VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Čerstvá zkušební instalace a hned se tam objevil neřád.

https://forum.viry.cz:443/viewtopic.php?t=152557

Stránka 1 z 1

Čerstvá zkušební instalace a hned se tam objevil neřád.

Napsal: 20 črc 2017 22:28
od Tabovl
Zdravím vespolek. Stavím si nový PC a protože přecházím na 64bit OS, provedl jsem napřed zkušební testovací instalaci. Přesto se mi podařilo dostat tam nějakého hajzlíka, ikdyž si nejsem vědom rizikového chování.

Podrobnosti o stavu: čerstvá instalace W7 64bit, ovladače a veškerý doposud zkoušený SW jsem stahoval s naprostou většinou z originálních zdrojů a ve většině případů se jedná o free či open source který většinou už dlouho znám a používám. Všechno (drivery i SW) jsem doteď stahoval na starším pc s XP a přes flešku je přenáším do nového k otestování. Na tomto testovacím systému jsem zatím neinstaloval žádný antivir ani nic podobného. Internet mám připojen hlavně kvůli automatickému stahování ovladačů windows a na netu jsem zkušebně navštívil pouze všeobecně známé weby (mapy.cz, maps.google.cz, youtube.cz ... ) (pouze pro vyzkoušení internetu a youtube)

Přesto se mi podařilo chytit neřáda. gBFB5.tmp.exe se jmenuje, vytěžuje procesor na téměř 100% a umí skrývat svou činnost ve správci úloh windows (nikoliv ale v alternativním správci). Také přestane vytěžovat když odpojím internet a začne zase s připojením. Proto si myslím že to bude pravděpodobně nějaký BTC miner nebo podobně svinstvo.

Lehkým zkoumáním jsem přišel na to, že se spouští plánovačem úloh:
System32\Tasks\1289n84b58k811 => C:\Windows\system32\rundll32.exe "C:\ProgramData\1289n84b58k811\1289n84b58k811.dll",nbkeqk

V plánovači se mi dále nezdají:
System32\Tasks\PPI Update => C:\Windows\explorer.exe "hxxp://dazwindowsapps.xyz/download/index.php?mn=9995"
a
System32\Tasks\{A24BF5DA-DB8E-470C-A471-58A7BD8A1859} => C:\Windows\system32\pcalua.exe -a E:\driver\motherboard\W7\mb_driver_intel_usb3\IntelUSB30\SetupUSB3_Dell.exe -d E:\driver\motherboard\W7\mb_driver_intel_usb3\IntelUSB30


Nejde mi ani tak o to se ho zbavit (je to zkušební instalace) ale o to zjistit jak nebo s čím se tam mohl dostat abych se mu pro ostrou instalaci zdárně vyvaroval...
Omlouvám se za dlouhý úvod, já když se rozepíšu tak to stojí většinou za to :-)
Předem děkuji za pomoc.


nyní následuje LOG:



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by Vlasta (administrator) on VLASTA-PC (20-07-2017 22:45:54)
Running from C:\Users\Vlasta\Desktop
Loaded Profiles: Vlasta (Available Profiles: Vlasta)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Čeština (Česká republika)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Genius\ioCentre\GMouseService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Realtek) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWLan.exe
() C:\Windows\runSW.exe
(Realtek) C:\Windows\SwUSB.exe
() C:\Windows\Temp\gBFB5.tmp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\PAC7302\Monitor.exe
() C:\Genius\ioCentre\gTaskBar.exe
(Ghisler Software GmbH) C:\Program Files (x86)\Total CMA Pack\TOTALCMD.EXE
() C:\Genius\ioCentre\gMouseTask.exe
() C:\Genius\ioCentre\gKbdTask.exe
(ioCentre) C:\Genius\ioCentre\gIoCentreFunMgm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Sysinternals - http://www.sysinternals.com) C:\Users\Vlasta\Desktop\ProcessExplorer\procexp64.exe
(Ghisler Software GmbH) C:\Program Files (x86)\Total CMA Pack\TCMDX64.EXE

