VIRY.CZ

Dobrý večer,

před časem jsem zde na foru řešil problém s PC, kdy jsem měl podezření na rootkit, blbla myš jako kdyby bylo pořád zapnuté pravé tlačítko, objevovaly se i BSOD zprávy, po analýze zde na foru se PC pročistilo, vše se vrátilo do normálu, ale dnes se zase objevil stejný problém s myší. Samo od sebe vyskakuje menu jako kdyby bylo stisknuté pravé tlačítko a levé nereaguje, při stisknutí klávesnice se objevuje cinkání a vyskočí menu, takže defacto nelze psát. Poté co jsem vypnul trackpoint už menu nevyskakuje, ale zdá se, že v PC je zase asi nějaký virus. Bylo by možné zkontrolovat ještě jednou registry? Původní problém jsem řešil s uživatelem Marty84.

Děkuji.

Zdravím! Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Dobrý den,

dnes po zapnutí počítače jsem měl vypnutý avast, musel jsem ho reaktivovat.

přikládám logy:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-10-2014 01
Ran by Dan (administrator) on CYPRIS on 31-10-2014 22:38:47
Running from C:\Users\Dan\Desktop
Loaded Profile: Dan (Available profiles: Dan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Čeština (Česká republika)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(UPEK Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Software 2000 Limited) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2010-04-28] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [41320 2011-01-27] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [281448 2010-12-17] (Lenovo Group Limited)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-02-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\v6ijk9bb.default
FF Homepage: http://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-29]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-30]
CHR Extension: (Disk Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-30]
CHR Extension: (YouTube) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-30]
CHR Extension: (Vyhledávání Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-30]
CHR Extension: (avast! Online Security) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-30]
CHR Extension: (Peněženka Google) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-30]
CHR Extension: (Gmail) - C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-30]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-31]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-30] (AVAST Software)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2010-11-25] (Lenovo Group Limited) [File not signed]
S2 avast! Firewall; "C:\Program Files\AVAST Software\Avast\afwServ.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-31] ()
S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-10-31] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-31] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-31] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-10-31] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-10-31] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-10-31] ()
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13840 2009-03-13] (UPEK Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 22:38 - 2014-10-31 22:39 - 00013983 _____ () C:\Users\Dan\Desktop\FRST.txt
2014-10-31 22:38 - 2014-10-31 22:38 - 00000000 ____D () C:\FRST
2014-10-31 22:34 - 2014-10-31 22:34 - 00002041 _____ () C:\Users\Public\Desktop\Avast SafeZone.lnk
2014-10-31 22:34 - 2014-10-31 22:34 - 00001981 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk
2014-10-31 22:34 - 2014-10-31 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-10-31 22:33 - 2014-10-31 22:34 - 02113536 _____ (Farbar) C:\Users\Dan\Desktop\FRST64.exe
2014-10-31 22:33 - 2014-10-31 22:33 - 00449936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNdisFlt.sys
2014-10-31 22:33 - 2014-10-31 22:33 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-10-31 22:33 - 2014-10-31 22:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-10-31 22:33 - 2014-10-31 22:33 - 00028184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2014-10-29 22:18 - 2014-10-29 22:22 - 171209840 _____ () C:\Users\Dan\Downloads\hp_LJ_P1005_P1505_Full_Solution_ROW(1).exe
2014-10-28 22:31 - 2014-10-28 22:31 - 00002124 _____ () C:\Users\Public\Desktop\Nákup spotřebního materiálu HP.lnk
2014-10-28 22:31 - 2014-10-28 22:31 - 00000000 ____D () C:\ProgramData\HPSSUPPLY
2014-10-28 22:30 - 2014-10-28 22:30 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2014-10-28 22:30 - 2014-10-28 22:30 - 00000000 ____D () C:\Program Files\Avago-HP
2014-10-28 22:30 - 2010-06-29 15:22 - 00403968 _____ (Software 2000 Limited) C:\Windows\system32\HP1006LM.DLL
2014-10-28 22:30 - 2010-01-13 12:43 - 00080399 _____ () C:\Windows\system32\WRes1200.txt
2014-10-28 22:30 - 2010-01-13 12:43 - 00001071 _____ () C:\Windows\system32\W600dpi.txt
2014-10-28 22:30 - 2010-01-13 12:42 - 00080399 _____ () C:\Windows\system32\HRes600.txt
