Dobrý den,
chtěl bych vás poprosit o preventivní kontrolu logu z RSIT.
Následuje log z RSIT:
--------------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Václav Zíka at 2013-05-09 10:44:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 176 GB (58%) free of 305 GB
Total RAM: 2046 MB (71% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:33, on 9.5.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\windows\system32\WTMKM.exe
C:\windows\system32\RunDLL32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Seznam.cz\postak.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\system32\atwtusb.exe
C:\windows\system32\atwtusb.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Documents and Settings\Václav Zíka\Dokumenty\- FILES -\Viry\RSIT.exe
C:\Program Files\trend micro\Václav Zíka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Ukazatel S-Rank - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Seznam Postak] "C:\Program Files\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Adfyqemia] "C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe"
O4 - HKUS\S-1-5-21-1614895754-2052111302-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Microsoft Office Outlook 2003.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} - http://www.earn2life.com/plugin/Earn2Life.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: WTService - Unknown owner - C:\windows\system32\atwtusb.exe
--
End of file - 9451 bytes
======Scheduled tasks folder======
C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\mixpadShakeIcon.job
C:\windows\tasks\stampShakeIcon.job
C:\windows\tasks\wavepadShakeIcon.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442, {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.28"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.17.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
nppdf32.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\searchplugins\
askcom.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2008-08-31 491520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-03-30 461216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-03-30 170912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA837F48-5AD1-443E-AE34-FFE03CBF3099}]
Ukazatel S-Rank - C:\Program Files\Seznam.cz\core.3.dll [2011-05-25 1145888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2008-08-31 491520]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\windows\RTHDCPL.EXE [2008-06-27 16875008]
"RemoteControl"=C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [2003-12-08 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2008-04-17 98616]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2009-04-07 673616]
"MacrokeyManager"=C:\windows\system32\WTMKM.exe [2011-06-01 7144448]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"NvCplDaemon"=C:\windows\system32\NvCpl.dll [2012-05-15 15504192]
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2012-05-15 1634112]
"KernelFaultCheck"=C:\windows\system32\dumprep 0 -k []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-04-04 843712]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2013-05-07 345312]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"=C:\Program Files\Seznam.cz\postak.exe [2011-05-25 491040]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-02-28 18642024]
"Adfyqemia"=C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe [2012-07-07 231424]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AutorunsDisabled
Microsoft Office Outlook 2003.lnk - C:\WINDOWS\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\windows\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe"="C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe:*:Enabled:IW FTPort Client"
"C:\Program Files\Phoenix Viewer\SLVoice.exe"="C:\Program Files\Phoenix Viewer\SLVoice.exe:*:Disabled:SLVoice"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application"
"C:\Program Files\Firestorm-Release\SLVoice.exe"="C:\Program Files\Firestorm-Release\SLVoice.exe:*:Enabled:SLVoice"
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Průzkumník Windows"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"vidc.XVID"=xvidvfw.dll
======List of files/folders created in the last 1 month======
2013-05-09 01:03:18 ----D---- C:\Documents and Settings\Václav Zíka\Data aplikací\Woalxy
2013-05-09 01:03:18 ----D---- C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko
2013-05-09 01:03:18 ----D---- C:\Documents and Settings\Václav Zíka\Data aplikací\Luom
2013-04-27 15:35:43 ----D---- C:\Program Files\Common Files\Skype
2013-04-24 23:13:01 ----D---- C:\Program Files\Common Files\DAZ
2013-04-24 23:12:33 ----D---- C:\windows\SxsCaPendDel
2013-04-24 23:07:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAZ 3D
2013-04-24 23:07:04 ----D---- C:\DAZ 3D
2013-04-24 22:59:59 ----D---- C:\Program Files\DAZ 3D
2013-04-24 22:57:45 ----D---- C:\Documents and Settings\Václav Zíka\Data aplikací\DAZ 3D
2013-04-24 12:16:40 ----D---- C:\Documents and Settings\Václav Zíka\Data aplikací\FirestormBack
2013-04-23 23:51:33 ----D---- C:\Documents and Settings\Václav Zíka\Data aplikací\Firestorm
2013-04-23 23:49:30 ----D---- C:\Program Files\Firestorm-Release
2013-04-12 13:15:54 ----D---- C:\Program Files\Mozilla Firefox
2013-04-10 20:23:15 ----HDC---- C:\windows\$NtUninstallKB2817183$
2013-04-10 20:23:09 ----HDC---- C:\windows\$NtUninstallKB2808735$
2013-04-10 20:23:02 ----HDC---- C:\windows\$NtUninstallKB2820917$
2013-04-10 20:20:45 ----HDC---- C:\windows\$NtUninstallKB2813345$
2013-04-10 20:20:31 ----HDC---- C:\windows\$NtUninstallKB2813170$
======List of files/folders modified in the last 1 month======
2013-05-09 10:44:32 ----D---- C:\Program Files\trend micro
2013-05-09 10:44:31 ----D---- C:\rsit
2013-05-09 10:39:01 ----D---- C:\windows\Prefetch
2013-05-09 10:38:59 ----D---- C:\windows\temp
2013-05-09 10:38:04 ----A---- C:\windows\IE4 Error Log.txt
2013-05-09 10:38:03 ----A---- C:\windows\TRNCOM.INI
2013-05-09 10:33:30 ----D---- C:\WINDOWS
2013-05-09 10:33:30 ----A---- C:\windows\MAILTRAN.INI
2013-05-09 10:05:43 ----D---- C:\Documents and Settings\Václav Zíka\Data aplikací\Skype
2013-05-09 08:06:38 ----A---- C:\windows\win.ini
2013-05-09 02:25:40 ----A---- C:\windows\SchedLgU.Txt
2013-05-09 01:07:58 ----D---- C:\windows\system32\CatRoot2
2013-05-09 01:03:22 ----SD---- C:\Documents and Settings\Václav Zíka\Data aplikací\Microsoft
2013-05-09 00:43:04 ----A---- C:\windows\WDICT32.INI
2013-05-08 18:32:41 ----D---- C:\Program Files\Paint Shop Pro 6
2013-05-06 00:24:02 ----A---- C:\windows\WTRAN32.INI
2013-04-27 21:18:04 ----SD---- C:\windows\Tasks
2013-04-27 16:32:59 ----D---- C:\Program Files\QAvimator
2013-04-27 15:35:54 ----SHD---- C:\windows\Installer
2013-04-27 15:35:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-04-27 15:35:43 ----RD---- C:\Program Files\Skype
2013-04-27 15:35:43 ----D---- C:\Program Files\Common Files
2013-04-24 23:12:47 ----D---- C:\windows\WinSxS
2013-04-24 22:59:59 ----RD---- C:\Program Files
2013-04-16 00:28:15 ----A---- C:\windows\NeroDigital.ini
2013-04-16 00:21:04 ----D---- C:\Documents and Settings\Václav Zíka\Data aplikací\Media Player Classic
2013-04-13 23:07:26 ----A---- C:\windows\goldwave.ini
2013-04-13 23:06:21 ----D---- C:\windows\Help
2013-04-13 10:41:16 ----D---- C:\Program Files\GoldWave
2013-04-13 09:09:17 ----D---- C:\Documents and Settings\Václav Zíka\Data aplikací\Kastner software
2013-04-13 09:06:20 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-04-11 23:07:11 ----D---- C:\Documents and Settings\Václav Zíka\Data aplikací\gtk-2.0
2013-04-10 20:25:05 ----D---- C:\windows\system32
2013-04-10 20:23:27 ----HD---- C:\windows\inf
2013-04-10 20:23:25 ----RSHDC---- C:\windows\system32\dllcache
2013-04-10 20:23:12 ----A---- C:\windows\imsins.BAK
2013-04-10 20:20:55 ----A---- C:\windows\system32\MRT.exe
2013-04-10 14:12:24 ----HD---- C:\windows\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys [2013-04-06 135136]
R1 avkmgr;avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys [2013-04-06 37352]
R1 intelppm;Řadič procesoru Intel; C:\windows\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\windows\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ssmdrv;ssmdrv; C:\windows\system32\DRIVERS\ssmdrv.sys [2013-04-06 28520]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\windows\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 avgntflt;avgntflt; C:\windows\system32\DRIVERS\avgntflt.sys [2013-04-06 84744]
R3 Afc;PPdus ASPI Shell; C:\windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\windows\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\windows\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RtkHDAud.sys [2008-06-27 4742656]
R3 moufiltr;Tablet Mouse Filter Driver; C:\windows\system32\DRIVERS\moufiltr.sys [2009-03-08 6144]
R3 mouhid;Ovladač myši standardu HID; C:\windows\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\windows\system32\DRIVERS\nv4_mini.sys [2012-05-15 14014656]
R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2003-12-05 10368]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\windows\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\windows\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbprint;Třída USB Printer; C:\windows\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\windows\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 vhidmini;Generic Virtual HID Driver; C:\windows\system32\DRIVERS\walvhid.sys [2009-08-20 6144]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CFcatchme;CFcatchme; \??\C:\DOCUME~1\VCLAVZ~1\LOCALS~1\Temp\CFcatchme.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\windows\system32\DRIVERS\k750bus.sys [2005-07-07 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\windows\system32\DRIVERS\k750mdfl.sys [2005-07-07 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\windows\system32\DRIVERS\k750mdm.sys [2005-07-07 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\windows\system32\DRIVERS\k750mgmt.sys [2005-07-07 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\windows\system32\DRIVERS\k750obex.sys [2005-07-07 79488]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 xpsec;Ovladač IPSEC; C:\windows\system32\drivers\xpsec.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2008-04-17 102712]
R2 AntiVirService;Avira Real-Time Protection; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2013-04-06 110816]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2013-04-06 86752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-03-30 170912]
R2 NVSvc;NVIDIA Driver Helper Service; C:\windows\system32\nvsvc32.exe [2012-05-15 164160]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
R2 WTService;WTService; C:\windows\system32\atwtusb.exe [2011-04-27 871936]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-12 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-30 253656]
S3 aspnet_state;Stavová služba ASP.NET; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-12 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-12 115608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o preventivni kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosim o preventivni kontrolu
Zdravim 
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosim o preventivni kontrolu
Takže, tady je log z Rkillu: (a ted jdu ještě na ten Combofix. Se stahováním programů nebyly žádné problémy)
---------------------------------------------------------------------------------------------------------
Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 05/09/2013 11:23:46 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\windows\system32\WTMKM.exe (PID: 1908) [WD-HEUR]
* C:\windows\system32\atwtusb.exe (PID: 3292) [WD-HEUR]
* C:\windows\system32\atwtusb.exe (PID: 3564) [WD-HEUR]
3 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 05/09/2013 11:24:30 AM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)
---------------------------------------------------------------------------------------------------------
Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 05/09/2013 11:23:46 AM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\windows\system32\WTMKM.exe (PID: 1908) [WD-HEUR]
* C:\windows\system32\atwtusb.exe (PID: 3292) [WD-HEUR]
* C:\windows\system32\atwtusb.exe (PID: 3564) [WD-HEUR]
3 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* RpcSs => %SystemRoot%\system32\svchost.exe -k rpcss [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* Cannot edit the HOSTS file.
* Permissions could not be fixed. Use Hosts-perm.bat to fix permissions: http://www.bleepingcomputer.com/download/hosts-permbat/
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 05/09/2013 11:24:30 AM
Execution time: 0 hours(s), 0 minute(s), and 44 seconds(s)
Re: Prosim o preventivni kontrolu
Tak a nyní dodávám log z ComboFixu:
-----------------------------------
ComboFix 13-05-08.02 - Václav Zíka 09.05.2013 11:45:24.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1335 [GMT 2:00]
Spuštěný z: c:\documents and settings\Václav Zíka\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
c:\windows\msmqinst.log
F:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-09 do 2013-05-09 )))))))))))))))))))))))))))))))
.
.
