========== ZeroAccess Check ==========
[2012.04.19 20:15:55 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.03.04 10:51:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2012.09.02 13:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Big Fish Games
[2013.04.27 17:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BlueStacks
[2013.04.27 18:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BlueStacksSetup
[2011.10.25 13:16:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2013.05.03 18:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2012.06.18 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Graboid Inc
[2013.02.23 19:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2012.04.07 14:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MAGIX
[2012.08.03 09:26:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NFS Underground
[2013.05.04 21:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OptimizerPro
[2012.11.20 09:36:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2012.11.20 09:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle VideoSpin
[2012.03.10 16:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\regid.1986-12.com.adobe
[2012.01.26 20:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TmForever
[2012.03.11 21:17:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2013.05.04 21:18:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WxDFastUpdater
[2012.03.11 21:14:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2013.01.10 19:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\TuneUp Software
[2012.03.14 21:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\TuneUp Software
[2012.01.08 18:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Broken Sword 2.5
[2013.02.23 12:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\CallingID
[2013.05.04 10:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\DAEMON Tools Lite
[2012.11.20 09:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\DVDVideoSoft
[2012.08.06 17:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Hornil
[2012.08.10 10:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\ICQ
[2012.01.29 17:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\InterTrust
[2012.04.07 14:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\MAGIX
[2011.11.10 16:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\OpenOffice.org
[2012.05.01 12:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Opera
[2012.08.05 19:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\PhotoFiltre
[2013.01.20 17:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\PhotoScape
[2013.01.04 20:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Rovio
[2012.11.20 09:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Sony
[2013.05.04 13:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Systweak
[2012.03.11 21:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\TuneUp Software
[2012.05.01 12:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Yandex
[2012.10.11 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< >
[2011.10.25 13:01:06 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2011.10.25 13:03:09 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.03.04 10:52:24 | 000,000,364 | -H-- | C] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job
[2013.03.12 20:05:31 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
< >
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2011.05.10 00:48:16 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.03 22:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2003.04.16 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2012.05.01 15:18:59 | 000,301,632 | ---- | M] (Softonic) -- C:\SoftonicDownloader_for_ac97-audio-codec.exe
[2012.05.01 15:19:43 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WDM_A406.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.08.31 08:14:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Adobe
[2012.01.08 18:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Broken Sword 2.5
[2013.02.23 12:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\CallingID
[2013.05.04 10:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\DAEMON Tools Lite
[2012.06.19 07:13:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\dvdcss
[2012.11.20 09:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\DVDVideoSoft
[2011.12.09 20:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Google
[2012.05.22 10:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Help
[2012.08.06 17:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Hornil
[2012.08.10 10:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\ICQ
[2011.10.25 13:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Identities
