33 - 2014-10-11 11:33 - 00000000 ____D () C:\Users\Dan\Downloads\world
2014-10-11 11:33 - 2014-08-06 21:44 - 08662826 _____ () C:\Users\Dan\Downloads\vyjádření.zip
2014-10-11 11:33 - 2014-08-05 19:29 - 03149424 _____ () C:\Users\Dan\Downloads\C1.pdf(3).zip
2014-10-11 11:33 - 2014-08-05 19:29 - 03149424 _____ () C:\Users\Dan\Downloads\C1.pdf(2).zip
2014-10-11 11:33 - 2014-08-05 19:29 - 03149424 _____ () C:\Users\Dan\Downloads\C1.pdf(1).zip
2014-10-11 11:33 - 2014-07-27 14:13 - 00014539 _____ () C:\Users\Dan\Documents\Tabulka.xlsx
2014-10-11 11:33 - 2014-07-22 20:43 - 00017456 _____ () C:\Users\Dan\Documents\Výdaje Provence.xlsx
2014-10-11 11:33 - 2014-07-11 20:20 - 00046031 _____ () C:\Users\Dan\Documents\Pavouk Brazílie.xlsx
2014-10-11 11:33 - 2014-06-26 21:14 - 00017729 _____ () C:\Users\Dan\Downloads\Pavouk_Brazílie.ods
2014-10-11 11:33 - 2014-06-04 12:01 - 00010903 _____ () C:\Users\Dan\Documents\ubytování Provence.xlsx
2014-10-11 11:33 - 2014-03-19 22:33 - 1081652453 _____ () C:\Users\Dan\Downloads\Romantické_25(76)_Deník_Bridget_Jonesové_1_CZ[@].mp4
2014-10-11 11:33 - 2014-03-15 11:38 - 00360448 _____ () C:\Users\Dan\Documents\Database2.accdb
2014-10-11 11:33 - 2014-02-08 21:32 - 00356352 _____ () C:\Users\Dan\Documents\Database1.accdb
2014-10-11 11:33 - 2014-02-08 18:14 - 00009431 _____ () C:\Users\Dan\Documents\Filípek rozvrh.xlsx
2014-10-11 11:26 - 2014-10-11 11:26 - 00000000 ____D () C:\Users\Dan\Documents\Soubory aplikace Outlook
2014-10-11 11:26 - 2014-10-11 11:26 - 00000000 ____D () C:\Users\Dan\Documents\samsung
2014-10-11 11:26 - 2014-08-12 14:05 - 00000000 ____D () C:\Users\Dan\Documents\SelfMV
2014-10-11 11:19 - 2014-10-11 11:19 - 00000000 ____D () C:\Users\Dan\Documents\NeroVideo
2014-10-11 11:19 - 2014-10-11 11:19 - 00000000 ____D () C:\Users\Dan\Documents\BackUp
2014-10-11 11:19 - 2013-08-30 21:58 - 00010567 _____ () C:\Users\Dan\Documents\Mateřská.xlsx
2014-10-11 11:19 - 2013-08-19 22:18 - 00010362 _____ () C:\Users\Dan\Documents\Velikost.xlsx
2014-10-11 11:19 - 2013-07-15 23:08 - 00009992 _____ () C:\Users\Dan\Documents\benzín Principina.xlsx
2014-10-11 11:19 - 2012-10-15 13:23 - 00072154 _____ () C:\Users\Dan\Documents\procexp.chm
2014-10-11 11:19 - 2012-10-01 08:23 - 00066582 _____ () C:\Users\Dan\Documents\Pstools.chm
2014-10-11 11:19 - 2012-02-24 10:33 - 00014385 _____ () C:\Users\Dan\Documents\VYUCTSRZ.XFDF
2014-10-11 11:19 - 2011-12-07 11:07 - 00007903 _____ () C:\Users\Dan\Documents\readme.txt
2014-10-11 11:19 - 2011-11-28 10:46 - 00063582 _____ () C:\Users\Dan\Documents\procmon.chm
2014-10-11 11:19 - 2010-10-27 12:57 - 00051747 _____ () C:\Users\Dan\Documents\Vmmap.chm
2014-10-11 11:19 - 2010-07-02 15:03 - 00041074 _____ () C:\Users\Dan\Documents\tcpview.chm
2014-10-11 11:19 - 2009-11-19 11:31 - 00040683 _____ () C:\Users\Dan\Documents\Disk2vhd.chm
2014-10-11 11:19 - 2007-11-06 08:17 - 00000039 _____ () C:\Users\Dan\Documents\psversion.txt
2014-10-11 11:19 - 2006-07-28 08:32 - 00007005 _____ () C:\Users\Dan\Documents\Eula.txt
2014-10-11 11:19 - 2005-12-07 14:19 - 00102160 _____ () C:\Users\Dan\Documents\RootkitRevealer.chm
2014-10-11 11:19 - 2005-09-15 08:49 - 00068539 _____ () C:\Users\Dan\Documents\dbgview.chm
2014-10-11 11:13 - 2014-10-17 17:53 - 00000000 ____D () C:\Users\Dan\Desktop\záloha
2014-10-11 11:13 - 2012-08-14 22:47 - 00048200 _____ () C:\Users\Dan\Documents\Olympiáda Londýn.xlsx
2014-10-11 10:40 - 2014-10-13 21:52 - 00000000 ____D () C:\Users\Dan\Desktop\Sken systému
2014-10-09 21:17 - 2014-10-17 17:52 - 00000000 ____D () C:\Program Files\Defraggler
2014-10-09 21:06 - 2014-10-17 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-09 21:06 - 2014-10-17 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-09 20:44 - 2014-10-17 17:52 - 00000000 ___SD () C:\uninstall