2013-05-08 23:03 . 2013-05-09 09:12 -------- d-----w- c:\documents and settings\Václav Zíka\Data aplikací\Luom
2013-05-08 23:03 . 2013-05-08 23:03 -------- d-----w- c:\documents and settings\Václav Zíka\Data aplikací\Woalxy
2013-05-08 23:03 . 2013-05-08 23:03 -------- d-----w- c:\documents and settings\Václav Zíka\Data aplikací\Noxoko
2013-04-27 13:35 . 2013-04-27 13:35 -------- d-----w- c:\program files\Common Files\Skype
2013-04-24 21:13 . 2013-04-24 21:13 -------- d-----w- c:\program files\Common Files\DAZ
2013-04-24 21:12 . 2013-04-25 05:44 -------- d-----w- c:\windows\SxsCaPendDel
2013-04-24 21:07 . 2013-04-24 21:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAZ 3D
2013-04-24 21:07 . 2013-04-24 21:07 -------- d-----w- C:\DAZ 3D
2013-04-24 20:59 . 2013-05-08 22:54 -------- d-----w- c:\program files\DAZ 3D
2013-04-24 20:57 . 2013-04-24 21:02 -------- d-----w- c:\documents and settings\Václav Zíka\Data aplikací\DAZ 3D
2013-04-23 21:51 . 2013-04-24 15:53 -------- d-----w- c:\documents and settings\Václav Zíka\Data aplikací\Firestorm
2013-04-23 21:51 . 2013-05-08 22:34 -------- d-----w- c:\documents and settings\Václav Zíka\Local Settings\Data aplikací\Firestorm
2013-04-23 21:49 . 2013-04-23 21:51 -------- d-----w- c:\program files\Firestorm-Release
2013-04-09 15:57 . 2013-04-09 15:57 -------- d-----w- c:\program files\Tracker Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-06 13:26 . 2013-04-06 13:34 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-06 13:26 . 2013-04-06 13:34 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-06 13:26 . 2013-04-06 13:34 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-30 07:18 . 2012-04-02 13:27 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-30 07:18 . 2011-05-15 07:52 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-30 07:18 . 2013-03-30 07:18 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-30 07:10 . 2013-03-30 07:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-30 07:10 . 2013-03-30 07:10 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-30 07:10 . 2012-06-01 13:30 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-30 07:10 . 2010-07-21 20:29 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2004-08-17 13:45 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-02 01:57 . 2004-08-17 13:44 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-01 15:10 . 2013-03-03 09:37 24736 ----a-w- c:\windows\system32\normaliz.dll
2013-02-27 07:58 . 2008-08-27 20:54 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 19:10 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 19:10 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-02-21 19:10 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-02-21 19:05 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2013-02-12 00:32 . 2008-08-31 13:03 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-03 21:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2004-03-11 11:27 . 2008-08-30 21:12 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2013-04-12 11:16 . 2013-04-12 11:15 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2011-05-25 491040]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Adfyqemia"="c:\documents and settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe" [2012-07-07 231424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"MacrokeyManager"="WTMKM.exe" [2011-06-01 7144448]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\f:\0autocheck autochk /p \??\k:\0autocheck autochk /p \??\L:\0autocheck autochk *
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IronWare Communication\\IW FTPort Client\\Cftp32.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Firestorm-Release\\SLVoice.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [6.4.2013 15:34 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6.4.2013 15:34 86752]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\VCLAVZ~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\VCLAVZ~1\LOCALS~1\Temp\CFcatchme.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 07:18]
.
2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 11:46]
.
2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 11:46]
.
2013-04-25 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Software\MixPad\mixpad.exe [2011-11-06 09:47]
.
2013-04-27 c:\windows\Tasks\stampShakeIcon.job
- c:\program files\NCH Software\Stamp\stamp.exe [2011-11-06 09:45]
.
2013-04-11 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-11-06 09:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Václav Zíka\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 85.13.80.80 85.13.80.90
DPF: {93344865-74BD-4873-BE65-56539D41A65C} - hxxp://www.earn2life.com/plugin/Earn2Life.cab
FF - ProfilePath - c:\documents and settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - ExtSQL: !HIDDEN! 2009-09-01 23:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Video to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free Video to MP3 Converter\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-09 11:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A898DE48-1121-1A64-20D3-11BC00459C76}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\WTMKM.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\atwtusb.exe
c:\windows\system32\atwtusb.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-05-09 12:02:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-09 10:02
.
Před spuštěním: Volných bajtů: 184 687 939 584
Po spuštění: Volných bajtů: 186 285 039 616
.
- - End Of File - - A6A76EB177B512DB33CF4533AF55AB55
-----------------------------------
ComboFix 13-05-08.02 - Václav Zíka 09.05.2013 11:45:24.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1335 [GMT 2:00]
Spuštěný z: c:\documents and settings\Václav Zíka\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe
c:\windows\msmqinst.log
F:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xpsec
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-09 do 2013-05-09 )))))))))))))))))))))))))))))))
.
.
2013-05-08 23:03 . 2013-05-09 09:12 -------- d-----w- c:\documents and settings\Václav Zíka\Data aplikací\Luom
2013-05-08 23:03 . 2013-05-08 23:03 -------- d-----w- c:\documents and settings\Václav Zíka\Data aplikací\Woalxy
2013-05-08 23:03 . 2013-05-08 23:03 -------- d-----w- c:\documents and settings\Václav Zíka\Data aplikací\Noxoko
2013-04-27 13:35 . 2013-04-27 13:35 -------- d-----w- c:\program files\Common Files\Skype
2013-04-24 21:13 . 2013-04-24 21:13 -------- d-----w- c:\program files\Common Files\DAZ
2013-04-24 21:12 . 2013-04-25 05:44 -------- d-----w- c:\windows\SxsCaPendDel
2013-04-24 21:07 . 2013-04-24 21:07 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAZ 3D
2013-04-24 21:07 . 2013-04-24 21:07 -------- d-----w- C:\DAZ 3D
2013-04-24 20:59 . 2013-05-08 22:54 -------- d-----w- c:\program files\DAZ 3D
2013-04-24 20:57 . 2013-04-24 21:02 -------- d-----w- c:\documents and settings\Václav Zíka\Data aplikací\DAZ 3D
2013-04-23 21:51 . 2013-04-24 15:53 -------- d-----w- c:\documents and settings\Václav Zíka\Data aplikací\Firestorm
2013-04-23 21:51 . 2013-05-08 22:34 -------- d-----w- c:\documents and settings\Václav Zíka\Local Settings\Data aplikací\Firestorm
2013-04-23 21:49 . 2013-04-23 21:51 -------- d-----w- c:\program files\Firestorm-Release
2013-04-09 15:57 . 2013-04-09 15:57 -------- d-----w- c:\program files\Tracker Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-06 13:26 . 2013-04-06 13:34 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-04-06 13:26 . 2013-04-06 13:34 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-06 13:26 . 2013-04-06 13:34 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-30 07:18 . 2012-04-02 13:27 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-30 07:18 . 2011-05-15 07:52 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-30 07:18 . 2013-03-30 07:18 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-03-30 07:10 . 2013-03-30 07:10 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-30 07:10 . 2013-03-30 07:10 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-30 07:10 . 2012-06-01 13:30 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-30 07:10 . 2010-07-21 20:29 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 15:56 . 2004-08-17 15:45 2030592 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-07 15:56 . 2004-08-17 13:45 2151936 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-02 01:57 . 2004-08-17 13:44 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-01 15:10 . 2013-03-03 09:37 24736 ----a-w- c:\windows\system32\normaliz.dll
2013-02-27 07:58 . 2008-08-27 20:54 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-21 19:10 . 2004-08-17 13:49 668160 ----a-w- c:\windows\system32\wininet.dll
2013-02-21 19:10 . 2004-08-03 20:59 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-02-21 19:10 . 2004-08-17 13:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2013-02-21 19:05 . 2004-08-17 13:44 370176 ----a-w- c:\windows\system32\html.iec
2013-02-12 00:32 . 2008-08-31 13:03 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-03 21:04 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2004-03-11 11:27 . 2008-08-30 21:12 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2013-04-12 11:16 . 2013-04-12 11:15 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Seznam Postak"="c:\program files\Seznam.cz\postak.exe" [2011-05-25 491040]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"Adfyqemia"="c:\documents and settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe" [2012-07-07 231424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"MacrokeyManager"="WTMKM.exe" [2011-06-01 7144448]
"NvMediaCenter"="NvMCTray.dll" [2012-05-15 108352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-05-15 15504192]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-05-15 1634112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-07 345312]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Microsoft Office Outlook 2003.lnk - c:\windows\Installer\{90110405-6000-11D3-8CFE-0150048383C9}\outicon.exe [N/A]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [N/A]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\f:\0autocheck autochk /p \??\k:\0autocheck autochk /p \??\L:\0autocheck autochk *
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IronWare Communication\\IW FTPort Client\\Cftp32.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
"c:\\Program Files\\Firestorm-Release\\SLVoice.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:Remote Desktop
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [6.4.2013 15:34 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6.4.2013 15:34 86752]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28.2.2013 18:45 161384]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\VCLAVZ~1\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\VCLAVZ~1\LOCALS~1\Temp\CFcatchme.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 07:18]
.
2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 11:46]
.
2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-12 11:46]
.
2013-04-25 c:\windows\Tasks\mixpadShakeIcon.job
- c:\program files\NCH Software\MixPad\mixpad.exe [2011-11-06 09:47]
.
2013-04-27 c:\windows\Tasks\stampShakeIcon.job
- c:\program files\NCH Software\Stamp\stamp.exe [2011-11-06 09:45]
.
2013-04-11 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-11-06 09:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\documents and settings\Václav Zíka\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 85.13.80.80 85.13.80.90
DPF: {93344865-74BD-4873-BE65-56539D41A65C} - hxxp://www.earn2life.com/plugin/Earn2Life.cab
FF - ProfilePath - c:\documents and settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - ExtSQL: !HIDDEN! 2009-09-01 23:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Free Audio CD Burner_is1 - c:\program files\DVDVideoSoft\Free Audio CD Burner\unins000.exe
AddRemove-Free Video to MP3 Converter_is1 - c:\program files\DVDVideoSoft\Free Video to MP3 Converter\unins000.exe
AddRemove-Free YouTube to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-09 11:57
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A898DE48-1121-1A64-20D3-11BC00459C76}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\WTMKM.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Microsoft Office\OFFICE11\OUTLOOK.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\atwtusb.exe
c:\windows\system32\atwtusb.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-05-09 12:02:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-09 10:02
.
Před spuštěním: Volných bajtů: 184 687 939 584
Po spuštění: Volných bajtů: 186 285 039 616
.
- - End Of File - - A6A76EB177B512DB33CF4533AF55AB55
Re: Prosim o preventivni kontrolu
Jen bych rád ještě doplnil, že se mi dnes stala jistá nepříjemnost, kterou jsem původně nedával do souvislosti s virovým napadením, ale po té, co jsem si teď odpoledne pročítal některé dotazy a odpovědi na ně, docházím k závěru, že tu spojitost s největší pravděpodobností je. Jedná se totiž o to, že mně začala zlobit diakritika při psaní, konkrétně pokud stisknu diakritické klávesy ´, ˇ, ¨ nebo °, tak místo aby text vyčkal na stisk klávesy s následujícím znakem a k němu příslušné znaménko doplnil, provede prosté zdvojení znaku onoho diakritického znaménka: ´´, ˇˇ, ¨¨, °°. Tolik tedy pro úplnost k současnému stavu mého PC.
Re: Prosim o preventivni kontrolu
Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
- Ulozte nejlepe na Plochu a rozbalte
- Spustte kliknutim na mbanr
- Nyni postupne kliknete na Next a Update
- Po dokonceni update (aktualizace) databaze kliknete opet na Next
- Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
- Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
- Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
- Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
- PC bude restartovan
- Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosim o preventivni kontrolu
Obávám se, že Malwarebytes Anti-Rootkit asi nic nenalezl. Alespoň nenabídl nic k odstranění. 
Zde je jeho log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 6.0.2900.5512
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 2.999000 GHz
Memory total: 2145824768, free: 1211994112
------------ Kernel report ------------
05/10/2013 10:00:50
------------ Loaded modules -----------
\windows\system32\ntkrnlpa.exe
\windows\system32\hal.dll
\windows\system32\KDCOM.DLL
\windows\system32\BOOTVID.dll
ACPI.sys
\windows\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\windows\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\windows\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\walvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\moufiltr.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR11
Upper Device Object: 0xffffffff8a2bc030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008f\
Lower Device Object: 0xffffffff8a0b5ea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR10
Upper Device Object: 0xffffffff8a29e030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008e\
Lower Device Object: 0xffffffff8a0c0ea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR9
Upper Device Object: 0xffffffff8a1ab910
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xffffffff8a694600
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR8
Upper Device Object: 0xffffffff8a289ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xffffffff8a26bea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff8a01aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xffffffff8a085ea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8a0514b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xffffffff8a269ea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a6f8ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-1f\
Lower Device Object: 0xffffffff8a654d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a652ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-14\
Lower Device Object: 0xffffffff8a6fed98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.05.10.02
Downloaded database version: v2013.05.07.01
Initializing...
Done!