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [PAC7302_Monitor] => C:\Windows\PixArt\PAC7302\Monitor.exe [323584 2007-12-10] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-16] (Intel Corporation)
HKLM-x32\...\Run: [ioCentre] => C:\Genius\ioCentre\gTaskBar.exe [61440 2012-04-23] ()
HKLM\...\RunOnce: [VLASTA-PC] => C:\Windows\TEMP\gFD8.tmp.exe [239104 2017-07-19] () <==== ATTENTION
HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== ATTENTION
HKLM\ DisallowedCertificates: 18DEA4EFA93B06AE997D234411F3FD72A677EECE (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== ATTENTION
HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 31AC96A6C17C425222C46D55C3CCA6BA12E54DAF (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: 3353EA609334A9F23A701B9159E30CB6C22D4C59 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 373C33726722D3A5D1EDD1F1585D5D25B39BEA1A (SUPERAntiSpyware.com) <==== ATTENTION
HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== ATTENTION
HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 4420C99742DF11DD0795BC15B7B0ABF090DC84DF (Doctor Web Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 5240AB5B05D11B37900AC7712A3C6AE42F377C8C (Check Point Software Technologies Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== ATTENTION
HKLM\ DisallowedCertificates: 88AD5DFE24126872B33175D1778687B642323ACF (McAfee) <==== ATTENTION
HKLM\ DisallowedCertificates: 9132E8B079D080E01D52631690BE18EBC2347C1E (Adaware Software) <==== ATTENTION
HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: 9E3F95577B37C74CA2F70C1E1859E798B7FC6B13 (CURIOLAB S.M.B.A.) <==== ATTENTION
HKLM\ DisallowedCertificates: A1F8DCB086E461E2ABB4B46ADCFA0B48C58B6E99 (Avira Operations GmbH & Co. KG) <==== ATTENTION
HKLM\ DisallowedCertificates: A5341949ABE1407DD7BF7DFE75460D9608FBC309 (BullGuard Ltd) <==== ATTENTION
HKLM\ DisallowedCertificates: A59CC32724DD07A6FC33F7806945481A2D13CA2F (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: AD96BB64BA36379D2E354660780C2067B81DA2E0 (Symantec Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== ATTENTION
HKLM\ DisallowedCertificates: CDC37C22FE9272D8F2610206AD397A45040326B8 (Trend Micro) <==== ATTENTION
HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== ATTENTION
HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== ATTENTION
HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== ATTENTION
HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== ATTENTION
HKLM\ DisallowedCertificates: E513EAB8610CFFD7C87E00BCA15C23AAB407FCEF (AVG Technologies CZ) <==== ATTENTION
HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== ATTENTION
HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== ATTENTION
HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== ATTENTION
HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2804902230-3884548987-1766855796-1000\...\Run: [Total CMA Pack] => C:\Program Files (x86)\Total CMA Pack\Total CMA Pack.exe [63775 2014-01-11] (CMA®)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{AE33AFD2-819E-4455-AB0B-0FFE45A7389E}: [DhcpNameServer] 213.46.172.37 213.46.172.36
Tcpip\..\Interfaces\{F1524A2A-160D-4CF8-891E-D31F3AC49720}: [DhcpNameServer] 213.46.172.37 213.46.172.36