[2012.01.29 17:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\InterTrust
[2011.10.25 13:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Macromedia
[2012.04.07 14:15:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\MAGIX
[2013.05.04 13:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Malwarebytes
[2013.05.03 21:34:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Milan\Data aplikací\Microsoft
[2012.07.25 19:38:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Mozilla
[2012.10.28 11:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\MSN6
[2011.11.10 16:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\OpenOffice.org
[2012.05.01 12:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Opera
[2012.08.05 19:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\PhotoFiltre
[2013.01.20 17:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\PhotoScape
[2013.01.04 20:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Rovio
[2012.11.20 09:30:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Sony
[2012.07.26 15:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Sony Corporation
[2013.01.15 12:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Sun
[2013.05.04 13:06:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Systweak
[2012.03.11 21:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\TuneUp Software
[2012.06.19 07:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\vlc
[2013.03.11 20:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Winamp
[2011.11.11 12:38:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\WinRAR
[2012.05.01 12:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Yandex
[2012.10.11 20:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Zoner
< %APPDATA%\*.exe /s >
[2013.04.21 08:42:08 | 000,054,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Milan\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2013.01.31 01:58:57 | 000,897,448 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\Milan\Data aplikací\Sun\Java\JRERunOnce.exe
[2012.07.19 17:00:33 | 007,391,320 | ---- | M] (ZONER software ) -- C:\Documents and Settings\Milan\Data aplikací\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build12.exe
[2012.03.23 13:16:08 | 012,505,560 | ---- | M] (ZONER software ) -- C:\Documents and Settings\Milan\Data aplikací\Zoner\NLMDB\product.0034\autoupdate.cz\ZPS13_Update_Build07.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2011.10.25 14:37:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.10.25 14:37:41 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.10.25 14:37:41 | 000,401,408 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
[2013.05.04 15:25:03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
< %systemroot%\system32\*.* /3 >
[2013.05.05 13:23:04 | 000,078,450 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2013.05.05 13:23:04 | 000,067,916 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2013.05.05 13:23:04 | 000,429,560 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2013.05.05 13:23:04 | 000,432,838 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2013.05.05 13:23:04 | 001,022,844 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2013.05.05 15:34:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
[2012.05.01 15:18:59 | 000,301,632 | ---- | M] (Softonic) -- C:\SoftonicDownloader_for_ac97-audio-codec.exe
[2012.05.01 15:19:43 | 018,734,784 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WDM_A406.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemRoot%\System32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.05.05 15:50:52 | 000,000,512 | ---- | M] () MD5=68DAA2DC5AA958000ACBB20A5479E50E -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *AntiWPA* /s >
< *loader* /s >
[2012.05.01 15:18:59 | 000,301,632 | ---- | M] () -- \SoftonicDownloader_for_ac97-audio-codec.exe
[2013.04.11 17:54:38 | 000,197,614 | ---- | M] () -- \Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ftdownloader3@ftdownloader.com.xpi
[2012.06.18 15:27:22 | 000,003,681 | ---- | M] () -- \Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com\content\loader.xul
[2012.02.28 23:09:23 | 000,313,576 | ---- | M] () -- \Documents and Settings\Milan\Local Settings\Data aplikací\Solid State Networks\downloader.bundle
[2012.02.28 23:09:24 | 000,525,216 | ---- | M] () -- \Documents and Settings\Milan\Local Settings\Data aplikací\Solid State Networks\downloader.dll
[2013.05.05 11:05:28 | 000,004,178 | ---- | M] () -- \Documents and Settings\Milan\Local Settings\Temporary Internet Files\Content.IE5\L7UGS0D5\loader[1].gif
[2013.05.05 15:41:18 | 000,001,451 | ---- | M] () -- \Documents and Settings\Milan\Local Settings\Temporary Internet Files\Content.IE5\OAY6WAYZ\shAutoloader[1].js