<<<2>>>
Device number: 1, partition: 1
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a6f8ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a651e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6f8ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a720f18, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a654d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-1f\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe46d7c38, 0xffffffff8a6f8ab8, 0xffffffff898a8ab8
Lower DeviceData: 0xffffffffe13bb880, 0xffffffff8a654d98, 0xffffffff89736978
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 1, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a652ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a65f298, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a652ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a66a420, DeviceName: \Device\0000006b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a6fed98, DeviceName: \Device\Ide\IdeDeviceP5T0L0-14\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe3c5e830, 0xffffffff8a652ab8, 0xffffffff89635040
Lower DeviceData: 0xffffffffe3d80cd0, 0xffffffff8a6fed98, 0xffffffff89760e08
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C7DD4DD5
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 1953520002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E151E151
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625121217
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320071851520 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8a0514b8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a2ee128, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a0514b8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a269ea0, DeviceName: \Device\00000082\, DriverName: \Driver\usbstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe3a143f0, 0xffffffff8a0514b8, 0xffffffff896696d8
Lower DeviceData: 0xffffffffe14245c8, 0xffffffff8a269ea0, 0xffffffff896c24a8
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2846E
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953517568
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000202043392 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8a01aab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a19e020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a01aab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a085ea0, DeviceName: \Device\00000083\, DriverName: \Driver\usbstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe137cc08, 0xffffffff8a01aab8, 0xffffffff898a75b8
Lower DeviceData: 0xffffffffe462b4a8, 0xffffffff8a085ea0, 0xffffffff898a8468
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F0AB1D8
Partition information:
Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002
Partition file system is FAT32
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a289ab8, DeviceName: \Device\Harddisk4\DR8\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a5ae218, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a289ab8, DeviceName: \Device\Harddisk4\DR8\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a26bea0, DeviceName: \Device\0000008c\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff8a1ab910, DeviceName: \Device\Harddisk5\DR9\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a335b20, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1ab910, DeviceName: \Device\Harddisk5\DR9\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a694600, DeviceName: \Device\0000008d\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xffffffff8a29e030, DeviceName: \Device\Harddisk6\DR10\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a05c020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a29e030, DeviceName: \Device\Harddisk6\DR10\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a0c0ea0, DeviceName: \Device\0000008e\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xffffffff8a2bc030, DeviceName: \Device\Harddisk7\DR11\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a679c20, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a2bc030, DeviceName: \Device\Harddisk7\DR11\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a0b5ea0, DeviceName: \Device\0000008f\, DriverName: \Driver\usbstor\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Zde je jeho log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
(c) Malwarebytes Corporation 2011-2012
OS version: 5.1.2600 Windows XP Service Pack 3 x86
Account is Administrative
Internet Explorer version: 6.0.2900.5512
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, J:\ DRIVE_FIXED
CPU speed: 2.999000 GHz
Memory total: 2145824768, free: 1211994112
------------ Kernel report ------------
05/10/2013 10:00:50
------------ Loaded modules -----------
\windows\system32\ntkrnlpa.exe
\windows\system32\hal.dll
\windows\system32\KDCOM.DLL
\windows\system32\BOOTVID.dll
ACPI.sys
\windows\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
pciide.sys
\windows\system32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\windows\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\Rtenicxp.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\walvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\moufiltr.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\TDTCP.SYS
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR11
Upper Device Object: 0xffffffff8a2bc030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008f\
Lower Device Object: 0xffffffff8a0b5ea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR10
Upper Device Object: 0xffffffff8a29e030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008e\
Lower Device Object: 0xffffffff8a0c0ea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR9
Upper Device Object: 0xffffffff8a1ab910
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xffffffff8a694600
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR8
Upper Device Object: 0xffffffff8a289ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xffffffff8a26bea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff8a01aab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000083\
Lower Device Object: 0xffffffff8a085ea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8a0514b8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000082\
Lower Device Object: 0xffffffff8a269ea0
Lower Device Driver Name: \Driver\usbstor\
Driver name found: usbstor
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff8a6f8ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-1f\
Lower Device Object: 0xffffffff8a654d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a652ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP5T0L0-14\
Lower Device Object: 0xffffffff8a6fed98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Downloaded database version: v2013.05.10.02
Downloaded database version: v2013.05.07.01
Initializing...
Done!
<<<2>>>
Device number: 1, partition: 1
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff8a6f8ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a651e08, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a6f8ab8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a720f18, DeviceName: \Device\0000006c\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a654d98, DeviceName: \Device\Ide\IdeDeviceP2T0L0-1f\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe46d7c38, 0xffffffff8a6f8ab8, 0xffffffff898a8ab8
Lower DeviceData: 0xffffffffe13bb880, 0xffffffff8a654d98, 0xffffffff89736978
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 1, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a652ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a65f298, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a652ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a66a420, DeviceName: \Device\0000006b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a6fed98, DeviceName: \Device\Ide\IdeDeviceP5T0L0-14\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe3c5e830, 0xffffffff8a652ab8, 0xffffffff89635040
Lower DeviceData: 0xffffffffe3d80cd0, 0xffffffff8a6fed98, 0xffffffff89760e08
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: C7DD4DD5
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 1953520002
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E151E151
Partition information:
Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 625121217
Partition file system is NTFS
Partition is bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320071851520 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff8a0514b8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a2ee128, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a0514b8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a269ea0, DeviceName: \Device\00000082\, DriverName: \Driver\usbstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe3a143f0, 0xffffffff8a0514b8, 0xffffffff896696d8
Lower DeviceData: 0xffffffffe14245c8, 0xffffffff8a269ea0, 0xffffffff896c24a8
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2846E
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1953517568
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 1000202043392 bytes
Sector size: 512 bytes
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffffff8a01aab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a19e020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a01aab8, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a085ea0, DeviceName: \Device\00000083\, DriverName: \Driver\usbstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe137cc08, 0xffffffff8a01aab8, 0xffffffff898a75b8
Lower DeviceData: 0xffffffffe462b4a8, 0xffffffff8a085ea0, 0xffffffff898a8468
Drive 3
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F0AB1D8
Partition information:
Partition 0 type is Other (0xc)
Partition is ACTIVE.
Partition starts at LBA: 63 Numsec = 976768002
Partition file system is FAT32
Partition is not bootable
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff8a289ab8, DeviceName: \Device\Harddisk4\DR8\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a5ae218, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a289ab8, DeviceName: \Device\Harddisk4\DR8\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a26bea0, DeviceName: \Device\0000008c\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff8a1ab910, DeviceName: \Device\Harddisk5\DR9\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a335b20, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1ab910, DeviceName: \Device\Harddisk5\DR9\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a694600, DeviceName: \Device\0000008d\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xffffffff8a29e030, DeviceName: \Device\Harddisk6\DR10\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a05c020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a29e030, DeviceName: \Device\Harddisk6\DR10\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a0c0ea0, DeviceName: \Device\0000008e\, DriverName: \Driver\usbstor\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xffffffff8a2bc030, DeviceName: \Device\Harddisk7\DR11\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a679c20, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a2bc030, DeviceName: \Device\Harddisk7\DR11\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a0b5ea0, DeviceName: \Device\0000008f\, DriverName: \Driver\usbstor\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
Re: Prosim o preventivni kontrolu
Pardon, vložil jsem předtím z Malwarebytes Anti-Rootkit "system-log" místo "mbar-log-2013-05-10 (10-11-02)". Nyní to napravuji a omlouvám se:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.10.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Václav Zíka :: ERIN [administrator]
10.5.2013 10:11:02
mbar-log-2013-05-10 (10-11-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26327
Time elapsed: 9 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.10.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Václav Zíka :: ERIN [administrator]
10.5.2013 10:11:02
mbar-log-2013-05-10 (10-11-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26327
Time elapsed: 9 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Re: Prosim o preventivni kontrolu
Nasledujici soubory otestujte na VirusTotalu https://www.virustotal.com/cs/
- c:\windows\system32\atwtusb.exe
- Kliknete na Choose file
- Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
- Kliknete na Scan It
- Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
- Vysledek analyzy sem vlozte (jako odkaz)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosim o preventivni kontrolu
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
CREATERESTOREPOINT netsvcs drivers32 savembr:0 /md5start atapi.sys autochk.exe cdrom.sys explorer.exe hal.dll scecli.dll services.exe svchost.exe tcpip.sys userinit.exe winlogon.exe /md5stop %systemroot%*.* /U /s %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 %SYSTEMDRIVE%\*.exe HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 %PROGRAMFILES%\Opera\opera.exe /md5 %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 %SystemDrive%\PhysicalMBR.bin /md5 *crack* /s *keygen* /s *loader* /s- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
- Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosim o preventivni kontrolu
OTL.Txt:
----------
OTL logfile created on: 10.5.2013 23:16:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Václav Zíka\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,34% Memory free
3,85 Gb Paging File | 3,09 Gb Available in Paging File | 80,28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 173,49 Gb Free Space | 58,20% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 376,07 Gb Free Space | 40,37% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 637,01 Gb Free Space | 68,38% Space Free | Partition Type: NTFS
Drive J: | 465,65 Gb Total Space | 167,69 Gb Free Space | 36,01% Space Free | Partition Type: FAT32
Computer Name: ERIN | User Name: Václav Zíka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2013.05.10 23:05:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Václav Zíka\Plocha\OTL.exe
PRC - [2013.05.07 14:55:13 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.12 13:16:10 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.04.06 15:25:32 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.06 15:24:10 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.06 15:23:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.30 09:10:10 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.06.01 03:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
PRC - [2011.05.25 10:00:02 | 000,491,040 | ---- | M] () -- C:\Program Files\Seznam.cz\postak.exe
PRC - [2011.04.27 09:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2009.04.07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.04.17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.17 15:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.12.08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2001.03.05 00:06:12 | 001,024,211 | ---- | M] () -- C:\Program Files\Servant Salamander 2.0\salamand.exe
========== Modules (No Company Name) ==========
MOD - [2013.04.12 13:16:10 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.04.06 15:25:44 | 000,397,704 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.06.01 03:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
MOD - [2011.05.25 10:00:02 | 000,491,040 | ---- | M] () -- C:\Program Files\Seznam.cz\postak.exe
MOD - [2011.05.25 09:59:56 | 000,821,792 | ---- | M] () -- C:\Program Files\Seznam.cz\email.3.dll
MOD - [2011.05.25 09:59:40 | 001,145,888 | ---- | M] () -- C:\Program Files\Seznam.cz\core.3.dll
MOD - [2011.04.27 09:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
MOD - [2009.03.12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008.04.14 08:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.09.15 08:07:52 | 000,143,872 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2006.05.14 16:44:00 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll
MOD - [2003.06.08 00:15:16 | 000,286,720 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2003.05.15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2001.03.05 00:06:12 | 001,024,211 | ---- | M] () -- C:\Program Files\Servant Salamander 2.0\salamand.exe
========== Services (SafeList) ==========
SRV - [2013.04.12 13:16:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.06 15:25:32 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.06 15:23:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.30 09:18:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.30 09:10:10 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.27 09:23:10 | 000,871,936 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2008.04.17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\VCLAVZ~1\LOCALS~1\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013.05.10 10:00:49 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013.04.06 15:26:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.06 15:26:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.06 15:26:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.04.06 15:26:18 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.20 12:38:24 | 000,006,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\walvhid.sys -- (vhidmini)
DRV - [2009.03.08 13:15:14 | 000,006,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2008.08.28 00:39:42 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008.06.27 11:24:56 | 004,742,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.01.03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.07.07 16:26:04 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus)
DRV - [2005.07.07 16:26:00 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.07.07 16:25:58 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.07.07 16:25:52 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.07.07 16:25:50 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2003.12.05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... FF9A627DBC
IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 13:16:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 13:16:01 | 000,000,000 | ---D | M]
[2010.06.15 15:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Extensions
[2013.05.09 10:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\extensions
[2010.09.12 17:09:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.10 00:31:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.01.03 11:15:03 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.05.09 10:33:57 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.06 15:34:56 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\searchplugins\askcom.xml