2014-10-28 22:30 - 2010-01-13 12:42 - 00080399 _____ () C:\Windows\system32\HRes1200.txt
2014-10-28 22:30 - 2010-01-13 12:41 - 00064512 _____ () C:\Windows\system32\HPPLVS.dll
2014-10-28 22:23 - 2014-10-28 22:30 - 00000000 ___HD () C:\Program Files (x86)\Avago-HP
2014-10-28 22:20 - 2014-10-28 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-10-28 22:20 - 2014-10-28 22:20 - 00003612 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series
2014-10-28 22:20 - 2014-10-28 22:20 - 00002295 _____ () C:\Users\Public\Desktop\HP Deskjet 3050A J611 series.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00002002 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00001910 _____ () C:\Users\Public\Desktop\HP ePrintCenter - HP Deskjet 3050A J611 series.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00001212 _____ () C:\Users\Public\Desktop\Zakoupit spotřební materiál - HP Deskjet 3050A J611 series.lnk
2014-10-28 22:20 - 2014-10-28 22:20 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\HpUpdate
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\ProgramData\Visan
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\ProgramData\HP
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\Program Files\HP
2014-10-28 22:20 - 2014-10-28 22:20 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-10-28 22:20 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMa011.dll
2014-10-28 22:19 - 2014-10-29 22:23 - 00000000 ____D () C:\Users\Dan\AppData\Local\HP
2014-10-28 22:17 - 2014-10-28 22:31 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-10-28 22:17 - 2014-10-28 22:17 - 00000000 ____D () C:\Users\Dan\AppData\Local\Hewlett-Packard
2014-10-28 22:17 - 2014-10-28 22:17 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-10-28 22:14 - 2014-10-28 22:15 - 05152768 _____ () C:\Users\Dan\Downloads\HPSupportSolutionsFramework-11.51.0027(1).msi
2014-10-28 22:14 - 2014-10-28 22:14 - 05152768 _____ () C:\Users\Dan\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
2014-10-28 22:13 - 2014-10-28 22:32 - 00000000 __SHD () C:\Users\Dan\AppData\Roaming\.#
2014-10-28 22:07 - 2014-10-28 22:12 - 171209840 _____ () C:\Users\Dan\Downloads\hp_LJ_P1005_P1505_Full_Solution_ROW.exe
2014-10-19 21:33 - 2014-10-19 21:33 - 00144384 _____ () C:\Users\Dan\Desktop\402014_Beníšek.xls
2014-10-19 20:53 - 2014-10-19 21:12 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-10-19 20:53 - 2014-10-19 20:53 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-10-19 20:52 - 2014-10-19 21:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-19 20:52 - 2014-10-19 20:52 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-18 08:55 - 2014-10-18 09:27 - 00000000 ____D () C:\Users\Dan\Desktop\SD_VIDEO
2014-10-18 08:55 - 2014-10-18 08:55 - 00000000 ____D () C:\Users\Dan\Desktop\100JVCSO
2014-10-17 18:25 - 2014-10-10 03:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-17 18:25 - 2014-10-10 03:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-17 18:25 - 2014-10-10 03:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-17 18:25 - 2014-10-07 03:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-17 18:25 - 2014-10-07 03:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-17 18:25 - 2014-09-29 01:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-17 18:25 - 2014-09-25 23:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-17 18:25 - 2014-09-25 23:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-17 18:25 - 2014-09-25 23:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-17 18:25 - 2014-09-25 23:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-17 18:25 - 2014-09-25 23:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-17 18:25 - 2014-09-25 23:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-17 18:25 - 2014-09-25 23:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-17 18:25 - 2014-09-19 03:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-17 18:25 - 2014-09-19 02:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-17 18:25 - 2014-09-19 02:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-17 18:25 - 2014-09-19 02:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-17 18:25 - 2014-09-19 02:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-17 18:25 - 2014-09-19 02:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-17 18:25 - 2014-09-19 02:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-17 18:25 - 2014-09-19 02:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-17 18:25 - 2014-09-19 02:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-17 18:25 - 2014-09-19 02:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-17 18:25 - 2014-09-19 02:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-17 18:25 - 2014-09-19 02:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-17 18:25 - 2014-09-19 02:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-17 18:25 - 2014-09-19 02:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-17 18:25 - 2014-09-19 02:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-17 18:25 - 2014-09-19 02:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-17 18:25 - 2014-09-19 02:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-17 18:25 - 2014-09-19 02:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 18:25 - 2014-09-19 02:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-17 18:25 - 2014-09-19 02:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-17 18:25 - 2014-09-19 02:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-17 18:25 - 2014-09-19 02:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-17 18:25 - 2014-09-19 02:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-17 18:25 - 2014-09-19 02:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-17 18:25 - 2014-09-19 02:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-17 18:25 - 2014-09-19 02:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-17 18:25 - 2014-09-19 01:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-17 18:25 - 2014-09-19 01:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-17 18:25 - 2014-09-19 01:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-17 18:25 - 2014-09-19 01:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-17 18:25 - 2014-09-19 01:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-17 18:25 - 2014-09-19 01:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-17 18:25 - 2014-09-19 01:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-17 18:25 - 2014-09-19 01:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-17 18:25 - 2014-09-19 01:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-17 18:25 - 2014-09-19 01:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-17 18:25 - 2014-09-19 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-17 18:25 - 2014-09-19 01:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-17 18:25 - 2014-09-19 01:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-17 18:25 - 2014-09-19 01:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-17 18:25 - 2014-09-19 01:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-17 18:25 - 2014-09-19 01:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-17 18:25 - 2014-09-19 01:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-17 18:25 - 2014-09-19 00:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-17 18:25 - 2014-09-19 00:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-17 18:25 - 2014-09-19 00:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-17 18:25 - 2014-09-19 00:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-17 18:25 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-17 18:25 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-17 18:25 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-17 18:25 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-17 18:25 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-17 18:25 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-17 18:21 - 2014-09-18 03:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-17 18:21 - 2014-09-18 02:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-17 18:20 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-17 18:20 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-17 18:19 - 2014-09-13 02:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-17 18:19 - 2014-09-13 02:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-17 18:19 - 2014-07-17 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-17 18:19 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-17 18:19 - 2014-07-17 03:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-17 18:19 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-17 18:19 - 2014-07-17 02:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-17 18:19 - 2014-07-17 02:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-17 18:19 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-17 18:19 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-13 21:28 - 2014-10-13 21:29 - 00000000 ____D () C:\rsit
2014-10-11 14:33 - 2014-10-11 14:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-11 13:22 - 2014-10-31 22:38 - 00000000 ____D () C:\Users\Dan\Documents\Újezd
2014-10-11 11:34 - 2014-10-11 11:34 - 00000000 ____D () C:\Users\Dan\Documents\Recenze Týden
2014-10-11 11:34 - 2014-10-11 11:34 - 00000000 ____D () C:\Users\Dan\Documents\Filípek a Ivuška
2014-10-11 11:33 - 2014-10-11 11:33 - 00000000 ____D () C:\Users\Dan\Downloads\world
2014-10-11 11:33 - 2014-08-06 21:44 - 08662826 _____ () C:\Users\Dan\Downloads\vyjádření.zip
2014-10-11 11:33 - 2014-08-05 19:29 - 03149424 _____ () C:\Users\Dan\Downloads\C1.pdf(3).zip
2014-10-11 11:33 - 2014-08-05 19:29 - 03149424 _____ () C:\Users\Dan\Downloads\C1.pdf(2).zip
2014-10-11 11:33 - 2014-08-05 19:29 - 03149424 _____ () C:\Users\Dan\Downloads\C1.pdf(1).zip
2014-10-11 11:33 - 2014-07-27 14:13 - 00014539 _____ () C:\Users\Dan\Documents\Tabulka.xlsx
2014-10-11 11:33 - 2014-07-22 20:43 - 00017456 _____ () C:\Users\Dan\Documents\Výdaje Provence.xlsx
2014-10-11 11:33 - 2014-07-11 20:20 - 00046031 _____ () C:\Users\Dan\Documents\Pavouk Brazílie.xlsx
2014-10-11 11:33 - 2014-06-26 21:14 - 00017729 _____ () C:\Users\Dan\Downloads\Pavouk_Brazílie.ods
2014-10-11 11:33 - 2014-06-04 12:01 - 00010903 _____ () C:\Users\Dan\Documents\ubytování Provence.xlsx
2014-10-11 11:33 - 2014-03-19 22:33 - 1081652453 _____ () C:\Users\Dan\Downloads\Romantické_25(76)_Deník_Bridget_Jonesové_1_CZ[@].mp4
2014-10-11 11:33 - 2014-03-15 11:38 - 00360448 _____ () C:\Users\Dan\Documents\Database2.accdb
2014-10-11 11:33 - 2014-02-08 21:32 - 00356352 _____ () C:\Users\Dan\Documents\Database1.accdb
2014-10-11 11:33 - 2014-02-08 18:14 - 00009431 _____ () C:\Users\Dan\Documents\Filípek rozvrh.xlsx
2014-10-11 11:26 - 2014-10-11 11:26 - 00000000 ____D () C:\Users\Dan\Documents\Soubory aplikace Outlook
2014-10-11 11:26 - 2014-10-11 11:26 - 00000000 ____D () C:\Users\Dan\Documents\samsung
2014-10-11 11:26 - 2014-08-12 14:05 - 00000000 ____D () C:\Users\Dan\Documents\SelfMV
2014-10-11 11:19 - 2014-10-11 11:19 - 00000000 ____D () C:\Users\Dan\Documents\NeroVideo
2014-10-11 11:19 - 2014-10-11 11:19 - 00000000 ____D () C:\Users\Dan\Documents\BackUp
2014-10-11 11:19 - 2013-08-30 21:58 - 00010567 _____ () C:\Users\Dan\Documents\Mateřská.xlsx
2014-10-11 11:19 - 2013-08-19 22:18 - 00010362 _____ () C:\Users\Dan\Documents\Velikost.xlsx
2014-10-11 11:19 - 2013-07-15 23:08 - 00009992 _____ () C:\Users\Dan\Documents\benzín Principina.xlsx
2014-10-11 11:19 - 2012-10-15 13:23 - 00072154 _____ () C:\Users\Dan\Documents\procexp.chm
2014-10-11 11:19 - 2012-10-01 08:23 - 00066582 _____ () C:\Users\Dan\Documents\Pstools.chm
2014-10-11 11:19 - 2012-02-24 10:33 - 00014385 _____ () C:\Users\Dan\Documents\VYUCTSRZ.XFDF
2014-10-11 11:19 - 2011-12-07 11:07 - 00007903 _____ () C:\Users\Dan\Documents\readme.txt
2014-10-11 11:19 - 2011-11-28 10:46 - 00063582 _____ () C:\Users\Dan\Documents\procmon.chm
2014-10-11 11:19 - 2010-10-27 12:57 - 00051747 _____ () C:\Users\Dan\Documents\Vmmap.chm
2014-10-11 11:19 - 2010-07-02 15:03 - 00041074 _____ () C:\Users\Dan\Documents\tcpview.chm
2014-10-11 11:19 - 2009-11-19 11:31 - 00040683 _____ () C:\Users\Dan\Documents\Disk2vhd.chm
2014-10-11 11:19 - 2007-11-06 08:17 - 00000039 _____ () C:\Users\Dan\Documents\psversion.txt
2014-10-11 11:19 - 2006-07-28 08:32 - 00007005 _____ () C:\Users\Dan\Documents\Eula.txt
2014-10-11 11:19 - 2005-12-07 14:19 - 00102160 _____ () C:\Users\Dan\Documents\RootkitRevealer.chm
2014-10-11 11:19 - 2005-09-15 08:49 - 00068539 _____ () C:\Users\Dan\Documents\dbgview.chm
2014-10-11 11:13 - 2014-10-17 17:53 - 00000000 ____D () C:\Users\Dan\Desktop\záloha
2014-10-11 11:13 - 2012-08-14 22:47 - 00048200 _____ () C:\Users\Dan\Documents\Olympiáda Londýn.xlsx
2014-10-11 10:40 - 2014-10-13 21:52 - 00000000 ____D () C:\Users\Dan\Desktop\Sken systému
2014-10-09 21:17 - 2014-10-17 17:52 - 00000000 ____D () C:\Program Files\Defraggler
2014-10-09 21:06 - 2014-10-17 17:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-09 21:06 - 2014-10-17 17:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-09 20:44 - 2014-10-17 17:52 - 00000000 ___SD () C:\uninstall
2014-10-08 21:46 - 2014-10-08 21:46 - 00000000 ____D () C:\Windows\system32\%LOCALAPPDATA%
2014-10-08 17:31 - 2014-10-17 17:52 - 00000000 ____D () C:\_OTL
2014-10-06 19:19 - 2014-10-06 19:19 - 00602112 _____ (OldTimer Tools) C:\Users\Dan\Desktop\OTL.exe
2014-10-06 18:41 - 2014-10-06 18:41 - 01222144 _____ () C:\Users\Dan\Downloads\RSITx64(1).exe
2014-10-06 18:11 - 2014-10-06 18:11 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Macromedia
2014-10-06 18:11 - 2014-10-06 18:11 - 00000000 ____D () C:\Users\Dan\AppData\Local\Macromedia
2014-10-06 18:01 - 2014-10-06 18:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-06 18:01 - 2014-10-06 18:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-06 18:01 - 2014-10-06 18:11 - 00003852 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-06 18:01 - 2014-10-06 18:01 - 00000000 ____D () C:\Windows\system32\Macromed
2014-10-06 18:00 - 2014-10-19 21:06 - 00000000 ____D () C:\Users\Dan\AppData\Local\Adobe
2014-10-05 14:08 - 2014-10-05 14:08 - 00000017 _____ () C:\Users\Dan\AppData\Local\resmon.resmoncfg
2014-10-05 13:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-05 13:32 - 2014-10-17 17:52 - 00000000 ____D () C:\Windows\erdnt
2014-10-03 18:01 - 2014-10-03 18:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012(2).exe
2014-10-03 18:00 - 2014-10-03 18:01 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-10-02 21:56 - 2014-10-02 21:56 - 00002982 _____ () C:\Windows\System32\Tasks\Synaptics TouchPad Enhancements
2014-10-02 20:21 - 2014-10-02 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Dan\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-02 20:13 - 2014-10-17 17:52 - 00000000 ____D () C:\AdwCleaner
2014-10-02 20:13 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-02 20:11 - 2014-10-02 20:11 - 01375089 _____ () C:\Users\Dan\Desktop\adwcleaner_3.311.exe
2014-10-02 06:14 - 2014-10-02 06:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-10-02 06:14 - 2014-10-02 06:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-10-02 06:09 - 2014-10-02 06:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-02 06:08 - 2014-10-02 06:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-02 06:08 - 2014-10-02 06:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-31 22:36 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-31 22:36 - 2009-07-14 05:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-31 22:34 - 2011-08-03 01:53 - 00668376 _____ () C:\Windows\system32\perfh005.dat
2014-10-31 22:34 - 2011-08-03 01:53 - 00141004 _____ () C:\Windows\system32\perfc005.dat
2014-10-31 22:34 - 2009-07-14 06:13 - 01582262 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-31 22:33 - 2014-09-30 21:48 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-10-31 22:33 - 2014-09-30 21:46 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-10-31 22:33 - 2014-09-30 21:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-10-31 22:33 - 2011-08-03 02:02 - 01487592 _____ () C:\Windows\WindowsUpdate.log
2014-10-31 22:27 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-31 22:27 - 2009-07-14 05:51 - 00058617 _____ () C:\Windows\setupact.log
2014-10-30 20:20 - 2010-11-21 04:47 - 00866890 _____ () C:\Windows\PFRO.log
2014-10-28 22:26 - 2009-07-14 05:45 - 00345408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-28 22:17 - 2014-09-25 19:37 - 00089512 _____ () C:\Users\Dan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-20 20:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-19 21:06 - 2014-09-26 05:37 - 00000000 ____D () C:\Users\Dan\AppData\Roaming\Adobe
2014-10-19 15:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-10-18 10:53 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-18 09:36 - 2014-09-26 02:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-18 09:16 - 2014-09-30 20:01 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-18 09:01 - 2014-09-25 21:16 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-18 08:56 - 2014-09-25 21:16 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-17 17:56 - 2014-09-25 19:15 - 00000000 ____D () C:\Users\Dan
2014-10-17 17:52 - 2014-09-30 17:55 - 00000000 ____D () C:\Program Files\trend micro
2014-10-17 17:52 - 2014-09-28 16:25 - 00000000 ____D () C:\Windows\Minidump
2014-10-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-17 17:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-17 17:51 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-17 17:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-10-17 17:46 - 2014-09-30 20:00 - 00000000 __RHD () C:\MSOCache
2014-10-17 17:46 - 2011-08-03 02:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-10-09 21:08 - 2011-02-15 10:42 - 00000000 ____D () C:\Windows\Panther
2014-10-05 20:19 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-05 14:23 - 2011-08-03 02:33 - 00000000 ____D () C:\ProgramData\Norton

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 18:27

==================== End Of Log ============================

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://www.stahuj.centrum.cz/utility_a_ ... dwcleaner/
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve >Scan< a potom na >Clean< (smazat)
Proběhne skenováni a pak se objeví log, který sem vložte.

Přikládám log. Musel jsem restartovat počítač.


# AdwCleaner v4.000 - Report created 01/11/2014 at 13:43:25
# DB v201.28
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dan - CYPRIS
# Running from : C:\Users\Dan\Desktop\adwcleaner_4.000.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v32.0.3 (x86 en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R1].txt - [764 octets] - [01/11/2014 13:41:30]
AdwCleaner[S1].txt - [679 octets] - [01/11/2014 13:43:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [738 octets] ##########

Toto je OK. Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Přikládám log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-11-2014
Ran by Dan at 2014-11-02 21:32:49 Run:1
Running from C:\Users\Dan\Desktop
Loaded Profile: Dan (Available profiles: Dan)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

==== End of Fixlog ====

Vše smazáno. Nastala nějaká změna?

No teď to funguje dobře, je to myslím i trochu rychlejší. Co s tím bylo?

Malware žádný, jen pár zbytečností.

OK, dobře. Tak to jsem rád. Děkuju moc.

Rádo se stalo!