[2013.05.05 14:10:59 | 000,001,103 | ---- | M] () -- \Documents and Settings\Milan\Local Settings\Temporary Internet Files\Content.IE5\Q629WIZ1\oneMscomJsCssLoader[1].js
[2013.05.05 16:22:52 | 000,004,275 | ---- | M] () -- \Documents and Settings\Milan\Local Settings\Temporary Internet Files\Content.IE5\VU9IQCHJ\uploaderapi2[2].swf
[2013.05.05 13:22:51 | 000,009,427 | ---- | M] () -- \Documents and Settings\Milan\Local Settings\Temporary Internet Files\Content.IE5\W83RS6T9\ajax-loader[1].gif
[2013.05.05 14:07:18 | 000,002,892 | ---- | M] () -- \Documents and Settings\Milan\Local Settings\Temporary Internet Files\Content.IE5\W83RS6T9\ajax-loader[2].gif
[2011.11.09 20:22:07 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.6\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2011.11.09 20:22:13 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.6\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2011.11.09 20:22:06 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.6\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.01.01 17:55:50 | 000,002,886 | ---- | M] () -- \Program Files\ICQ7.6\Xtraz\icq\content\babylon_feed\preloader01_b.swf
[2011.11.09 20:23:28 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.6\Xtraz\icq\content\profile_lightboxs\preloader.html
[2009.05.18 10:51:58 | 000,006,308 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2009.05.15 01:28:34 | 000,022,528 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2009.05.18 11:50:42 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2009.05.15 01:28:28 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2009.05.18 10:18:34 | 000,003,872 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2004.08.17 15:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2004.08.03 22:59:38 | 000,230,400 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.exe
[2004.08.03 22:59:38 | 000,278,016 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2008.04.01 10:11:42 | 000,070,944 | ---- | M] () -- \WINDOWS\system32\PhysXLoader.dll
[2012.08.08 17:32:40 | 000,012,532 | ---- | M] () -- \WINDOWS\system32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2013.05.03 20:49:54 | 000,051,928 | ---- | M] () -- \WINDOWS\Temp\1488b9c8-70ce-4d4d-b4b2-e1f118dcb164\FTDownloader.exe
[2013.05.03 20:08:52 | 000,051,928 | ---- | M] () -- \WINDOWS\Temp\2348ae25-6304-43e6-893d-fbb143f68a09\FTDownloader.exe
[2013.05.03 20:44:52 | 000,051,928 | ---- | M] () -- \WINDOWS\Temp\74ae360d-490c-4bb3-baa2-95b710b0c20d\FTDownloader.exe
[2013.05.03 20:40:49 | 000,051,928 | ---- | M] () -- \WINDOWS\Temp\7c4e1575-fbf1-49dd-953b-d503d98df215\FTDownloader.exe
[2013.05.03 20:39:20 | 000,051,928 | ---- | M] () -- \WINDOWS\Temp\b3d33992-4614-4cae-b3a6-5a02bebc84ed\FTDownloader.exe
[2013.05.03 20:33:39 | 000,051,928 | ---- | M] () -- \WINDOWS\Temp\fa8b98a9-7d49-4272-917c-bb6860073b4e\FTDownloader.exe
< *minodlogin* /s >
< *tnod* /s >
[2013.05.05 14:10:05 | 000,003,850 | ---- | M] () -- \Documents and Settings\Milan\Local Settings\Temporary Internet Files\Content.IE5\W83RS6T9\BtnOdeslatStahnout_U[1].png
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2012.09.27 01:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2004.08.17 15:43:56 | 000,028,416 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\grserial.sys
[2004.08.17 15:44:16 | 000,064,640 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2012.04.19 20:22:25 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.02.14 08:36:12 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.04.19 20:22:50 | 000,090,112 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2013.01.10 00:40:36 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.01.10 11:35:54 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\07de14823c42ee36ffa303d9c89ded36\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.01.10 11:03:10 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\51e7151c1420690c754d7f986c4b1c42\System.Runtime.Serialization.ni.dll
[2010.04.07 23:48:30 | 000,970,752 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\FL_System_Runtime_Serialization_dll_133675_____x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2010.04.07 23:48:30 | 000,970,752 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\FL_System_Runtime_Serialization_dll_147207_____x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.09.10 17:46:28 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.09.27 01:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 07:47:26 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2003.04.16 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2003.04.16 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2003.04.16 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2003.04.16 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