[2013.04.12 13:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.12 13:15:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VáCLAV ZĂKA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\F7H9FK5Z.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2013.04.12 13:16:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.27 09:23:43 | 000,002,421 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2013.02.27 09:23:43 | 000,000,851 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2013.02.27 09:23:43 | 000,001,580 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2013.02.27 09:23:43 | 000,000,867 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2013.02.27 09:23:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2013.05.09 11:56:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Ukazatel S-Rank) - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll ()
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MacrokeyManager] C:\windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003..\Run: [Adfyqemia] C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe ()
O4 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003..\Run: [Seznam Postak] C:\Program Files\Seznam.cz\postak.exe ()
O4 - HKLM..\RunOnce: [Z1] C:\windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled [2008.08.31 01:45:17 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office Outlook 2003.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll ()
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} http://www.earn2life.com/plugin/Earn2Life.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.13.80.80 85.13.80.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA6B6FAD-9F46-4B0C-B5D8-394887872646}: DhcpNameServer = 85.13.80.80 85.13.80.90
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Václav Zíka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Václav Zíka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.28 18:44:28 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:)
O34 - HKLM BootExecute: (autocheck autochk /p \??\K:)
O34 - HKLM BootExecute: (autocheck autochk /p \??\L:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.divxa32 - C:\windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2013.05.10 23:05:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Václav Zíka\Plocha\OTL.exe
[2013.05.10 10:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2013.05.10 10:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Václav Zíka\Plocha\mbar
[2013.05.09 11:42:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.05.09 11:42:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.05.09 11:42:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2013.05.09 11:42:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.05.09 11:41:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.09 11:29:58 | 005,067,786 | R--- | C] (Swearware) -- C:\Documents and Settings\Václav Zíka\Plocha\ComboFix.exe
[2013.05.09 11:18:58 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Václav Zíka\Plocha\rkill.com
[2013.05.09 01:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Woalxy
[2013.05.09 01:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko
[2013.05.09 01:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Luom
========== Files - Modified Within 7 Days ==========
[2013.05.10 23:18:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.05.10 23:18:00 | 000,000,914 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.05.10 23:05:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Václav Zíka\Plocha\OTL.exe
[2013.05.10 22:49:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.10 17:44:43 | 000,002,840 | ---- | M] () -- C:\windows\TRNCOM.INI
[2013.05.10 17:44:43 | 000,001,680 | ---- | M] () -- C:\windows\MAILTRAN.INI
[2013.05.10 13:49:00 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.10 10:00:49 | 000,035,144 | ---- | M] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2013.05.10 09:57:12 | 012,917,756 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Plocha\mbar-1.05.0.1001.zip
[2013.05.10 07:45:59 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2013.05.10 07:44:11 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2013.05.10 07:44:09 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.10 02:05:19 | 000,005,370 | ---- | M] () -- C:\windows\WDICT32.INI
[2013.05.09 21:46:16 | 000,006,687 | ---- | M] () -- C:\windows\WTRAN32.INI
[2013.05.09 21:46:16 | 000,000,000 | ---- | M] () -- C:\windows\XXLGSC
[2013.05.09 11:56:22 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013.05.09 11:30:11 | 005,067,786 | R--- | M] (Swearware) -- C:\Documents and Settings\Václav Zíka\Plocha\ComboFix.exe
[2013.05.09 11:18:58 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Václav Zíka\Plocha\rkill.com
[2013.05.09 10:38:29 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Plocha\Zástupce - RSIT.lnk
[2013.05.09 08:05:20 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office Outlook 2003.lnk
[2013.05.08 20:36:27 | 001,075,544 | ---- | M] () -- C:\windows\System32\nvdrsdb0.bin
[2013.05.08 20:36:27 | 000,000,001 | ---- | M] () -- C:\windows\System32\nvdrssel.bin
[2013.05.08 20:23:39 | 001,075,544 | ---- | M] () -- C:\windows\System32\nvdrsdb1.bin
========== Files Created - No Company Name ==========
[2013.05.10 23:18:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.05.10 10:00:49 | 000,035,144 | ---- | C] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2013.05.10 09:57:11 | 012,917,756 | ---- | C] () -- C:\Documents and Settings\Václav Zíka\Plocha\mbar-1.05.0.1001.zip
[2013.05.09 11:42:01 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.05.09 11:42:01 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.05.09 11:42:01 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.05.09 11:42:01 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.05.09 11:42:01 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.05.09 10:38:29 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Václav Zíka\Plocha\Zástupce - RSIT.lnk
[2013.04.09 23:12:41 | 000,012,384 | ---- | C] () -- C:\Documents and Settings\Václav Zíka\.recently-used.xbel
[2013.02.26 02:55:20 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI
[2012.07.06 11:57:43 | 001,075,544 | ---- | C] () -- C:\windows\System32\nvdrsdb1.bin
[2012.07.06 11:57:43 | 001,075,544 | ---- | C] () -- C:\windows\System32\nvdrsdb0.bin
[2012.07.06 11:57:43 | 000,000,001 | ---- | C] () -- C:\windows\System32\nvdrssel.bin
[2012.07.06 11:57:20 | 002,807,708 | ---- | C] () -- C:\windows\System32\nvdata.data
[2012.07.06 11:55:02 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2012.04.12 16:52:48 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2012.02.15 17:28:41 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2011.12.25 16:17:49 | 000,010,513 | ---- | C] () -- C:\windows\System32\Windows7.ini
[2011.12.25 16:17:49 | 000,010,251 | ---- | C] () -- C:\windows\System32\Vista.ini
[2011.12.25 16:17:49 | 000,009,868 | ---- | C] () -- C:\windows\System32\XP_2000.ini
[2011.12.25 16:17:48 | 000,022,856 | ---- | C] () -- C:\windows\System32\Photoshop Elements.ini
[2011.12.25 16:17:48 | 000,015,605 | ---- | C] () -- C:\windows\System32\PhotoImpact XL SE.ini
[2011.12.25 16:17:48 | 000,000,969 | ---- | C] () -- C:\windows\System32\Corel Draw Essential X5.ini
[2011.12.25 16:17:48 | 000,000,963 | ---- | C] () -- C:\windows\System32\Corel Draw Essential 4.ini
[2011.12.25 16:17:48 | 000,000,833 | ---- | C] () -- C:\windows\System32\MKProfile.ini
[2011.12.25 16:17:46 | 000,871,936 | ---- | C] () -- C:\windows\System32\atwtusb.exe
[2011.12.25 16:17:45 | 007,144,448 | ---- | C] () -- C:\windows\System32\WTMKM.exe
[2011.12.25 16:17:41 | 000,045,056 | ---- | C] () -- C:\windows\System32\InstallService.exe
[2011.12.25 16:17:40 | 004,109,824 | ---- | C] () -- C:\windows\System32\Control Panel_Betteryless.exe
[2011.12.25 16:17:39 | 000,147,456 | ---- | C] () -- C:\windows\System32\Calibration.exe
[2011.12.25 16:17:37 | 000,835,072 | ---- | C] () -- C:\windows\RmTablet.exe
[2011.12.25 16:17:36 | 000,010,708 | ---- | C] () -- C:\windows\System32\aiptbl.ini
[2008.12.09 00:42:20 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Václav Zíka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.31 13:59:03 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Václav Zíka\Local Settings\Data aplikací\FASTWiz.html
[2008.08.30 23:12:03 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
========== ZeroAccess Check ==========
[2009.02.14 18:07:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.21 21:10:13 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.04.24 23:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAZ 3D
[2011.10.30 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GoldWaveCDDB
[2012.12.25 00:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IsolatedStorage
[2013.04.13 09:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\KASTNER software
[2011.12.25 16:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Tablet
[2012.12.12 18:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.03.24 21:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\AMPSoft
[2008.12.31 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Blender Foundation
[2013.03.04 09:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\calibre
[2013.04.06 15:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\CallingID
[2013.04.24 23:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DAZ 3D
[2009.12.07 00:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Docx2Rtf
[2013.03.03 11:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft
[2013.03.03 11:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoftIEHelpers
[2011.02.22 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Epson
[2013.04.24 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Firestorm
[2013.04.24 20:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\FirestormBack
[2010.02.08 17:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\FLV Extract
[2011.10.30 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\GoldWaveCDDB
[2013.04.11 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\gtk-2.0
[2012.12.25 00:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\IsolatedStorage
[2010.09.25 12:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Jpeg Resampler
[2013.04.13 09:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Kastner software
[2013.05.10 23:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Luom
[2010.12.06 01:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mumble
[2011.06.21 11:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\MyPhoneExplorer
[2013.05.09 01:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko
[2009.12.07 00:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\NwDocx
[2012.06.19 19:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy
[2009.12.08 02:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenOffice.org
[2010.10.25 16:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Opera
[2012.04.12 20:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Tomas Varaneckas
[2011.01.14 01:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\WeGame
[2013.05.09 01:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Woalxy
[2012.10.18 20:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\YCanPDF
[2012.12.24 10:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Zena+Cornie
========== Purity Check ==========
========== Custom Scans ==========
< >
[2008.08.27 22:56:13 | 000,000,065 | RH-- | C] () -- C:\windows\Tasks\desktop.ini
[2008.08.27 23:00:06 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2012.07.19 16:34:53 | 000,000,936 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.07.19 16:34:54 | 000,000,940 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.08.11 14:20:27 | 000,000,284 | ---- | C] () -- C:\windows\Tasks\mixpadShakeIcon.job
[2013.03.30 09:07:21 | 000,000,914 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2013.04.11 13:36:27 | 000,000,288 | ---- | C] () -- C:\windows\Tasks\wavepadShakeIcon.job
[2013.04.18 21:18:17 | 000,000,280 | ---- | C] () -- C:\windows\Tasks\stampShakeIcon.job
< >
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.02.09 13:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2004.08.17 15:49:28 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< >
< %systemroot%*.* /U /s >
[20 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.09.20 15:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Adobe
[2008.08.30 23:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\AdobeUM
[2010.03.24 21:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\AMPSoft
[2008.10.11 18:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Apple Computer
[2011.10.05 15:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\ArcSoft
[2013.04.06 15:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Avira
[2008.12.31 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Blender Foundation
[2013.03.04 09:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\calibre
[2013.04.06 15:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\CallingID
[2008.09.10 00:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\CyberLink
[2013.04.24 23:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DAZ 3D
[2009.12.07 00:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Docx2Rtf
[2013.03.03 11:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft
[2013.03.03 11:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoftIEHelpers
[2011.02.22 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Epson
[2013.04.24 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Firestorm
[2013.04.24 20:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\FirestormBack
[2010.02.08 17:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\FLV Extract
[2011.10.30 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\GoldWaveCDDB
[2008.08.30 23:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\GRETECH
[2013.04.11 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\gtk-2.0
[2008.09.07 20:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Help
[2008.08.27 23:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Identities
[2008.08.27 23:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\InstallShield
[2012.12.25 00:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\IsolatedStorage
[2010.09.25 12:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Jpeg Resampler
[2013.04.13 09:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Kastner software
[2011.10.21 20:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Lavasoft
[2013.05.10 23:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Luom
[2008.08.31 16:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Macromedia
[2013.04.16 00:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Media Player Classic
[2013.05.09 01:03:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Microsoft
[2010.06.15 15:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla
[2010.12.06 01:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mumble
[2011.06.21 11:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\MyPhoneExplorer
[2011.11.13 11:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\NCH Software
[2013.05.09 01:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko
[2012.07.06 12:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\NVIDIA
[2009.12.07 00:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\NwDocx
[2012.06.19 19:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy
[2009.12.08 02:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenOffice.org
[2009.12.08 02:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenOffice.org2
[2010.10.25 16:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Opera
[2009.01.30 00:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\PSpad
[2008.10.28 13:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Real
[2013.05.10 08:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Skype
[2011.04.09 08:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\skypePM
[2009.06.05 15:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Sun
[2012.04.12 20:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Tomas Varaneckas
[2011.01.14 01:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\WeGame
[2013.05.09 01:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Woalxy
[2012.10.18 20:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\YCanPDF
[2012.12.24 10:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Zena+Cornie
< %APPDATA%\*.exe /s >
[2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Data aplikací\GRETECH\GomPlayer\GrLauncher.exe
[2010.04.26 15:32:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Data aplikací\GRETECH\GomPlayer\GrLauncherTempSetup.exe
[2010.04.02 15:37:51 | 000,094,208 | R--- | M] () -- C:\Documents and Settings\Václav Zíka\Data aplikací\Microsoft\Installer\{4723F199-FA64-4233-8E6E-9FCCC95A18EE}\python_icon.exe
[2012.07.07 15:41:05 | 000,231,424 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe
[2012.04.20 19:08:46 | 005,837,432 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy\F6368568F7CA49CBA37CA6970818A214\speedupmypcROW.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2013.05.10 23:18:00 | 000,000,914 | ---- | M] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2013.05.10 13:49:00 | 000,000,936 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.10 22:49:00 | 000,000,940 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.04.25 23:55:02 | 000,000,284 | ---- | M] () -- C:\windows\Tasks\mixpadShakeIcon.job
[2013.04.27 21:18:05 | 000,000,280 | ---- | M] () -- C:\windows\Tasks\stampShakeIcon.job
[2013.04.11 13:36:27 | 000,000,288 | ---- | M] () -- C:\windows\Tasks\wavepadShakeIcon.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.08.28 00:43:30 | 000,094,208 | ---- | M] () -- C:\windows\System32\config\default.sav
[2008.08.28 00:43:30 | 000,663,552 | ---- | M] () -- C:\windows\System32\config\software.sav
[2008.08.28 00:43:30 | 000,491,520 | ---- | M] () -- C:\windows\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
[2013.05.10 10:00:49 | 000,035,144 | ---- | M] () -- C:\windows\system32\drivers\mbamchameleon.sys
< %systemroot%\system32\*.* /3 >
[2013.05.08 20:36:27 | 001,075,544 | ---- | M] () -- C:\windows\system32\nvdrsdb0.bin
[2013.05.08 20:23:39 | 001,075,544 | ---- | M] () -- C:\windows\system32\nvdrsdb1.bin
[2013.05.08 20:36:27 | 000,000,001 | ---- | M] () -- C:\windows\system32\nvdrssel.bin
[2013.05.10 07:45:59 | 000,002,206 | ---- | M] () -- C:\windows\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Seznam Postak" = "C:\Program Files\Seznam.cz\postak.exe" -s -- [2011.05.25 10:00:02 | 000,491,040 | ---- | M] ()
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2013.02.28 18:50:02 | 018,642,024 | R--- | M] (Skype Technologies S.A.)