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: jry6fn4t.default
FF ProfilePath: C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\jry6fn4t.default [2017-07-20]
FF Homepage: Mozilla\Firefox\Profiles\jry6fn4t.default -> hxxps://www.google.cz/
FF Extension: (Enhancer for YouTube™) - C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\jry6fn4t.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2017-07-17]
FF Extension: (uBlock Origin) - C:\Users\Vlasta\AppData\Roaming\Mozilla\Firefox\Profiles\jry6fn4t.default\Extensions\uBlock0@raymondhill.net.xpi [2017-07-17]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 GeniusMouseService; C:\Genius\ioCentre\GMouseService.exe [16384 2010-03-11] () [File not signed]
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 RealtekWlanU; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe [48856 2014-05-19] (Realtek)
S2 RTLDHCPService; C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe [262360 2014-04-23] (Realtek)
R2 RunSwUSB; C:\Windows\runSW.exe [36864 2014-04-15] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2017-01-08] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdhub31; C:\Windows\system32\drivers\amdhub31.sys [141528 2016-02-26] (Advanced Micro Devices, Inc.)
S3 amdxhc31; C:\Windows\system32\drivers\amdxhc31.sys [440536 2016-02-26] (Advanced Micro Devices, Inc.)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [39296 2014-02-12] (Etron Technology Inc)
S3 FLxHCIh; C:\Windows\system32\drivers\FLxHCIh.sys [88016 2016-12-09] (Fresco Logic)
R3 fwlanusb6_860; C:\Windows\System32\DRIVERS\fwlanusb6_860.sys [2274336 2015-07-20] (AVM GmbH)
S3 gHidPnp; C:\Windows\System32\Drivers\gHidPnp.Sys [25600 2011-10-26] ()
S3 gMouUsb; C:\Windows\System32\DRIVERS\gMouUsb.sys [14336 2009-11-02] ()
S3 IaNVMe; C:\Windows\system32\drivers\IaNVMe.sys [113160 2016-11-04] (Intel Corporation)
R0 IaNVMeF; C:\Windows\System32\drivers\IaNVMeF.sys [35848 2016-11-04] (Intel Corporation)
S3 IaRNVMe; C:\Windows\system32\drivers\IaRNVMe.sys [592408 2016-01-22] (Intel Corporation)
R0 IaRNVMeF; C:\Windows\System32\drivers\IaRNVMeF.sys [36888 2016-01-22] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 ocznvme; C:\Windows\system32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION)
R0 ocztrimfilter; C:\Windows\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION)
S3 PAC7302; C:\Windows\System32\DRIVERS\PAC7302.SYS [532480 2009-04-28] (PixArt Imaging Inc.)
S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S3 tilfilter; C:\Windows\system32\drivers\TIxHCIlfilter.sys [17672 2015-02-11] (Texas Instruments, Inc.)
S3 tiufilter; C:\Windows\system32\drivers\TIxHCIufilter.sys [23304 2015-02-11] (Texas Instruments, Inc.)
S3 VUSB3HUB; C:\Windows\system32\drivers\ViaHub3.sys [221696 2015-08-20] (VIA Technologies, Inc.)
S3 xhcdrv; C:\Windows\system32\drivers\xhcdrv.sys [294912 2015-08-20] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 22:36 - 2017-07-20 22:46 - 00013600 _____ C:\Users\Vlasta\Desktop\FRST.txt
2017-07-20 22:36 - 2017-07-20 22:45 - 00000000 ____D C:\FRST
2017-07-20 22:35 - 2017-07-20 22:26 - 02382336 _____ (Farbar) C:\Users\Vlasta\Desktop\FRST64.exe
2017-07-20 21:52 - 2017-07-20 22:11 - 00000000 ____D C:\vir
2017-07-20 19:56 - 2017-07-20 19:56 - 00000000 ____D C:\Users\Vlasta\Documents\HDSDR
2017-07-20 19:54 - 2017-07-20 19:56 - 00000000 ____D C:\Program Files (x86)\HDSDR
2017-07-20 19:54 - 2017-07-20 19:54 - 00000967 _____ C:\Users\Public\Desktop\HDSDR.lnk
2017-07-20 19:54 - 2017-07-20 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDSDR
2017-07-20 19:53 - 2017-07-20 19:53 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2017-07-20 19:53 - 2017-07-20 19:53 - 00000410 __RSH C:\ProgramData\ntuser.pol
2017-07-20 19:53 - 2017-07-20 19:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01011.Wdf
2017-07-20 19:53 - 2017-07-20 19:53 - 00000000 ____D C:\Users\Vlasta\usb_driver
2017-07-19 16:57 - 2017-07-19 16:57 - 00003276 _____ C:\Windows\System32\Tasks\SamsungMagician
2017-07-19 16:57 - 2017-07-19 16:57 - 00000000 ____D C:\ProgramData\Samsung
2017-07-19 16:57 - 2017-07-19 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2017-07-19 16:57 - 2017-07-19 16:57 - 00000000 ____D C:\Program Files (x86)\Samsung
2017-07-18 17:58 - 2017-07-18 17:58 - 00007666 _____ C:\Users\Vlasta\AppData\Local\Resmon.ResmonCfg
2017-07-18 17:08 - 2017-07-18 17:08 - 00000000 ____D C:\Users\Vlasta\AppData\LocalLow\Sun
2017-07-18 16:48 - 2017-07-18 21:51 - 00001277 _____ C:\Users\Vlasta\Desktop\nativelog.txt
2017-07-17 21:03 - 2017-07-17 21:03 - 00000000 ____D C:\Users\Vlasta\AppData\Local\CEF
2017-07-17 21:02 - 2017-07-18 21:15 - 00000000 ____D C:\Users\Vlasta\AppData\Roaming\.minecraft
2017-07-17 21:02 - 2017-07-17 21:03 - 00000000 ____D C:\Program Files (x86)\Minecraft