========== Files - Unicode (All) ==========
[2011.11.06 12:07:21 | 000,000,000 | ---- | M] ()(C:\D?ű???ű?ű) -- C:\D횐ű淏䂶횐ű패ű
[2011.11.06 12:07:21 | 000,000,000 | ---- | C] ()(C:\D?ű???ű?ű) -- C:\D횐ű淏䂶횐ű패ű
< End of report >
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu logu
Tohle znate?[2011.11.06 12:07:21 | 000,000,000 | ---- | M] ()(C:\D?ű???ű?ű) -- C:\D횐ű淏䂶횐ű패ű
Dejte jeste novy log z RSIT
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Logfile of random's system information tool 1.09 (written by random/random)
Run by Milan at 2013-05-05 17:10:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (10%) free of 30 GB
Total RAM: 767 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:10:35, on 5.5.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Milan\Plocha\RSIT.exe
C:\Program Files\trend micro\Milan.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AlxHelper - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Updater Service for AMZN - Unknown owner - C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
--
End of file - 4131 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
AlxHelper Class - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [2012-08-15 2162272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]
{EA582743-9076-4178-9AA6-7393FDF4D5CE} - Amazon Browser Bar - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [2012-08-15 2162272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\1nsane\Game.exe"="D:\1nsane\Game.exe:*:Enabled:INSANE"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Disabled:Winamp"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"D:\TM\TmNationsForever\TmForever.exe"="D:\TM\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Codemasters\Insane\Game.exe"="C:\Codemasters\Insane\Game.exe:*:Enabled:INSANE"
"D:\kyodai\kyodai.exe"="D:\kyodai\kyodai.exe:*:Enabled:kyodai"
"C:\Program Files\YourFileDownloader\Downloader.exe"="C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader"
"C:\Program Files\YourFileDownloader\YourFile.exe"="C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader"
"C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe"="C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe:*:Disabled:Need For Speed III for Win32"
"D:\free video\Programs\RM.exe"="D:\free video\Programs\RM.exe:*:Enabled:Render Manager"
"D:\free video\Programs\umi.exe"="D:\free video\Programs\umi.exe:*:Enabled:umi"
"D:\free video\Programs\VideoSpin.exe"="D:\free video\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"vidc.iv50"=ir50_32.dll
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.mjpg"=pvmjpg30.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
======List of files/folders created in the last 1 month======
2013-05-05 14:18:34 ----D---- C:\WINDOWS\LastGood
2013-05-05 14:13:19 ----A---- C:\WINDOWS\setuplog.txt
2013-05-04 15:23:27 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2013-05-04 15:23:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-05-04 15:23:16 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-05-04 14:19:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-05-04 13:11:02 ----D---- C:\Documents and Settings\Milan\Data aplikací\Malwarebytes
2013-05-04 13:10:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-05-04 13:00:50 ----A---- C:\NTUser.dat
2013-05-04 13:00:41 ----D---- C:\Program Files\Amazon Browser Bar
2013-05-04 13:00:00 ----D---- C:\Documents and Settings\Milan\Data aplikací\Systweak
2013-05-04 12:59:52 ----A---- C:\WINDOWS\system32\roboot.exe
2013-05-04 12:50:51 ----AD---- C:\Program Files\FromDocToPDF_65EI
2013-05-04 12:39:40 ----A---- C:\AdwCleaner[S2].txt
2013-05-04 11:43:53 ----A---- C:\AdwCleaner[R4].txt
2013-05-04 10:09:12 ----D---- C:\rsit
2013-05-03 21:03:13 ----A---- C:\autoexec.bat
2013-05-03 21:02:11 ----D---- C:\Program Files\Enigma Software Group
2013-05-03 21:01:27 ----D---- C:\WINDOWS\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-05-03 21:01:23 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2013-04-27 17:05:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\BlueStacksSetup
2013-04-27 17:05:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\BlueStacks
2013-04-10 23:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2808735$
2013-04-10 23:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2013-04-10 23:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2013-04-10 23:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2813170$
======List of files/folders modified in the last 1 month======
2013-05-05 17:10:29 ----D---- C:\Program Files\trend micro
2013-05-05 16:57:13 ----D---- C:\WINDOWS\Prefetch
2013-05-05 14:18:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2013-05-05 14:18:37 ----D---- C:\WINDOWS\Temp