"Adfyqemia" = "C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe" -- [2012.07.07 15:41:05 | 000,231,424 | ---- | M] ()
"ctfmon.exe" = C:\windows\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.04.12 13:16:10 | 000,920,472 | ---- | M] (Mozilla Corporation) MD5=6F5386A655598F71BAAB2D6B63A69D6A -- C:\Program Files\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2008.04.14 08:52:28 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=414AFE6E8CCDE984E16D5ED08624CEC6 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2012.11.28 12:35:29 | 000,878,480 | ---- | M] (Opera Software) MD5=E96462DD021F65D61D3F97056C3EF236 -- C:\Program Files\Opera\opera.exe
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.05.10 23:18:42 | 000,000,512 | ---- | M] () MD5=0D3061C6BB8F34CDB6EC4189203F5ADE -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2003.02.11 08:29:24 | 000,120,054 | ---- | M] () -- \Documents and Settings\Václav Zíka\Dokumenty\- Záloha Flash (4 GB) [7.] -\Covers\Patterns\Cracked Emerald.pat
[2003.02.11 08:29:30 | 000,011,078 | ---- | M] () -- \Documents and Settings\Václav Zíka\Dokumenty\- Záloha Flash (4 GB) [7.] -\Covers\Textures\Cracked Cement.tex
[2012.12.18 01:05:37 | 000,103,223 | ---- | M] () -- \Documents and Settings\Václav Zíka\Dokumenty\Obrázky\Google\120th_anniversary_of_the_nutcracker_ballet-992006-hp.jpg
[2008.11.22 23:37:10 | 000,062,238 | ---- | M] () -- \Program Files\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat
[1999.08.13 06:00:00 | 000,120,054 | ---- | M] () -- \Program Files\Paint Shop Pro 6\Patterns\Cracked Emerald.pat
[1999.08.13 06:00:00 | 000,011,078 | ---- | M] () -- \Program Files\Paint Shop Pro 6\Textures\Cracked Cement.tex
< *keygen* /s >
[1999.07.06 17:23:10 | 000,073,770 | ---- | M] () -- \Program Files\IronWare Communication\IW FTPort Client\Keygen.exe
< *loader* /s >
[2012.12.04 18:00:50 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.12.04 18:00:50 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2012.12.04 18:00:50 | 000,009,772 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\retina\loader@2x.png
[2012.07.06 12:24:36 | 000,008,386 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\backup\FreeYTVDownloader\FreeYTVDownloaderProfile.xml
[2013.01.25 19:45:02 | 000,003,704 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\FreeYTVDownloader\FreeYTVDownloaderProfile.xml
[2013.03.03 11:54:51 | 000,059,788 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\logs\FreeYTVDownloader.log
[2013.03.03 11:37:31 | 000,143,346 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\logs\FreeYTVDownloader_install.txt
[2013.03.03 11:34:38 | 002,264,724 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\logs\FreeYTVDownloader_v1.log
[2013.03.03 11:38:42 | 000,105,682 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\logs\YTVDownloader_extra1.log
[2011.03.26 16:16:32 | 003,258,368 | ---- | M] () -- \Documents and Settings\Václav Zíka\Dokumenty\Install\YoutubeDownloaderSetup_1.1.msi
[2012.10.17 15:57:39 | 000,000,214 | ---- | M] () -- \Documents and Settings\Václav Zíka\Local Settings\Data aplikací\Opera\Opera\icons\http%3A%2F%2Fstep.yourfiledownloader.com%2Fstatic%2Fa%2Fimages%2Ffavicon.png
[2012.10.17 15:57:39 | 000,000,219 | ---- | M] () -- \Documents and Settings\Václav Zíka\Local Settings\Data aplikací\Opera\Opera\icons\step.yourfiledownloader.com.idx
[2013.04.06 15:24:13 | 000,052,960 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.dll
[2013.04.06 15:24:14 | 000,232,672 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.exe
[2013.05.07 14:55:15 | 001,711,672 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloadergui.dll
[3 \Program Files\Avira\AntiVir Desktop\*.tmp files -> \Program Files\Avira\AntiVir Desktop\*.tmp -> ]
[2013.02.28 21:30:20 | 000,044,032 | R--- | M] () -- \Program Files\Calibre2\DLLs\PyISAPI_loader.dll
[2013.03.01 17:10:18 | 000,940,192 | ---- | M] () -- \Program Files\Common Files\DVDVideoSoft\lib\DVSVideoDownloader.dll
[2013.01.28 13:12:34 | 000,041,096 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\DVDVideoSoft.DVSVideoDownloader.dll
[2013.01.31 22:28:30 | 002,348,544 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
[2012.12.27 18:03:02 | 000,001,020 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.xml
[2013.01.25 19:45:02 | 000,003,704 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloaderProfile.xml
[2013.01.22 21:39:36 | 000,006,223 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloaderProfileD.xml
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\de-DE\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,045,056 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\el-GR\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\es-ES\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,040,960 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\fr-FR\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\hu-HU\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\it-IT\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,040,960 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\ja-JP\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\nl-NL\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\pl-PL\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\pt-BR\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\pt-PT\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,045,056 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\ru-RU\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\tr-TR\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\zh-CHS\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\zh-CHT\FreeYTVDownloader.resources.dll
[2008.11.07 19:06:24 | 000,000,042 | ---- | M] () -- \Program Files\GIMP-2.0\etc\gtk-2.0\gdk-pixbuf.loaders
[2011.10.17 14:10:26 | 000,071,528 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2011.11.06 11:09:52 | 000,083,816 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2009.09.28 21:48:33 | 000,006,639 | ---- | M] () -- \Program Files\OpenOffice.org 2.4\program\pythonloader.pyc
[2010.06.07 21:11:08 | 000,006,262 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2011.09.25 11:10:31 | 000,005,437 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.pyc
[2010.10.03 10:09:02 | 000,021,504 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2010.06.07 21:19:10 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2010.10.03 10:09:15 | 000,029,184 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2010.06.09 16:21:40 | 000,003,874 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2004.08.17 15:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8FF81EB0
< End of report >
----------
OTL logfile created on: 10.5.2013 23:16:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Václav Zíka\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,34% Memory free
3,85 Gb Paging File | 3,09 Gb Available in Paging File | 80,28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 173,49 Gb Free Space | 58,20% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 376,07 Gb Free Space | 40,37% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 637,01 Gb Free Space | 68,38% Space Free | Partition Type: NTFS
Drive J: | 465,65 Gb Total Space | 167,69 Gb Free Space | 36,01% Space Free | Partition Type: FAT32
Computer Name: ERIN | User Name: Václav Zíka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2013.05.10 23:05:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Václav Zíka\Plocha\OTL.exe
PRC - [2013.05.07 14:55:13 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.12 13:16:10 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.04.06 15:25:32 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.06 15:24:10 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.04.06 15:23:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.30 09:10:10 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011.06.01 03:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
PRC - [2011.05.25 10:00:02 | 000,491,040 | ---- | M] () -- C:\Program Files\Seznam.cz\postak.exe
PRC - [2011.04.27 09:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
PRC - [2009.04.07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008.04.17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.17 15:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.12.08 17:35:14 | 000,032,768 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
PRC - [2001.03.05 00:06:12 | 001,024,211 | ---- | M] () -- C:\Program Files\Servant Salamander 2.0\salamand.exe
========== Modules (No Company Name) ==========
MOD - [2013.04.12 13:16:10 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.04.06 15:25:44 | 000,397,704 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.06.01 03:46:40 | 007,144,448 | ---- | M] () -- C:\WINDOWS\system32\WTMKM.exe
MOD - [2011.05.25 10:00:02 | 000,491,040 | ---- | M] () -- C:\Program Files\Seznam.cz\postak.exe
MOD - [2011.05.25 09:59:56 | 000,821,792 | ---- | M] () -- C:\Program Files\Seznam.cz\email.3.dll
MOD - [2011.05.25 09:59:40 | 001,145,888 | ---- | M] () -- C:\Program Files\Seznam.cz\core.3.dll
MOD - [2011.04.27 09:23:10 | 000,871,936 | ---- | M] () -- C:\WINDOWS\system32\atwtusb.exe
MOD - [2009.03.12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008.11.21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
MOD - [2008.04.14 08:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.09.15 08:07:52 | 000,143,872 | ---- | M] () -- C:\Program Files\7-Zip\7-zip.dll
MOD - [2006.05.14 16:44:00 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll
MOD - [2003.06.08 00:15:16 | 000,286,720 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2003.05.15 14:43:24 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2001.03.05 00:06:12 | 001,024,211 | ---- | M] () -- C:\Program Files\Servant Salamander 2.0\salamand.exe
========== Services (SafeList) ==========
SRV - [2013.04.12 13:16:10 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.06 15:25:32 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.06 15:23:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.30 09:18:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.30 09:10:10 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.27 09:23:10 | 000,871,936 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\atwtusb.exe -- (WTService)
SRV - [2008.04.17 15:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\VCLAVZ~1\LOCALS~1\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013.05.10 10:00:49 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013.04.06 15:26:18 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.04.06 15:26:18 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.04.06 15:26:18 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.04.06 15:26:18 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.20 12:38:24 | 000,006,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\walvhid.sys -- (vhidmini)
DRV - [2009.03.08 13:15:14 | 000,006,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2008.08.28 00:39:42 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008.06.27 11:24:56 | 004,742,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.01.03 16:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.11.10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005.07.07 16:26:04 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus)
DRV - [2005.07.07 16:26:00 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.07.07 16:25:58 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.07.07 16:25:52 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.07.07 16:25:50 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2003.12.05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... FF9A627DBC
IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:1.0.10
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.7
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 13:16:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 13:16:01 | 000,000,000 | ---D | M]
[2010.06.15 15:39:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Extensions
[2013.05.09 10:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\extensions
[2010.09.12 17:09:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.10 00:31:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.01.03 11:15:03 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.05.09 10:33:57 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.06 15:34:56 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla\Firefox\Profiles\f7h9fk5z.default\searchplugins\askcom.xml
[2013.04.12 13:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.04.12 13:15:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VáCLAV ZĂKA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\F7H9FK5Z.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2013.04.12 13:16:10 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.02.27 09:23:43 | 000,002,421 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2013.02.27 09:23:43 | 000,000,851 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2013.02.27 09:23:43 | 000,001,580 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2013.02.27 09:23:43 | 000,000,867 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2013.02.27 09:23:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2013.05.09 11:56:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Ukazatel S-Rank) - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.3.dll ()
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [MacrokeyManager] C:\windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\windows\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003..\Run: [Adfyqemia] C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe ()
O4 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003..\Run: [Seznam Postak] C:\Program Files\Seznam.cz\postak.exe ()
O4 - HKLM..\RunOnce: [Z1] C:\windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled [2008.08.31 01:45:17 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office Outlook 2003.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-2052111302-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll ()
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} http://www.earn2life.com/plugin/Earn2Life.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.13.80.80 85.13.80.90
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA6B6FAD-9F46-4B0C-B5D8-394887872646}: DhcpNameServer = 85.13.80.80 85.13.80.90
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Václav Zíka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Václav Zíka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.28 18:44:28 | 000,000,000 | ---D | M] - F:\autorun -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:)
O34 - HKLM BootExecute: (autocheck autochk /p \??\K:)
O34 - HKLM BootExecute: (autocheck autochk /p \??\L:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.divxa32 - C:\windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\windows\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2013.05.10 23:05:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Václav Zíka\Plocha\OTL.exe
[2013.05.10 10:00:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2013.05.10 10:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Václav Zíka\Plocha\mbar
[2013.05.09 11:42:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013.05.09 11:42:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013.05.09 11:42:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2013.05.09 11:42:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013.05.09 11:41:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.09 11:29:58 | 005,067,786 | R--- | C] (Swearware) -- C:\Documents and Settings\Václav Zíka\Plocha\ComboFix.exe
[2013.05.09 11:18:58 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Václav Zíka\Plocha\rkill.com
[2013.05.09 01:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Woalxy