2017-07-17 21:02 - 2017-07-17 21:02 - 00000961 _____ C:\Users\Public\Desktop\Minecraft.lnk
2017-07-17 21:02 - 2017-07-17 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft
2017-07-17 20:04 - 2017-07-17 20:04 - 00000000 ____D C:\Users\Vlasta\AppData\Roaming\GHISLER
2017-07-17 18:31 - 2017-07-17 18:31 - 00000000 ____D C:\Program Files\Windows XP Mode
2017-07-17 18:24 - 2017-07-17 18:39 - 00000000 ___RD C:\Users\Vlasta\Virtual Machines
2017-07-17 18:21 - 2017-07-17 18:23 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC
2017-07-17 18:21 - 2017-07-17 18:21 - 00000000 ____D C:\Program Files (x86)\Windows Virtual PC
2017-07-17 18:12 - 2017-07-17 18:12 - 00000000 ____D C:\Users\Vlasta\AppData\Local\ElevatedDiagnostics
2017-07-17 18:10 - 2010-11-20 15:34 - 00360832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcvmm.sys
2017-07-17 18:10 - 2010-11-20 15:34 - 00194944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpchbus.sys
2017-07-17 18:10 - 2010-11-20 15:27 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\vpchbuspipe.dll
2017-07-17 18:10 - 2010-11-20 15:25 - 04514816 _____ (Microsoft Corporation) C:\Windows\system32\vpc.exe
2017-07-17 18:10 - 2010-11-20 15:25 - 02264064 _____ (Microsoft Corporation) C:\Windows\system32\VPCWizard.exe
2017-07-17 18:10 - 2010-11-20 15:25 - 01369600 _____ (Microsoft Corporation) C:\Windows\system32\VPCSettings.exe
2017-07-17 18:10 - 2010-11-20 13:37 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\VMWindow.exe
2017-07-17 18:10 - 2010-11-20 13:37 - 00936448 _____ (Microsoft Corporation) C:\Windows\system32\vmsal.exe
2017-07-17 18:10 - 2010-11-20 13:35 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\VMCPropertyHandler.dll
2017-07-17 18:10 - 2010-11-20 13:35 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcusb.sys
2017-07-17 18:10 - 2010-11-20 13:35 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcnfltr.sys
2017-07-17 18:10 - 2010-11-20 12:52 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vmsal.exe
2017-07-17 17:19 - 2017-07-17 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Genius
2017-07-17 17:19 - 2017-07-17 17:19 - 00000000 ____D C:\Genius
2017-07-17 17:19 - 2011-10-26 11:25 - 00025600 _____ C:\Windows\system32\Drivers\gHidPnp.sys
2017-07-17 17:19 - 2009-11-02 17:47 - 00014336 _____ C:\Windows\system32\Drivers\gMouUsb.sys
2017-07-17 16:44 - 2017-07-17 21:38 - 00000000 ____D C:\Windows.old
2017-07-17 16:37 - 2017-07-17 16:37 - 00000000 ____D C:\Users\Vlasta\AppData\LocalLow\Intel
2017-07-17 16:28 - 2017-07-17 16:28 - 00000000 ____D C:\Windows\PixArt
2017-07-17 16:28 - 2017-07-17 16:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMessenger 310
2017-07-17 16:28 - 2017-07-17 16:28 - 00000000 ____D C:\Program Files (x86)\KYE SYSTEMS CORP
2017-07-17 16:28 - 2009-04-28 10:07 - 00532480 _____ (PixArt Imaging Inc.) C:\Windows\system32\Drivers\PAC7302.SYS
2017-07-17 16:28 - 2008-05-08 14:33 - 00000885 _____ C:\Windows\SysWOW64\SP7302.ini
2017-07-17 16:28 - 2008-03-24 11:09 - 00141824 _____ (PixArt Imaging Incorporation) C:\Windows\SysWOW64\SP7302.ax
2017-07-17 16:28 - 2007-11-20 17:58 - 00055296 _____ (PixArt Imaging Incorporation) C:\Windows\SysWOW64\Remove.exe
2017-07-17 16:28 - 2007-11-02 11:07 - 00008704 _____ (PixArt Imaging Inc.) C:\Windows\system32\CoInst_071029.dll
2017-07-17 16:28 - 2007-03-21 11:25 - 00000291 _____ C:\Windows\SysWOW64\Remover.ini
2017-07-17 16:28 - 2006-10-12 11:57 - 00014336 _____ (PixArt Imaging Inc.) C:\Windows\SysWOW64\P7302USD.dll
2017-07-16 19:11 - 2017-07-16 19:11 - 00000000 ____D C:\Users\Vlasta\Documents\MPC-HC Capture
2017-07-16 19:09 - 2017-07-16 19:09 - 00000000 ____D C:\Users\Vlasta\Desktop\testy
2017-07-16 19:09 - 2017-07-16 19:09 - 00000000 ____D C:\Users\Vlasta\Desktop\ProcessExplorer
2017-07-16 18:55 - 2017-07-16 18:55 - 00000000 ____D C:\Users\Vlasta\AppData\Local\GHISLER
2017-07-16 18:48 - 2017-07-17 20:04 - 00000000 ___SD C:\Program Files (x86)\Total CMA Pack
2017-07-16 18:48 - 2017-07-16 18:48 - 00001083 _____ C:\Users\Vlasta\Desktop\Total CMA Pack.lnk
2017-07-16 18:48 - 2017-07-16 18:48 - 00000000 ____D C:\Users\Vlasta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total CMA Pack
2017-07-16 18:48 - 2017-07-16 18:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total CMA Pack
2017-07-16 18:46 - 2017-07-16 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-07-16 18:46 - 2017-07-16 18:46 - 00000000 ____D C:\Program Files\7-Zip
2017-07-16 17:32 - 2017-07-16 17:32 - 00002132 _____ C:\Users\Public\Desktop\REALTEK USB Wireless LAN Utility.lnk
2017-07-16 17:32 - 2017-07-16 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK USB Wireless LAN Utility
2017-07-16 17:32 - 2017-07-16 17:32 - 00000000 ____D C:\Program Files (x86)\Cisco