2013-05-05 14:18:37 ----D---- C:\WINDOWS\system32
2013-05-05 14:18:36 ----D---- C:\WINDOWS
2013-05-05 14:18:35 ----D---- C:\WINDOWS\system32\CatRoot2
2013-05-05 13:23:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-05-05 10:37:26 ----D---- C:\Program Files
2013-05-04 21:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2013-05-04 21:20:21 ----D---- C:\WINDOWS\system32\drivers
2013-05-04 21:18:07 ----D---- C:\Program Files\Aktivace
2013-05-04 21:18:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\WxDFastUpdater
2013-05-04 21:18:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\OptimizerPro
2013-05-04 14:20:54 ----D---- C:\WINDOWS\SoftwareDistribution
2013-05-04 13:06:36 ----SD---- C:\WINDOWS\Tasks
2013-05-04 11:32:01 ----HD---- C:\Program Files\InstallShield Installation Information
2013-05-04 11:31:56 ----SHD---- C:\WINDOWS\Installer
2013-05-04 11:31:55 ----HD---- C:\Config.Msi
2013-05-04 11:24:23 ----D---- C:\Program Files\Common Files\InstallShield
2013-05-04 11:24:21 ----D---- C:\Program Files\Empire Interactive
2013-05-04 11:16:59 ----D---- C:\Program Files\JoWooD
2013-05-04 10:45:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-05-04 10:34:44 ----D---- C:\Documents and Settings\Milan\Data aplikací\DAEMON Tools Lite
2013-05-03 21:34:46 ----SD---- C:\Documents and Settings\Milan\Data aplikací\Microsoft
2013-05-03 21:02:27 ----HD---- C:\WINDOWS\inf
2013-05-03 21:01:23 ----D---- C:\Program Files\Common Files
2013-05-03 18:34:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2013-05-01 18:42:56 ----D---- C:\WINDOWS\system32\Restore
2013-04-28 10:20:50 ----D---- C:\Program Files\Microsoft Games
2013-04-28 09:52:39 ----D---- C:\Program Files\Windows Media Player
2013-04-28 09:52:33 ----D---- C:\WINDOWS\Help
2013-04-21 08:42:38 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-04-16 19:14:30 ----D---- C:\WINDOWS\Debug
2013-04-12 11:26:45 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-04-10 23:32:29 ----D---- C:\Program Files\Internet Explorer
2013-04-10 23:32:09 ----D---- C:\WINDOWS\ie8updates
2013-04-10 23:31:58 ----HD---- C:\WINDOWS\$hf_mig$
2013-04-10 23:29:15 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-03-07 21576]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-03-07 164736]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-03-10 232512]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-16 5888]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS []
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Updater Service for AMZN;Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-05-22 222368]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-12 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by Milan at 2013-05-05 17:10:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 3 GB (10%) free of 30 GB
Total RAM: 767 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:10:35, on 5.5.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Milan\Plocha\RSIT.exe
C:\Program Files\trend micro\Milan.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: AlxHelper - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Amazon Browser Bar - {EA582743-9076-4178-9AA6-7393FDF4D5CE} - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Updater Service for AMZN - Unknown owner - C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
--
End of file - 4131 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\avast! Emergency Update.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
AlxHelper Class - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [2012-08-15 2162272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-03-07 1224568]
{EA582743-9076-4178-9AA6-7393FDF4D5CE} - Amazon Browser Bar - C:\Program Files\Amazon Browser Bar\AmazonBrowserBar.3.0.dll [2012-08-15 2162272]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-03-07 4767304]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\1nsane\Game.exe"="D:\1nsane\Game.exe:*:Enabled:INSANE"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Disabled:Winamp"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
"D:\TM\TmNationsForever\TmForever.exe"="D:\TM\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Codemasters\Insane\Game.exe"="C:\Codemasters\Insane\Game.exe:*:Enabled:INSANE"
"D:\kyodai\kyodai.exe"="D:\kyodai\kyodai.exe:*:Enabled:kyodai"
"C:\Program Files\YourFileDownloader\Downloader.exe"="C:\Program Files\YourFileDownloader\Downloader.exe:*:Enabled:YourFile Downloader"
"C:\Program Files\YourFileDownloader\YourFile.exe"="C:\Program Files\YourFileDownloader\YourFile.exe:*:Enabled:YourFile Downloader"
"C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe"="C:\Program Files\Electronic Arts\Need For Speed III\nfs3.exe:*:Disabled:Need For Speed III for Win32"
"D:\free video\Programs\RM.exe"="D:\free video\Programs\RM.exe:*:Enabled:Render Manager"
"D:\free video\Programs\umi.exe"="D:\free video\Programs\umi.exe:*:Enabled:umi"
"D:\free video\Programs\VideoSpin.exe"="D:\free video\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.6\ICQ.exe"="C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"vidc.iv50"=ir50_32.dll
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.mjpg"=pvmjpg30.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.l3codecp"=l3codecp.acm
======List of files/folders created in the last 1 month======
2013-05-05 14:18:34 ----D---- C:\WINDOWS\LastGood
2013-05-05 14:13:19 ----A---- C:\WINDOWS\setuplog.txt
2013-05-04 15:23:27 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2013-05-04 15:23:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-05-04 15:23:16 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-05-04 14:19:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-05-04 13:11:02 ----D---- C:\Documents and Settings\Milan\Data aplikací\Malwarebytes
2013-05-04 13:10:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-05-04 13:00:50 ----A---- C:\NTUser.dat
2013-05-04 13:00:41 ----D---- C:\Program Files\Amazon Browser Bar
2013-05-04 13:00:00 ----D---- C:\Documents and Settings\Milan\Data aplikací\Systweak
2013-05-04 12:59:52 ----A---- C:\WINDOWS\system32\roboot.exe
2013-05-04 12:50:51 ----AD---- C:\Program Files\FromDocToPDF_65EI
2013-05-04 12:39:40 ----A---- C:\AdwCleaner[S2].txt
2013-05-04 11:43:53 ----A---- C:\AdwCleaner[R4].txt
2013-05-04 10:09:12 ----D---- C:\rsit
2013-05-03 21:03:13 ----A---- C:\autoexec.bat
2013-05-03 21:02:11 ----D---- C:\Program Files\Enigma Software Group
2013-05-03 21:01:27 ----D---- C:\WINDOWS\0AC0F1B261C74B6EACEF58FCC0B94835.TMP
2013-05-03 21:01:23 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2013-04-27 17:05:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\BlueStacksSetup
2013-04-27 17:05:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\BlueStacks
2013-04-10 23:31:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2808735$
2013-04-10 23:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2013-04-10 23:28:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2013-04-10 23:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2813170$
======List of files/folders modified in the last 1 month======
2013-05-05 17:10:29 ----D---- C:\Program Files\trend micro
2013-05-05 16:57:13 ----D---- C:\WINDOWS\Prefetch
2013-05-05 14:18:38 ----SD---- C:\WINDOWS\Downloaded Program Files
2013-05-05 14:18:37 ----D---- C:\WINDOWS\Temp
2013-05-05 14:18:37 ----D---- C:\WINDOWS\system32
2013-05-05 14:18:36 ----D---- C:\WINDOWS
2013-05-05 14:18:35 ----D---- C:\WINDOWS\system32\CatRoot2
2013-05-05 13:23:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-05-05 10:37:26 ----D---- C:\Program Files
2013-05-04 21:20:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2013-05-04 21:20:21 ----D---- C:\WINDOWS\system32\drivers
2013-05-04 21:18:07 ----D---- C:\Program Files\Aktivace
2013-05-04 21:18:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\WxDFastUpdater
2013-05-04 21:18:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\OptimizerPro
2013-05-04 14:20:54 ----D---- C:\WINDOWS\SoftwareDistribution
2013-05-04 13:06:36 ----SD---- C:\WINDOWS\Tasks
2013-05-04 11:32:01 ----HD---- C:\Program Files\InstallShield Installation Information
2013-05-04 11:31:56 ----SHD---- C:\WINDOWS\Installer
2013-05-04 11:31:55 ----HD---- C:\Config.Msi
2013-05-04 11:24:23 ----D---- C:\Program Files\Common Files\InstallShield
2013-05-04 11:24:21 ----D---- C:\Program Files\Empire Interactive
2013-05-04 11:16:59 ----D---- C:\Program Files\JoWooD
2013-05-04 10:45:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-05-04 10:34:44 ----D---- C:\Documents and Settings\Milan\Data aplikací\DAEMON Tools Lite
2013-05-03 21:34:46 ----SD---- C:\Documents and Settings\Milan\Data aplikací\Microsoft
2013-05-03 21:02:27 ----HD---- C:\WINDOWS\inf
2013-05-03 21:01:23 ----D---- C:\Program Files\Common Files
2013-05-03 18:34:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2013-05-01 18:42:56 ----D---- C:\WINDOWS\system32\Restore
2013-04-28 10:20:50 ----D---- C:\Program Files\Microsoft Games
2013-04-28 09:52:39 ----D---- C:\Program Files\Windows Media Player
2013-04-28 09:52:33 ----D---- C:\WINDOWS\Help
2013-04-21 08:42:38 ----D---- C:\Program Files\Common Files\Adobe AIR
2013-04-16 19:14:30 ----D---- C:\WINDOWS\Debug
2013-04-12 11:26:45 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-04-10 23:32:29 ----D---- C:\Program Files\Internet Explorer
2013-04-10 23:32:09 ----D---- C:\WINDOWS\ie8updates
2013-04-10 23:31:58 ----HD---- C:\WINDOWS\$hf_mig$
2013-04-10 23:29:15 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-03-07 21576]