[2013.05.09 01:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko
[2013.05.09 01:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Luom
========== Files - Modified Within 7 Days ==========
[2013.05.10 23:18:42 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.05.10 23:18:00 | 000,000,914 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013.05.10 23:05:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Václav Zíka\Plocha\OTL.exe
[2013.05.10 22:49:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.10 17:44:43 | 000,002,840 | ---- | M] () -- C:\windows\TRNCOM.INI
[2013.05.10 17:44:43 | 000,001,680 | ---- | M] () -- C:\windows\MAILTRAN.INI
[2013.05.10 13:49:00 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.10 10:00:49 | 000,035,144 | ---- | M] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2013.05.10 09:57:12 | 012,917,756 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Plocha\mbar-1.05.0.1001.zip
[2013.05.10 07:45:59 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2013.05.10 07:44:11 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2013.05.10 07:44:09 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.10 02:05:19 | 000,005,370 | ---- | M] () -- C:\windows\WDICT32.INI
[2013.05.09 21:46:16 | 000,006,687 | ---- | M] () -- C:\windows\WTRAN32.INI
[2013.05.09 21:46:16 | 000,000,000 | ---- | M] () -- C:\windows\XXLGSC
[2013.05.09 11:56:22 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2013.05.09 11:30:11 | 005,067,786 | R--- | M] (Swearware) -- C:\Documents and Settings\Václav Zíka\Plocha\ComboFix.exe
[2013.05.09 11:18:58 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Václav Zíka\Plocha\rkill.com
[2013.05.09 10:38:29 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Plocha\Zástupce - RSIT.lnk
[2013.05.09 08:05:20 | 000,002,541 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office Outlook 2003.lnk
[2013.05.08 20:36:27 | 001,075,544 | ---- | M] () -- C:\windows\System32\nvdrsdb0.bin
[2013.05.08 20:36:27 | 000,000,001 | ---- | M] () -- C:\windows\System32\nvdrssel.bin
[2013.05.08 20:23:39 | 001,075,544 | ---- | M] () -- C:\windows\System32\nvdrsdb1.bin
========== Files Created - No Company Name ==========
[2013.05.10 23:18:42 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.05.10 10:00:49 | 000,035,144 | ---- | C] () -- C:\windows\System32\drivers\mbamchameleon.sys
[2013.05.10 09:57:11 | 012,917,756 | ---- | C] () -- C:\Documents and Settings\Václav Zíka\Plocha\mbar-1.05.0.1001.zip
[2013.05.09 11:42:01 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013.05.09 11:42:01 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013.05.09 11:42:01 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013.05.09 11:42:01 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013.05.09 11:42:01 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013.05.09 10:38:29 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Václav Zíka\Plocha\Zástupce - RSIT.lnk
[2013.04.09 23:12:41 | 000,012,384 | ---- | C] () -- C:\Documents and Settings\Václav Zíka\.recently-used.xbel
[2013.02.26 02:55:20 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI
[2012.07.06 11:57:43 | 001,075,544 | ---- | C] () -- C:\windows\System32\nvdrsdb1.bin
[2012.07.06 11:57:43 | 001,075,544 | ---- | C] () -- C:\windows\System32\nvdrsdb0.bin
[2012.07.06 11:57:43 | 000,000,001 | ---- | C] () -- C:\windows\System32\nvdrssel.bin
[2012.07.06 11:57:20 | 002,807,708 | ---- | C] () -- C:\windows\System32\nvdata.data
[2012.07.06 11:55:02 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2012.04.12 16:52:48 | 000,000,118 | ---- | C] () -- C:\windows\System32\MRT.INI
[2012.02.15 17:28:41 | 000,003,072 | ---- | C] () -- C:\windows\System32\iacenc.dll
[2011.12.25 16:17:49 | 000,010,513 | ---- | C] () -- C:\windows\System32\Windows7.ini
[2011.12.25 16:17:49 | 000,010,251 | ---- | C] () -- C:\windows\System32\Vista.ini
[2011.12.25 16:17:49 | 000,009,868 | ---- | C] () -- C:\windows\System32\XP_2000.ini
[2011.12.25 16:17:48 | 000,022,856 | ---- | C] () -- C:\windows\System32\Photoshop Elements.ini
[2011.12.25 16:17:48 | 000,015,605 | ---- | C] () -- C:\windows\System32\PhotoImpact XL SE.ini
[2011.12.25 16:17:48 | 000,000,969 | ---- | C] () -- C:\windows\System32\Corel Draw Essential X5.ini
[2011.12.25 16:17:48 | 000,000,963 | ---- | C] () -- C:\windows\System32\Corel Draw Essential 4.ini
[2011.12.25 16:17:48 | 000,000,833 | ---- | C] () -- C:\windows\System32\MKProfile.ini
[2011.12.25 16:17:46 | 000,871,936 | ---- | C] () -- C:\windows\System32\atwtusb.exe
[2011.12.25 16:17:45 | 007,144,448 | ---- | C] () -- C:\windows\System32\WTMKM.exe
[2011.12.25 16:17:41 | 000,045,056 | ---- | C] () -- C:\windows\System32\InstallService.exe
[2011.12.25 16:17:40 | 004,109,824 | ---- | C] () -- C:\windows\System32\Control Panel_Betteryless.exe
[2011.12.25 16:17:39 | 000,147,456 | ---- | C] () -- C:\windows\System32\Calibration.exe
[2011.12.25 16:17:37 | 000,835,072 | ---- | C] () -- C:\windows\RmTablet.exe
[2011.12.25 16:17:36 | 000,010,708 | ---- | C] () -- C:\windows\System32\aiptbl.ini
[2008.12.09 00:42:20 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Václav Zíka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.08.31 13:59:03 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Václav Zíka\Local Settings\Data aplikací\FASTWiz.html
[2008.08.30 23:12:03 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
========== ZeroAccess Check ==========
[2009.02.14 18:07:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.21 21:10:13 | 001,510,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.04.24 23:07:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAZ 3D
[2011.10.30 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\GoldWaveCDDB
[2012.12.25 00:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IsolatedStorage
[2013.04.13 09:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\KASTNER software
[2011.12.25 16:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Tablet
[2012.12.12 18:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.03.24 21:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\AMPSoft
[2008.12.31 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Blender Foundation
[2013.03.04 09:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\calibre
[2013.04.06 15:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\CallingID
[2013.04.24 23:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DAZ 3D
[2009.12.07 00:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Docx2Rtf
[2013.03.03 11:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft
[2013.03.03 11:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoftIEHelpers
[2011.02.22 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Epson
[2013.04.24 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Firestorm
[2013.04.24 20:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\FirestormBack
[2010.02.08 17:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\FLV Extract
[2011.10.30 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\GoldWaveCDDB
[2013.04.11 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\gtk-2.0
[2012.12.25 00:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\IsolatedStorage
[2010.09.25 12:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Jpeg Resampler
[2013.04.13 09:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Kastner software
[2013.05.10 23:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Luom
[2010.12.06 01:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mumble
[2011.06.21 11:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\MyPhoneExplorer
[2013.05.09 01:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko
[2009.12.07 00:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\NwDocx
[2012.06.19 19:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy
[2009.12.08 02:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenOffice.org
[2010.10.25 16:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Opera
[2012.04.12 20:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Tomas Varaneckas
[2011.01.14 01:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\WeGame
[2013.05.09 01:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Woalxy
[2012.10.18 20:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\YCanPDF
[2012.12.24 10:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Zena+Cornie
========== Purity Check ==========
========== Custom Scans ==========
< >
[2008.08.27 22:56:13 | 000,000,065 | RH-- | C] () -- C:\windows\Tasks\desktop.ini
[2008.08.27 23:00:06 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2012.07.19 16:34:53 | 000,000,936 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.07.19 16:34:54 | 000,000,940 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.08.11 14:20:27 | 000,000,284 | ---- | C] () -- C:\windows\Tasks\mixpadShakeIcon.job
[2013.03.30 09:07:21 | 000,000,914 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2013.04.11 13:36:27 | 000,000,288 | ---- | C] () -- C:\windows\Tasks\wavepadShakeIcon.job
[2013.04.18 21:18:17 | 000,000,280 | ---- | C] () -- C:\windows\Tasks\stampShakeIcon.job
< >
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SERVICES.EXE >
[2009.02.09 13:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2004.08.17 15:49:28 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 13:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< >
< %systemroot%*.* /U /s >
[20 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.09.20 15:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Adobe
[2008.08.30 23:45:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\AdobeUM
[2010.03.24 21:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\AMPSoft
[2008.10.11 18:29:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Apple Computer
[2011.10.05 15:40:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\ArcSoft
[2013.04.06 15:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Avira
[2008.12.31 15:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Blender Foundation
[2013.03.04 09:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\calibre
[2013.04.06 15:45:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\CallingID
[2008.09.10 00:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\CyberLink
[2013.04.24 23:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DAZ 3D
[2009.12.07 00:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Docx2Rtf
[2013.03.03 11:37:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft
[2013.03.03 11:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoftIEHelpers
[2011.02.22 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Epson
[2013.04.24 17:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Firestorm
[2013.04.24 20:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\FirestormBack
[2010.02.08 17:42:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\FLV Extract
[2011.10.30 23:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\GoldWaveCDDB
[2008.08.30 23:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\GRETECH
[2013.04.11 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\gtk-2.0
[2008.09.07 20:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Help
[2008.08.27 23:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Identities
[2008.08.27 23:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\InstallShield
[2012.12.25 00:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\IsolatedStorage
[2010.09.25 12:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Jpeg Resampler
[2013.04.13 09:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Kastner software
[2011.10.21 20:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Lavasoft
[2013.05.10 23:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Luom
[2008.08.31 16:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Macromedia
[2013.04.16 00:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Media Player Classic
[2013.05.09 01:03:22 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Microsoft
[2010.06.15 15:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mozilla
[2010.12.06 01:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mumble
[2011.06.21 11:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\MyPhoneExplorer
[2011.11.13 11:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\NCH Software
[2013.05.09 01:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko
[2012.07.06 12:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\NVIDIA
[2009.12.07 00:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\NwDocx
[2012.06.19 19:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy
[2009.12.08 02:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenOffice.org
[2009.12.08 02:22:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenOffice.org2
[2010.10.25 16:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Opera
[2009.01.30 00:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\PSpad
[2008.10.28 13:45:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Real
[2013.05.10 08:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Skype
[2011.04.09 08:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\skypePM
[2009.06.05 15:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Sun
[2012.04.12 20:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Tomas Varaneckas
[2011.01.14 01:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\WeGame
[2013.05.09 01:03:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Woalxy
[2012.10.18 20:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\YCanPDF
[2012.12.24 10:59:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Zena+Cornie
< %APPDATA%\*.exe /s >
[2007.03.22 12:46:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Data aplikací\GRETECH\GomPlayer\GrLauncher.exe
[2010.04.26 15:32:58 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Data aplikací\GRETECH\GomPlayer\GrLauncherTempSetup.exe
[2010.04.02 15:37:51 | 000,094,208 | R--- | M] () -- C:\Documents and Settings\Václav Zíka\Data aplikací\Microsoft\Installer\{4723F199-FA64-4233-8E6E-9FCCC95A18EE}\python_icon.exe
[2012.07.07 15:41:05 | 000,231,424 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe
[2012.04.20 19:08:46 | 005,837,432 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy\F6368568F7CA49CBA37CA6970818A214\speedupmypcROW.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
[2013.05.10 23:18:00 | 000,000,914 | ---- | M] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2013.05.10 13:49:00 | 000,000,936 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.05.10 22:49:00 | 000,000,940 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.04.25 23:55:02 | 000,000,284 | ---- | M] () -- C:\windows\Tasks\mixpadShakeIcon.job
[2013.04.27 21:18:05 | 000,000,280 | ---- | M] () -- C:\windows\Tasks\stampShakeIcon.job
[2013.04.11 13:36:27 | 000,000,288 | ---- | M] () -- C:\windows\Tasks\wavepadShakeIcon.job
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2008.08.28 00:43:30 | 000,094,208 | ---- | M] () -- C:\windows\System32\config\default.sav
[2008.08.28 00:43:30 | 000,663,552 | ---- | M] () -- C:\windows\System32\config\software.sav
[2008.08.28 00:43:30 | 000,491,520 | ---- | M] () -- C:\windows\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
[2013.05.10 10:00:49 | 000,035,144 | ---- | M] () -- C:\windows\system32\drivers\mbamchameleon.sys
< %systemroot%\system32\*.* /3 >
[2013.05.08 20:36:27 | 001,075,544 | ---- | M] () -- C:\windows\system32\nvdrsdb0.bin
[2013.05.08 20:23:39 | 001,075,544 | ---- | M] () -- C:\windows\system32\nvdrsdb1.bin
[2013.05.08 20:36:27 | 000,000,001 | ---- | M] () -- C:\windows\system32\nvdrssel.bin
[2013.05.10 07:45:59 | 000,002,206 | ---- | M] () -- C:\windows\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Seznam Postak" = "C:\Program Files\Seznam.cz\postak.exe" -s -- [2011.05.25 10:00:02 | 000,491,040 | ---- | M] ()
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -- [2013.02.28 18:50:02 | 018,642,024 | R--- | M] (Skype Technologies S.A.)