2017-07-16 17:31 - 2014-10-13 11:24 - 03591384 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\rtwlanu.sys
2017-07-16 17:31 - 2014-04-15 10:36 - 00036864 _____ () C:\Windows\runSW.exe
2017-07-16 17:31 - 2014-03-24 12:37 - 00422400 _____ (Realtek) C:\Windows\SwUSB.exe
2017-07-16 17:31 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\Windows\system32\Rtlihvs.dll
2017-07-16 17:31 - 2010-12-01 09:31 - 00451072 _____ C:\Windows\SysWOW64\ISSRemoveSP.exe
2017-07-16 17:31 - 2009-03-31 14:31 - 00380928 _____ (Realtek) C:\Windows\RtlUI2.exe
2017-07-16 17:31 - 2009-01-05 20:31 - 00000901 _____ C:\Windows\RtlUI2.exe.manifest
2017-07-16 17:31 - 2008-07-01 12:31 - 00614400 _____ (Realtek Semiconductor Corp. ) C:\Windows\SysWOW64\Rtlihvs.dll
2017-07-16 17:31 - 2007-04-26 14:05 - 00100000 _____ C:\Windows\SysWOW64\EAPPkt9x.VXD
2017-07-16 17:31 - 2001-09-26 11:03 - 00012981 _____ C:\Windows\SysWOW64\REALPKT.VXD
2017-07-16 17:11 - 2017-07-20 22:36 - 00000000 ____D C:\Users\Vlasta\AppData\LocalLow\Mozilla
2017-07-16 17:11 - 2017-07-16 18:43 - 00000000 ____D C:\Users\Vlasta\AppData\Local\Mozilla
2017-07-16 17:11 - 2017-07-16 17:11 - 00000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-07-16 17:11 - 2017-07-16 17:11 - 00000924 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-07-16 17:11 - 2017-07-16 17:11 - 00000000 ____D C:\Users\Vlasta\AppData\Roaming\Mozilla
2017-07-16 17:11 - 2017-07-16 17:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-07-16 17:11 - 2017-07-16 17:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-16 17:01 - 2017-07-16 17:01 - 00000000 ____D C:\Users\Vlasta\AppData\Roaming\MPC-HC
2017-07-16 16:46 - 2017-07-16 16:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow x64
2017-07-16 16:46 - 2017-07-16 16:46 - 00000000 ____D C:\Program Files\ffdshow
2017-07-16 16:46 - 2014-09-29 12:24 - 00127488 _____ C:\Windows\system32\ff_vfw.dll
2017-07-16 16:45 - 2017-07-16 16:45 - 00001704 _____ C:\Users\Vlasta\Desktop\MPC-HC x64.lnk
2017-07-16 16:45 - 2017-07-16 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC x64
2017-07-16 16:45 - 2017-07-16 16:45 - 00000000 ____D C:\Program Files\MPC-HC
2017-07-16 15:31 - 2017-07-20 22:46 - 00016704 _____ C:\Windows\System32\Tasks\1289n84b58k811
2017-07-16 15:31 - 2017-07-16 15:31 - 00003534 _____ C:\Windows\System32\Tasks\PPI Update
2017-07-16 15:31 - 2017-07-16 15:31 - 00000000 ___HD C:\ProgramData\1289n84b58k811
2017-07-16 15:31 - 2017-07-16 15:31 - 00000000 ____D C:\Program Files (x86)\Removewat 2.2.7
2017-07-16 15:21 - 2017-07-16 15:21 - 00000000 _____ C:\Windows\ativpsrm.bin
2017-07-16 15:10 - 2017-07-16 15:10 - 00000000 ____D C:\Program Files\ATI Technologies
2017-07-16 15:10 - 2017-07-16 15:10 - 00000000 ____D C:\Program Files\ATI
2017-07-16 15:10 - 2017-07-16 15:10 - 00000000 ____D C:\Program Files (x86)\AMD APP
2017-07-16 15:09 - 2017-07-16 15:09 - 00000000 ____D C:\AMD
2017-07-16 15:08 - 2014-06-17 14:13 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2017-07-16 15:08 - 2014-06-17 14:13 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2017-07-16 15:08 - 2014-06-17 14:13 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-07-16 15:07 - 2017-07-16 15:07 - 00003268 _____ C:\Windows\System32\Tasks\{A24BF5DA-DB8E-470C-A471-58A7BD8A1859}
2017-07-16 14:55 - 2017-07-16 14:56 - 00272408 _____ C:\Windows\Minidump\071617-29905-01.dmp
2017-07-16 14:55 - 2017-07-16 14:55 - 322598938 _____ C:\Windows\MEMORY.DMP
2017-07-16 14:55 - 2017-07-16 14:55 - 00000000 ____D C:\Windows\Minidump
2017-07-16 14:55 - 2012-05-20 18:24 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2017-07-16 14:54 - 2017-07-16 14:54 - 00000000 ____D C:\ProgramData\Intel
2017-07-16 14:54 - 2017-07-16 14:54 - 00000000 ____D C:\Program Files\Intel
2017-07-16 14:54 - 2013-09-16 12:17 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2017-07-16 14:53 - 2017-07-16 14:53 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-07-16 14:53 - 2017-07-16 14:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-07-16 14:53 - 2013-09-16 12:17 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2017-07-16 14:53 - 2013-09-16 12:17 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2017-07-16 14:52 - 2017-07-17 16:37 - 00000000 ____D C:\Program Files (x86)\Intel
2017-07-16 14:52 - 2017-07-16 14:52 - 00000000 ____D C:\Intel
2017-07-16 14:52 - 2013-08-21 09:16 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2017-07-16 14:51 - 2017-07-17 17:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-16 14:51 - 2017-07-17 16:42 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-07-16 14:51 - 2017-07-16 14:52 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-07-16 14:51 - 2017-07-16 14:51 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-07-16 14:51 - 2017-07-16 14:51 - 00000000 ____D C:\Program Files\Realtek