2014-10-08 21:46 - 2014-10-08 21:46 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-10-08 17:31 - 2014-10-17 17:52 - 00000000 ____D () C:\_OTL
2014-10-06 19:19 - 2014-10-06 19:19 - 00602112 _____ (OldTimer Tools) C:\Users\Dan\Desktop\OTL.exe
2014-10-06 18:41 - 2014-10-06 18:41 - 01222144 _____ () C:\Users\Dan\Downloads\RSITx64(1).exe
2014-10-06 18:11 - 2014-10-06 18:11 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Macromedia
2014-10-06 18:11 - 2014-10-06 18:11 - 00000000 ____D () C:\Users\Dan\AppData\Local\Macromedia
2014-10-06 18:01 - 2014-10-06 18:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-06 18:01 - 2014-10-06 18:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-06 18:01 - 2014-10-06 18:11 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-06 18:01 - 2014-10-06 18:01 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-06 18:00 - 2014-10-19 21:06 - 00000000 ____D () C:\Users\Dan\AppData\Local\Adobe
2014-10-05 14:08 - 2014-10-05 14:08 - 00000017 _____ () C:\Users\Dan\AppData\Local\resmon.resmoncfg
2014-10-05 13:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-05 13:32 - 2014-10-17 17:52 - 00000000 ____D () C:\Windows\erdnt
2014-10-03 18:01 - 2014-10-03 18:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-10-03 18:00 - 2014-10-03 18:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-10-02 21:56 - 2014-10-02 21:56 - 00002982 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-10-02 20:21 - 2014-10-02 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-02 20:13 - 2014-10-17 17:52 - 00000000 ____D () C:\AdwCleaner
2014-10-02 20:13 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-02 20:11 - 2014-10-02 20:11 - 01375089 _____ () C:\Users\Dan\Desktop\adwcleaner_3.311.exe
2014-10-02 06:14 - 2014-10-02 06:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-10-02 06:14 - 2014-10-02 06:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-10-02 06:09 - 2014-10-02 06:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-02 06:08 - 2014-10-02 06:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-02 06:08 - 2014-10-02 06:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-31 22:36 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-31 22:36 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-31 22:34 - 2011-08-03 01:53 - 00668376 _____ () C:\Windows\system32\perfh005.dat
2014-10-31 22:34 - 2011-08-03 01:53 - 00141004 _____ () C:\Windows\system32\perfc005.dat
2014-10-31 22:34 - 2009-07-14 06:13 - 01582262 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 22:33 - 2014-09-30 21:48 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-31 22:33 - 2014-09-30 21:46 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-31 22:33 - 2011-08-03 02:02 - 01487592 _____ () C:\Windows\WindowsUpdate.log
2014-10-31 22:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-31 22:27 - 2009-07-14 05:51 - 00058617 _____ () C:\Windows\setupact.log
2014-10-30 20:20 - 2010-11-21 04:47 - 00866890 _____ () C:\Windows\PFRO.log
2014-10-28 22:26 - 2009-07-14 05:45 - 00345408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 22:17 - 2014-09-25 19:37 - 00089512 _____ () C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-20 20:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-19 21:06 - 2014-09-26 05:37 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Adobe
2014-10-19 15:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 10:53 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-18 09:36 - 2014-09-26 02:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 09:16 - 2014-09-30 20:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 09:01 - 2014-09-25 21:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 08:56 - 2014-09-25 21:16 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 17:56 - 2014-09-25 19:15 - 00000000 ____D () C:\Users\Dan
2014-10-17 17:52 - 2014-09-30 17:55 - 00000000 ____D () C:\Program Files\trend micro
2014-10-17 17:52 - 2014-09-28 16:25 - 00000000 ____D () C:\Windows\Minidump
2014-10-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-17 17:51 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-17 17:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-17 17:46 - 2014-09-30 20:00 - 00000000 __RHD () C:\MSOCache
2014-10-17 17:46 - 2011-08-03 02:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-09 21:08 - 2011-02-15 10:42 - 00000000 ____D () C:\Windows\Panther
2014-10-05 20:19 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-05 14:23 - 2011-08-03 02:33 - 00000000 ____D () C:\ProgramData\Norton
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-26 18:27
==================== End Of Log ============================
- Přílohy
-
- Addition.zip
- (7.56 KiB) Staženo 44 x
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rootkit se asi vrátil
Teď spusťte tuto utilitu:
Stáhněte AdwCleaner http://www.stahuj.centrum.cz/utility_a_ ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve >Scan< a potom na >Clean< (smazat)
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rootkit se asi vrátil
Přikládám log. Musel jsem restartovat počítač.
# AdwCleaner v4.000 - Report created 01/11/2014 at 13:43:25
# DB v201.28
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dan - CYPRIS
# Running from : C:\Users\Dan\Desktop\adwcleaner_4.000.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
-\\ Google Chrome v
*************************
AdwCleaner[R1].txt - [764 octets] - [01/11/2014 13:41:30]
AdwCleaner[S1].txt - [679 octets] - [01/11/2014 13:43:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [738 octets] ##########
# AdwCleaner v4.000 - Report created 01/11/2014 at 13:43:25
# DB v201.28
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dan - CYPRIS
# Running from : C:\Users\Dan\Desktop\adwcleaner_4.000.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
-\\ Google Chrome v
*************************
AdwCleaner[R1].txt - [764 octets] - [01/11/2014 13:41:30]
AdwCleaner[S1].txt - [679 octets] - [01/11/2014 13:43:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [738 octets] ##########
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rootkit se asi vrátil
Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rootkit se asi vrátil
Přikládám log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Dan at 2014-11-02 21:32:49 Run:1
Running from C:\Users\Dan\Desktop
Loaded Profile: Dan (Available profiles: Dan)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
==== End of Fixlog ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Dan at 2014-11-02 21:32:49 Run:1
Running from C:\Users\Dan\Desktop
Loaded Profile: Dan (Available profiles: Dan)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
End
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
==== End of Fixlog ====
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rootkit se asi vrátil
Vše smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rootkit se asi vrátil
No teď to funguje dobře, je to myslím i trochu rychlejší. Co s tím bylo?
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rootkit se asi vrátil
Malware žádný, jen pár zbytečností. 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Rootkit se asi vrátil
OK, dobře. Tak to jsem rád. Děkuju moc.
-
Rudy
- Site Admin
- Příspěvky: 119547
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Rootkit se asi vrátil
Rádo se stalo!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?