"Adfyqemia" = "C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe" -- [2012.07.07 15:41:05 | 000,231,424 | ---- | M] ()
"ctfmon.exe" = C:\windows\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2013.04.12 13:16:10 | 000,920,472 | ---- | M] (Mozilla Corporation) MD5=6F5386A655598F71BAAB2D6B63A69D6A -- C:\Program Files\Mozilla Firefox\firefox.exe
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2008.04.14 08:52:28 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=414AFE6E8CCDE984E16D5ED08624CEC6 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
[2012.11.28 12:35:29 | 000,878,480 | ---- | M] (Opera Software) MD5=E96462DD021F65D61D3F97056C3EF236 -- C:\Program Files\Opera\opera.exe
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2013.05.10 23:18:42 | 000,000,512 | ---- | M] () MD5=0D3061C6BB8F34CDB6EC4189203F5ADE -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2003.02.11 08:29:24 | 000,120,054 | ---- | M] () -- \Documents and Settings\Václav Zíka\Dokumenty\- Záloha Flash (4 GB) [7.] -\Covers\Patterns\Cracked Emerald.pat
[2003.02.11 08:29:30 | 000,011,078 | ---- | M] () -- \Documents and Settings\Václav Zíka\Dokumenty\- Záloha Flash (4 GB) [7.] -\Covers\Textures\Cracked Cement.tex
[2012.12.18 01:05:37 | 000,103,223 | ---- | M] () -- \Documents and Settings\Václav Zíka\Dokumenty\Obrázky\Google\120th_anniversary_of_the_nutcracker_ballet-992006-hp.jpg
[2008.11.22 23:37:10 | 000,062,238 | ---- | M] () -- \Program Files\GIMP-2.0\share\gimp\2.0\patterns\cracked.pat
[1999.08.13 06:00:00 | 000,120,054 | ---- | M] () -- \Program Files\Paint Shop Pro 6\Patterns\Cracked Emerald.pat
[1999.08.13 06:00:00 | 000,011,078 | ---- | M] () -- \Program Files\Paint Shop Pro 6\Textures\Cracked Cement.tex
< *keygen* /s >
[1999.07.06 17:23:10 | 000,073,770 | ---- | M] () -- \Program Files\IronWare Communication\IW FTPort Client\Keygen.exe
< *loader* /s >
[2012.12.04 18:00:50 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.12.04 18:00:50 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2012.12.04 18:00:50 | 000,009,772 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\retina\loader@2x.png
[2012.07.06 12:24:36 | 000,008,386 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\backup\FreeYTVDownloader\FreeYTVDownloaderProfile.xml
[2013.01.25 19:45:02 | 000,003,704 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\FreeYTVDownloader\FreeYTVDownloaderProfile.xml
[2013.03.03 11:54:51 | 000,059,788 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\logs\FreeYTVDownloader.log
[2013.03.03 11:37:31 | 000,143,346 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\logs\FreeYTVDownloader_install.txt
[2013.03.03 11:34:38 | 002,264,724 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\logs\FreeYTVDownloader_v1.log
[2013.03.03 11:38:42 | 000,105,682 | ---- | M] () -- \Documents and Settings\Václav Zíka\Data aplikací\DVDVideoSoft\logs\YTVDownloader_extra1.log
[2011.03.26 16:16:32 | 003,258,368 | ---- | M] () -- \Documents and Settings\Václav Zíka\Dokumenty\Install\YoutubeDownloaderSetup_1.1.msi
[2012.10.17 15:57:39 | 000,000,214 | ---- | M] () -- \Documents and Settings\Václav Zíka\Local Settings\Data aplikací\Opera\Opera\icons\http%3A%2F%2Fstep.yourfiledownloader.com%2Fstatic%2Fa%2Fimages%2Ffavicon.png
[2012.10.17 15:57:39 | 000,000,219 | ---- | M] () -- \Documents and Settings\Václav Zíka\Local Settings\Data aplikací\Opera\Opera\icons\step.yourfiledownloader.com.idx
[2013.04.06 15:24:13 | 000,052,960 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.dll
[2013.04.06 15:24:14 | 000,232,672 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloader.exe
[2013.05.07 14:55:15 | 001,711,672 | ---- | M] () -- \Program Files\Avira\AntiVir Desktop\avwebloadergui.dll
[3 \Program Files\Avira\AntiVir Desktop\*.tmp files -> \Program Files\Avira\AntiVir Desktop\*.tmp -> ]
[2013.02.28 21:30:20 | 000,044,032 | R--- | M] () -- \Program Files\Calibre2\DLLs\PyISAPI_loader.dll
[2013.03.01 17:10:18 | 000,940,192 | ---- | M] () -- \Program Files\Common Files\DVDVideoSoft\lib\DVSVideoDownloader.dll
[2013.01.28 13:12:34 | 000,041,096 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\DVDVideoSoft.DVSVideoDownloader.dll
[2013.01.31 22:28:30 | 002,348,544 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe
[2012.12.27 18:03:02 | 000,001,020 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.xml
[2013.01.25 19:45:02 | 000,003,704 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloaderProfile.xml
[2013.01.22 21:39:36 | 000,006,223 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\FreeYTVDownloaderProfileD.xml
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\de-DE\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,045,056 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\el-GR\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\es-ES\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,040,960 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\fr-FR\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\hu-HU\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\it-IT\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,040,960 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\ja-JP\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\nl-NL\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\pl-PL\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\pt-BR\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\pt-PT\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,045,056 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\ru-RU\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\tr-TR\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\zh-CHS\FreeYTVDownloader.resources.dll
[2013.01.31 22:28:22 | 000,036,864 | ---- | M] () -- \Program Files\DVDVideoSoft\Free YouTube Download\zh-CHT\FreeYTVDownloader.resources.dll
[2008.11.07 19:06:24 | 000,000,042 | ---- | M] () -- \Program Files\GIMP-2.0\etc\gtk-2.0\gdk-pixbuf.loaders
[2011.10.17 14:10:26 | 000,071,528 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2011.11.06 11:09:52 | 000,083,816 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2009.09.28 21:48:33 | 000,006,639 | ---- | M] () -- \Program Files\OpenOffice.org 2.4\program\pythonloader.pyc
[2010.06.07 21:11:08 | 000,006,262 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2011.09.25 11:10:31 | 000,005,437 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.pyc
[2010.10.03 10:09:02 | 000,021,504 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2010.06.07 21:19:10 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2010.10.03 10:09:15 | 000,029,184 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2010.06.09 16:21:40 | 000,003,874 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2004.08.17 15:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8FF81EB0
< End of report >
Re: Prosim o preventivni kontrolu
Extras.Txt:
-------------
OTL Extras logfile created on: 10.5.2013 23:16:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Václav Zíka\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,34% Memory free
3,85 Gb Paging File | 3,09 Gb Available in Paging File | 80,28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 173,49 Gb Free Space | 58,20% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 376,07 Gb Free Space | 40,37% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 637,01 Gb Free Space | 68,38% Space Free | Partition Type: NTFS
Drive J: | 465,65 Gb Total Space | 167,69 Gb Free Space | 36,01% Space Free | Partition Type: FAT32
Computer Name: ERIN | User Name: Václav Zíka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe" = C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe:*:Enabled:IW FTPort Client -- (AEC s.r.o.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Firestorm-Release\SLVoice.exe" = C:\Program Files\Firestorm-Release\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CA9D105-113C-11D8-AB3E-000102B0F79A}" = Readiris Pro 9
"{4723F199-FA64-4233-8E6E-9FCCC95A18EE}" = Python 2.6.5
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{87CE002F-33CD-4C3A-95CA-6EC98DC1A6C3}" = calibre
"{90110405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F9697D3-DCB6-4716-A643-DFEE792F8E10}_is1" = FWSplitter 1.3
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Czech
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C910A7-0B89-4260-8845-FE221D9285E8}_is1" = PC Chrono 1.1.0.6
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}" = hp deskjet 5100
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Beta 2.1.9
"7-Zip" = 7-Zip 4.43 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adolix Split and Merge PDF_is1" = Adolix Split and Merge PDF v2.1
"AMP Font Viewer" = AMP Font Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON PERFECTION V30_V300 PHOTO Uživatelská příručka" = EPSON PERFECTION V30_V300 PHOTO Manuál
"EPSON Scanner" = EPSON Scan
"FBReader for Windows" = FBReader for Windows
"Filzip 3.0.0.0_is1" = Filzip 3.0
"Firestorm-Release" = Firestorm-Release (remove only)
"FormatFactory" = FormatFactory 3.00
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"GoldWave v5.25" = GoldWave v5.25
"GOM Player" = GOM Player
"hp print screen utility" = hp print screen utility
"ICE Book Reader Professional" = ICE Book Reader Professional
"Jass-2" = Jass-2 (remove only)
"JPEG Resampler_is1" = JPEG Resampler Vs 5.0
"jwDuplFiles_is1" = jwDuplFiles 2.0
"Ladicka" = Ladicka
"Lexicon 4.0" = Lingea Lexicon 2002
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 20.0.1 (x86 cs)" = Mozilla Firefox 20.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Renamer 3.0 by ŠtuPe" = MP3 Renamer 3.0 by ŠtuPe (pouze odstranění)
"MPE" = MyPhoneExplorer
"Multi Unpacker" = Multi Unpacker 1.0
"Mumble" = Mumble and Murmur
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Opera 12.11.1661" = Opera 12.11
"Paint Shop Pro 6.0" = Paint Shop Pro 6.0 (ESD)
"PC Translator" = PC Translator
"PDF To Word Converter_is1" = PDF To Word Converter V3.0.3
"PSPad editor_is1" = PSPad editor
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"RmTablet" = Tablet Driver With Macrokey Manager
"save2pc Light_is1" = save2pc Light 3.38
"Stamp" = Stamp ID3 Tag Editor
"STDU Viewer_is1" = STDU Viewer version 1.6.205.0
"szn-software-postak" = Seznam Pošťák (Všichni uživatelé tohoto počítače.)
"Totalcmd" = Total Commander (Remove or Repair)
"WavePad" = WavePad Sound Editor
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 3 Free 3.82
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.4.2013 18:25:16 | Computer Name = ERIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace wmplayer.exe, verze 9.0.0.4503, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 21.4.2013 20:19:08 | Computer Name = ERIN | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.5512, chybující modul
mshtml.dll, verze 6.0.2900.6357, adresa chyby 0x00072a51.
Error - 22.4.2013 12:19:00 | Computer Name = ERIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 22.4.2013 21:02:58 | Computer Name = ERIN | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.5512, chybující modul
mshtml.dll, verze 6.0.2900.6357, adresa chyby 0x0006a690.
Error - 23.4.2013 4:01:52 | Computer Name = ERIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.6359.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 24.4.2013 19:18:24 | Computer Name = ERIN | Source = Application Error | ID = 1000
Description = Chybující aplikace qavimator.exe, verze 0.0.0.0, chybující modul qavimator.exe,
verze 0.0.0.0, adresa chyby 0x0001386f.
Error - 26.4.2013 3:15:20 | Computer Name = ERIN | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.5512, chybující modul
mshtml.dll, verze 6.0.2900.6357, adresa chyby 0x0019338e.
Error - 26.4.2013 9:46:01 | Computer Name = ERIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 2.5.2013 14:31:00 | Computer Name = ERIN | Source = Application Error | ID = 1000
Description = Chybující aplikace mplayer2.exe, verze 6.4.9.1126, chybující modul
neaudio.ax, verze 1.0.4.24, adresa chyby 0x0000f327.
Error - 6.5.2013 22:01:46 | Computer Name = ERIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 7.5.2013 16:09:43 | Computer Name = ERIN | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Služba modelu COM pro zápis na disk CD (IMAPI).
Error - 7.5.2013 16:09:43 | Computer Name = ERIN | Source = Service Control Manager | ID = 7000
Description = Služba Služba modelu COM pro zápis na disk CD (IMAPI) neuspěla při
spuštění v důsledku následující chyby: %%1053
Error - 8.5.2013 19:11:53 | Computer Name = ERIN | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Služba modelu COM pro zápis na disk CD (IMAPI).
Error - 8.5.2013 19:11:53 | Computer Name = ERIN | Source = Service Control Manager | ID = 7000
Description = Služba Služba modelu COM pro zápis na disk CD (IMAPI) neuspěla při
spuštění v důsledku následující chyby: %%1053
Error - 9.5.2013 5:23:58 | Computer Name = ERIN | Source = Service Control Manager | ID = 7034
Description = Služba WTService byla neočekávaně ukončena. Tento stav nastal již
1krát.