2017-07-16 14:51 - 2012-06-19 10:54 - 04065296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-07-16 14:51 - 2012-06-19 07:31 - 00293889 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-07-16 14:51 - 2012-06-08 10:23 - 00083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2017-07-16 14:51 - 2012-06-08 10:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2017-07-16 14:51 - 2012-06-08 10:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2017-07-16 14:51 - 2012-06-08 10:18 - 03615888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2017-07-16 14:51 - 2012-06-06 04:44 - 00869520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-07-16 14:51 - 2012-06-01 03:37 - 02674320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-07-16 14:51 - 2012-05-31 12:08 - 00105616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-07-16 14:51 - 2012-05-25 12:06 - 01706640 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-07-16 14:51 - 2012-05-10 09:22 - 01262696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-07-16 14:51 - 2012-04-10 08:40 - 02533952 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2017-07-16 14:51 - 2012-04-03 12:42 - 01015640 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2017-07-16 14:51 - 2012-03-08 05:47 - 00202336 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2017-07-16 14:51 - 2012-03-08 05:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2017-07-16 14:51 - 2012-02-21 13:45 - 02605400 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib.dll
2017-07-16 14:51 - 2011-12-20 09:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-07-16 14:51 - 2011-12-18 11:58 - 02131288 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ.dll
2017-07-16 14:51 - 2011-12-16 08:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2017-07-16 14:51 - 2011-12-13 10:58 - 01560168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-07-16 14:51 - 2011-12-02 12:38 - 00239208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtHDMIVX.sys
2017-07-16 14:51 - 2011-12-02 08:20 - 03746408 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkHDM64.dll
2017-07-16 14:51 - 2011-11-22 10:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-07-16 14:51 - 2011-09-27 08:04 - 02526824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RHDMEx64.dll
2017-07-16 14:51 - 2011-07-06 07:27 - 00092264 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RHCoInst64.dll
2017-07-16 14:51 - 2011-05-02 08:27 - 03308376 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64H.dll
2017-07-16 14:51 - 2011-05-02 08:27 - 00426328 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64H.dll
2017-07-16 14:51 - 2011-05-02 08:27 - 00136024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64H.dll
2017-07-16 14:51 - 2011-05-02 08:27 - 00118104 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64H.dll
2017-07-16 14:51 - 2011-05-02 08:27 - 00074072 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64H.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00372056 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64H.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RH3DHT64.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RH3DAA64.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64H.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00097624 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64H.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64H.dll
2017-07-16 14:51 - 2010-11-08 01:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-07-16 14:51 - 2010-11-03 12:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-07-16 14:51 - 2010-09-27 03:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2017-07-16 14:51 - 2009-11-24 03:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2017-07-16 14:51 - 2009-11-24 03:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2017-07-16 14:51 - 2009-11-24 03:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2017-07-16 14:51 - 2009-11-24 03:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2017-07-16 14:51 - 2009-11-18 01:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2017-07-16 14:05 - 2017-07-20 19:53 - 00000000 ____D C:\Users\Vlasta
2017-07-16 14:05 - 2017-07-19 16:57 - 00001397 _____ C:\Users\Vlasta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-16 14:05 - 2017-07-16 14:05 - 00058128 _____ C:\Users\Vlasta\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-16 14:05 - 2017-07-16 14:05 - 00000020 ___SH C:\Users\Vlasta\ntuser.ini
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\Šablony
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\Soubory cookie
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\Poslední
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\Okolní tiskárny