R0 aswRvrt;aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [2013-03-07 49248]
R0 aswVmm;aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [2013-03-07 164736]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\System32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 AswRdr;aswRdr; C:\WINDOWS\system32\drivers\AswRdr.sys [2013-03-07 49760]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2013-03-07 765736]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2013-03-07 368176]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2013-03-07 62376]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-03-10 232512]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2013-03-07 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2003-04-16 5888]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2003-08-04 6912]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2003-08-04 11392]
S3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS []
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-03-07 45248]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Updater Service for AMZN;Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [2012-05-22 222368]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-12 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Prosím o kontrolu logu
Márty84 píše:
[2011.11.06 12:07:21 | 000,000,000 | ---- | M] ()(C:\D?ű???ű?ű) -- C:\D횐ű淏䂶횐ű패ű
Pokud ho tam nemate schvalne, odinstalujte Amazon Browser Bar
Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne Znovu spustte OTLDo spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
:services
AdobeFlashPlayerUpdateSvc
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:otl
IE - HKU\S-1-5-21-220523388-362288127-725345543-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-220523388-362288127-725345543-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
[2012.07.15 11:45:42 | 000,000,000 | ---D | M] (wxDfast) -- C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\5002912cdbe4e@5002912cdbe87.info
[2012.05.01 15:02:26 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@babylon.com
[2012.07.25 19:38:54 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ffxtlbr@funmoods.com
[2012.05.01 12:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\staged
[2013.04.11 17:54:38 | 000,197,614 | ---- | M] () (No name found) -- C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\ftdownloader3@ftdownloader.com.xpi
[2013.02.23 12:28:20 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\askcom.xml
[2012.07.25 19:38:53 | 000,000,771 | ---- | M] () -- C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\Search.xml
[2012.05.01 12:48:45 | 000,007,837 | ---- | M] () -- C:\Documents and Settings\Milan\Data aplikací\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.ru-124845.xml
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\Milan\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - Extension: AVG Security Toolbar = C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.1.0.10_0\
CHR - Extension: AVG Security Toolbar = C:\Documents and Settings\Milan\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\14.2.0.1_0\
O3 - HKU\S-1-5-21-220523388-362288127-725345543-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O15 - HKLM\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-220523388-362288127-725345543-1004\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKU\S-1-5-21-220523388-362288127-725345543-1004\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
[2012.05.01 12:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Milan\Data aplikací\Yandex
[2013.03.12 20:05:31 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[12 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EA582743-9076-4178-9AA6-7393FDF4D5CE}"=-
Po restartu se objevi novy log, ten sem dejte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu logu
Tohle neznám.
[2011.11.06 12:07:21 | 000,000,000 | ---- | M] ()(C:\D?ű???ű?ű) -- C:\D횐ű淏䂶횐ű패ű
Nevím v čem byl problém, na dvoujtečku jsem nezapomněla, ale během dvanácti hodin se mě na restart neptal. Možná, že po kliknutí na opravit se hned sekl a oprava ani neproběhla.
[2011.11.06 12:07:21 | 000,000,000 | ---- | M] ()(C:\D?ű???ű?ű) -- C:\D횐ű淏䂶횐ű패ű
Nevím v čem byl problém, na dvoujtečku jsem nezapomněla, ale během dvanácti hodin se mě na restart neptal. Možná, že po kliknutí na opravit se hned sekl a oprava ani neproběhla.
Re: Prosím o kontrolu logu
Dobry den.
Bohuzel jsem byl dlouhou dobu odriznuty od internetu a nemohl jem reagovat
Predpokladam, ze problem je jiz davno vyresen. Je to tak?
Bohuzel jsem byl dlouhou dobu odriznuty od internetu a nemohl jem reagovat
Predpokladam, ze problem je jiz davno vyresen. Je to tak?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?