< End of report >
-------------
OTL Extras logfile created on: 10.5.2013 23:16:16 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Václav Zíka\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,17 Gb Available Physical Memory | 58,34% Memory free
3,85 Gb Paging File | 3,09 Gb Available in Paging File | 80,28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 173,49 Gb Free Space | 58,20% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 376,07 Gb Free Space | 40,37% Space Free | Partition Type: NTFS
Drive F: | 931,51 Gb Total Space | 637,01 Gb Free Space | 68,38% Space Free | Partition Type: NTFS
Drive J: | 465,65 Gb Total Space | 167,69 Gb Free Space | 36,01% Space Free | Partition Type: FAT32
Computer Name: ERIN | User Name: Václav Zíka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe" = C:\Program Files\IronWare Communication\IW FTPort Client\Cftp32.exe:*:Enabled:IW FTPort Client -- (AEC s.r.o.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Firestorm-Release\SLVoice.exe" = C:\Program Files\Firestorm-Release\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.2.4902
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{311F799A-FCE9-4D9E-B5D2-CBB8859B40BB}" = Microsoft XNA Framework Redistributable 1.0 Refresh
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CA9D105-113C-11D8-AB3E-000102B0F79A}" = Readiris Pro 9
"{4723F199-FA64-4233-8E6E-9FCCC95A18EE}" = Python 2.6.5
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{531F0013-964C-4BE6-B382-4117DC8BCDF9}" = ArcSoft MediaImpression
"{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{87CE002F-33CD-4C3A-95CA-6EC98DC1A6C3}" = calibre
"{90110405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F9697D3-DCB6-4716-A643-DFEE792F8E10}_is1" = FWSplitter 1.3
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}" = Epson Copy Utility 3.5
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Czech
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.3
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C910A7-0B89-4260-8845-FE221D9285E8}_is1" = PC Chrono 1.1.0.6
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"{FEDA56C4-82F3-46DD-8B50-FC592BBE1C0D}" = hp deskjet 5100
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Beta 2.1.9
"7-Zip" = 7-Zip 4.43 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adolix Split and Merge PDF_is1" = Adolix Split and Merge PDF v2.1
"AMP Font Viewer" = AMP Font Viewer
"Avira AntiVir Desktop" = Avira Free Antivirus
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON PERFECTION V30_V300 PHOTO Uživatelská příručka" = EPSON PERFECTION V30_V300 PHOTO Manuál
"EPSON Scanner" = EPSON Scan
"FBReader for Windows" = FBReader for Windows
"Filzip 3.0.0.0_is1" = Filzip 3.0
"Firestorm-Release" = Firestorm-Release (remove only)
"FormatFactory" = FormatFactory 3.00
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download version 3.2.0.128
"GoldWave v5.25" = GoldWave v5.25
"GOM Player" = GOM Player
"hp print screen utility" = hp print screen utility
"ICE Book Reader Professional" = ICE Book Reader Professional
"Jass-2" = Jass-2 (remove only)
"JPEG Resampler_is1" = JPEG Resampler Vs 5.0
"jwDuplFiles_is1" = jwDuplFiles 2.0
"Ladicka" = Ladicka
"Lexicon 4.0" = Lingea Lexicon 2002
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MixPad" = MixPad Audio Mixer
"Monkey's Audio_is1" = Monkey's Audio
"Mozilla Firefox 20.0.1 (x86 cs)" = Mozilla Firefox 20.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP3 Renamer 3.0 by ŠtuPe" = MP3 Renamer 3.0 by ŠtuPe (pouze odstranění)
"MPE" = MyPhoneExplorer
"Multi Unpacker" = Multi Unpacker 1.0
"Mumble" = Mumble and Murmur
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Opera 12.11.1661" = Opera 12.11
"Paint Shop Pro 6.0" = Paint Shop Pro 6.0 (ESD)
"PC Translator" = PC Translator
"PDF To Word Converter_is1" = PDF To Word Converter V3.0.3
"PSPad editor_is1" = PSPad editor
"RealAlt_is1" = Real Alternative 1.9.0 Lite
"RmTablet" = Tablet Driver With Macrokey Manager
"save2pc Light_is1" = save2pc Light 3.38
"Stamp" = Stamp ID3 Tag Editor
"STDU Viewer_is1" = STDU Viewer version 1.6.205.0
"szn-software-postak" = Seznam Pošťák (Všichni uživatelé tohoto počítače.)
"Totalcmd" = Total Commander (Remove or Repair)
"WavePad" = WavePad Sound Editor
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.3
"WinRAR archiver" = WinRAR
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 3 Free 3.82
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1614895754-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.4.2013 18:25:16 | Computer Name = ERIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace wmplayer.exe, verze 9.0.0.4503, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 21.4.2013 20:19:08 | Computer Name = ERIN | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.5512, chybující modul
mshtml.dll, verze 6.0.2900.6357, adresa chyby 0x00072a51.
Error - 22.4.2013 12:19:00 | Computer Name = ERIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 22.4.2013 21:02:58 | Computer Name = ERIN | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.5512, chybující modul
mshtml.dll, verze 6.0.2900.6357, adresa chyby 0x0006a690.
Error - 23.4.2013 4:01:52 | Computer Name = ERIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.6359.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 24.4.2013 19:18:24 | Computer Name = ERIN | Source = Application Error | ID = 1000
Description = Chybující aplikace qavimator.exe, verze 0.0.0.0, chybující modul qavimator.exe,
verze 0.0.0.0, adresa chyby 0x0001386f.
Error - 26.4.2013 3:15:20 | Computer Name = ERIN | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.5512, chybující modul
mshtml.dll, verze 6.0.2900.6357, adresa chyby 0x0019338e.
Error - 26.4.2013 9:46:01 | Computer Name = ERIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 2.5.2013 14:31:00 | Computer Name = ERIN | Source = Application Error | ID = 1000
Description = Chybující aplikace mplayer2.exe, verze 6.4.9.1126, chybující modul
neaudio.ax, verze 1.0.4.24, adresa chyby 0x0000f327.
Error - 6.5.2013 22:01:46 | Computer Name = ERIN | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 7.5.2013 16:09:43 | Computer Name = ERIN | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Služba modelu COM pro zápis na disk CD (IMAPI).
Error - 7.5.2013 16:09:43 | Computer Name = ERIN | Source = Service Control Manager | ID = 7000
Description = Služba Služba modelu COM pro zápis na disk CD (IMAPI) neuspěla při
spuštění v důsledku následující chyby: %%1053
Error - 8.5.2013 19:11:53 | Computer Name = ERIN | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Služba modelu COM pro zápis na disk CD (IMAPI).
Error - 8.5.2013 19:11:53 | Computer Name = ERIN | Source = Service Control Manager | ID = 7000
Description = Služba Služba modelu COM pro zápis na disk CD (IMAPI) neuspěla při
spuštění v důsledku následující chyby: %%1053
Error - 9.5.2013 5:23:58 | Computer Name = ERIN | Source = Service Control Manager | ID = 7034
Description = Služba WTService byla neočekávaně ukončena. Tento stav nastal již
1krát.
< End of report >
Re: Prosim o preventivni kontrolu
Spustte znovu OTL
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
:otl DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\VCLAVZ~1\LOCALS~1\Temp\CFcatchme.sys -- (CFcatchme) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKU\S-1-5-21-1614895754-2052111302-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_CZ&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^CZ&apn_uid=2bc753bd-c1d0-4d2e-8bee-b06e38654255&apn_sauid=97FA61AE-E7A1-4139-B608-16FF9A627DBC FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... vc1dmo.cab (Reg Error: Key error.) O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.) O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} http://www.earn2life.com/plugin/Earn2Life.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found [2013.05.09 01:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Woalxy [2013.05.09 01:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko [2013.05.09 01:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Luom [2010.12.06 01:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\Mumble [2012.06.19 19:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy [20 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ] [2012.07.07 15:41:05 | 000,231,424 | ---- | M] () -- C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe [2012.04.20 19:08:46 | 005,837,432 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy\F6368568F7CA49CBA37CA6970818A214\speedupmypcROW.exe [2013.05.10 23:18:00 | 000,000,914 | ---- | M] () -- C:\windows\Tasks\Adobe Flash Player Updater.job [2013.05.10 13:49:00 | 000,000,936 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineCore.job [2013.05.10 22:49:00 | 000,000,940 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskMachineUA.job [2013.04.25 23:55:02 | 000,000,284 | ---- | M] () -- C:\windows\Tasks\mixpadShakeIcon.job [2013.04.27 21:18:05 | 000,000,280 | ---- | M] () -- C:\windows\Tasks\stampShakeIcon.job [2013.04.11 13:36:27 | 000,000,288 | ---- | M] () -- C:\windows\Tasks\wavepadShakeIcon.job @Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8FF81EB0 :reg [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Seznam Postak"=- "Skype"=- "Adfyqemia"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"=- "NeroFilterCheck"=- "QuickTime Task"=- "Adobe ARM"=- "SunJavaUpdateSched"=- [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"=- :files %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH] [EMPTYJAVA]- Nasledne kliknete na Opravit
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosim o preventivni kontrolu
All processes killed
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service CFcatchme stopped successfully!
Service CFcatchme deleted successfully!
File C:\DOCUME~1\VCLAVZ~1\LOCALS~1\Temp\CFcatchme.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
HKEY_USERS\S-1-5-21-1614895754-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1614895754-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {41564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {93344865-74BD-4873-BE65-56539D41A65C}
C:\WINDOWS\Downloaded Program Files\Earn2Life.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{93344865-74BD-4873-BE65-56539D41A65C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93344865-74BD-4873-BE65-56539D41A65C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{93344865-74BD-4873-BE65-56539D41A65C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93344865-74BD-4873-BE65-56539D41A65C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
C:\Documents and Settings\Václav Zíka\Data aplikací\Woalxy folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\Luom folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\Mumble\Plugins folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\Mumble folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy\OpenCandy_F6368568F7CA49CBA37CA6970818A214 folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy\F6368568F7CA49CBA37CA6970818A214 folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP105.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10E.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11F.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP128.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15D.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15F.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP160.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP180.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BC.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F2.tmp\System.dll deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F2.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP225.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP257.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27F.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP36.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38C.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46A.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP508.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP53.tmp folder deleted successfully.
File C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe not found.
File C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy\F6368568F7CA49CBA37CA6970818A214\speedupmypcROW.exe not found.
C:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\windows\Tasks\mixpadShakeIcon.job moved successfully.
C:\windows\Tasks\stampShakeIcon.job moved successfully.
C:\windows\Tasks\wavepadShakeIcon.job moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8FF81EB0 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Seznam Postak deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adfyqemia deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RemoteControl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
========== COMMANDS ==========
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 194218 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Václav Zíka
->Temp folder emptied: 2111808 bytes
->Temporary Internet Files folder emptied: 20163064 bytes
->Java cache emptied: 917877 bytes
->FireFox cache emptied: 93593451 bytes
->Opera cache emptied: 55422698 bytes
->Flash cache emptied: 998 bytes
User: Václav ZÃka
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 812129 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 165,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: UpdatusUser
User: Václav Zíka
->Flash cache emptied: 0 bytes
User: Václav ZÃka
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: UpdatusUser
User: Václav Zíka
->Java cache emptied: 0 bytes
User: Václav ZÃka
Total Java Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05112013_081548
Files\Folders moved on Reboot...
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service CFcatchme stopped successfully!
Service CFcatchme deleted successfully!
File C:\DOCUME~1\VCLAVZ~1\LOCALS~1\Temp\CFcatchme.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
HKEY_USERS\S-1-5-21-1614895754-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1614895754-2052111302-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {41564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {93344865-74BD-4873-BE65-56539D41A65C}
C:\WINDOWS\Downloaded Program Files\Earn2Life.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{93344865-74BD-4873-BE65-56539D41A65C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93344865-74BD-4873-BE65-56539D41A65C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{93344865-74BD-4873-BE65-56539D41A65C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{93344865-74BD-4873-BE65-56539D41A65C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
C:\Documents and Settings\Václav Zíka\Data aplikací\Woalxy folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\Luom folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\Mumble\Plugins folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\Mumble folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy\OpenCandy_F6368568F7CA49CBA37CA6970818A214 folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy\F6368568F7CA49CBA37CA6970818A214 folder moved successfully.
C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy folder moved successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP105.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10E.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11F.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP128.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15D.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15F.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP160.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP180.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1BC.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F2.tmp\System.dll deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F2.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP225.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP257.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27F.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP36.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38C.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP41.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46A.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP508.tmp folder deleted successfully.
C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP53.tmp folder deleted successfully.
File C:\Documents and Settings\Václav Zíka\Data aplikací\Noxoko\axanl.exe not found.
File C:\Documents and Settings\Václav Zíka\Data aplikací\OpenCandy\F6368568F7CA49CBA37CA6970818A214\speedupmypcROW.exe not found.
C:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\windows\Tasks\mixpadShakeIcon.job moved successfully.
C:\windows\Tasks\stampShakeIcon.job moved successfully.
C:\windows\Tasks\wavepadShakeIcon.job moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:8FF81EB0 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Seznam Postak deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adfyqemia deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\RemoteControl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List not found.
========== FILES ==========
File/Folder C:\windows\system32\*.tmp.dll not found.
File/Folder C:\windows\system32\SET*.tmp not found.
File/Folder C:\windows\*.tmp not found.
========== COMMANDS ==========
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 194218 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Václav Zíka
->Temp folder emptied: 2111808 bytes
->Temporary Internet Files folder emptied: 20163064 bytes
->Java cache emptied: 917877 bytes
->FireFox cache emptied: 93593451 bytes
->Opera cache emptied: 55422698 bytes
->Flash cache emptied: 998 bytes
User: Václav ZÃka
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 812129 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 165,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: UpdatusUser
User: Václav Zíka
->Flash cache emptied: 0 bytes
User: Václav ZÃka
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: UpdatusUser
User: Václav Zíka
->Java cache emptied: 0 bytes
User: Václav ZÃka
Total Java Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 05112013_081548
Files\Folders moved on Reboot...
File move failed. C:\windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Přispějete na provoz fóra?