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\Okolní síť
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\Nabídka Start
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\Dokumenty
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\Documents\Obrázky
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\Documents\Hudba
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\Documents\Filmy
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\Data aplikací
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Vlasta\AppData\Local\Data aplikací
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Public\Documents\Obrázky
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Public\Documents\Hudba
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Public\Documents\Filmy
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\Šablony
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\Soubory cookie
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\Poslední
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\Okolní tiskárny
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\Okolní síť
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\Nabídka Start
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\Dokumenty
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\Documents\Obrázky
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\Documents\Hudba
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\Documents\Filmy
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\Data aplikací
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default\AppData\Local\Data aplikací
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default User\Documents\Obrázky
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default User\Documents\Hudba
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default User\Documents\Filmy
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programy
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Data aplikací
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\ProgramData\Šablony
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\ProgramData\Plocha
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\ProgramData\Oblíbené položky
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\ProgramData\Nabídka Start
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programy
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\ProgramData\Dokumenty
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 _SHDL C:\ProgramData\Data aplikací
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 ____D C:\Users\Vlasta\AppData\Roaming\Adobe
2017-07-16 14:05 - 2017-07-16 14:05 - 00000000 ____D C:\Users\Vlasta\AppData\Local\VirtualStore
2017-07-16 14:05 - 2011-04-12 10:45 - 00000000 ____D C:\Users\Vlasta\AppData\Roaming\Media Center Programs
2017-07-16 12:41 - 2017-07-16 14:05 - 00000000 ____D C:\Windows\Panther
2017-07-16 12:31 - 2012-05-20 18:25 - 00789824 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2017-07-16 12:00 - 2017-07-16 12:00 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-07-16 12:00 - 2017-07-16 12:00 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-07-16 11:58 - 2017-07-16 11:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2017-07-16 11:58 - 2017-07-16 11:58 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-20 19:53 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-07-20 19:53 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-20 19:52 - 2011-04-12 10:34 - 00624194 _____ C:\Windows\system32\perfh005.dat
2017-07-20 19:52 - 2011-04-12 10:34 - 00119328 _____ C:\Windows\system32\perfc005.dat
2017-07-20 19:52 - 2009-07-14 07:13 - 01445734 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-20 17:14 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-20 17:14 - 2009-07-14 06:45 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-20 17:01 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-18 18:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-07-17 17:49 - 2011-04-12 10:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2017-07-17 16:44 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2017-07-17 16:31 - 2009-07-14 04:34 - 00000685 _____ C:\Windows\win.ini
2017-07-16 14:54 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-07-16 14:05 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Windows NT
2017-07-16 12:41 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-07-16 12:00 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-07-16 11:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2017-07-16 11:55 - 2011-04-12 10:45 - 00000000 ____D C:\Windows\CSC
2017-07-16 11:55 - 2009-07-14 06:45 - 00270032 _____ C:\Windows\system32\FNTCACHE.DAT

==================== Files in the root of some directories =======

2017-07-18 17:58 - 2017-07-18 17:58 - 0007666 _____ () C:\Users\Vlasta\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Windows\TEMP\gFD8.tmp.exe


Some files in TEMP:
====================
2017-07-17 17:19 - 2006-05-25 09:10 - 0455600 _____ (Macrovision Corporation) C:\Users\Vlasta\AppData\Local\Temp\_is7C22.exe
2017-07-16 14:53 - 2006-05-24 06:10 - 0455600 _____ (Macrovision Corporation) C:\Users\Vlasta\AppData\Local\Temp\_is8A64.exe
2017-07-17 16:37 - 2006-05-24 06:10 - 0455600 _____ (Macrovision Corporation) C:\Users\Vlasta\AppData\Local\Temp\_isEF4D.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-16 14:22

==================== End of FRST.txt ============================

Re: Čerstvá zkušební instalace a hned se tam objevil neřád.

Napsal: 21 črc 2017 07:16
od JaRon
ahoj,
- nie som si velmi isty ci je ten w7 legalny :???: :!:
- vycisti subor hosts - ponechaj iba riadok s localhost
- oba subory ZMAZ
C:\ProgramData\1289n84b58k811\1289n84b58k811.dll
c:\Windows\TEMP\gBFB5.tmp.exe
restart PC a prescanuj PC s CureIT - pri troche stastia Ti oznaci zdroj nakazy - ak mas instalacky na disku

Re: Čerstvá zkušební instalace a hned se tam objevil neřád.

Napsal: 21 črc 2017 21:04
od Tabovl
Jo, už jsem na to přišel odkud ten šmejd nejspíš pochází...
Je to skutečně z toho Removewat.
Ale je zajímavé že ten CureIT ho neodhalil.
Systém aktivovaný nemám protože to je jen zkušební verze kterou v následujících dnech smažu.
Ten Removewat jsem měl na flešce ještě z předchozího "léčení" pro známého. (Asi ho budu muset navštívit zbavit ho toho problému také :-)
Vůbec si tedy nevybavuji že bych ho byl spouštěl ale asi se tak stalo.

Moc děkuji za konzultaci a hlavně za tip, díky kterému jsem na to přišel. ;-)

!!!VYŘEŠENO!!!

Re: Čerstvá zkušební instalace a hned se tam objevil neřád.

Napsal: 22 črc 2017 18:22
od JaRon
Rado sa stalo :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz