který nejde sestřelit. Potřeboval bych aby to ještě nějakou dobu vydrželo.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kristián Vrhel at 2014-05-02 21:25:26
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 129 GB (42%) free of 305 GB
Total RAM: 3327 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:26:00, on 2.5.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbService.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\WINDOWS\System32\svchost.exe
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\firefox.exe
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\plugin-container.exe
C:\Documents and Settings\Kristián Vrhel\Plocha\Security etc\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Kristián Vrhel.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microtek Scanner Finder.lnk
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 10\cbService.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7641 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\GoforFilesUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003UA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Program spuštěný službou UPS před vypnutím systému.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}:3.0.3.18, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 12.0.0.77 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\plugins\
npexview.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\extensions\
PrivDog@AdTrustMedia.com
{20a82645-c095-46ed-80e3-08825760534b}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-03-29 2176000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-30 19523616]
""= []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1225944]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-03-27 3854640]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-14 1603152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-26 652624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search - Home]
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2013-01-28 1692200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
C:\PROGRA~1\PIXELA\IMAGEM~1\CAMERA~1.EXE [2008-02-08 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kristián Vrhel^Nabídka Start^Programy^Po spuštění^Spamihilator.lnk]
C:\Program Files\Spamihilator\spamihilator.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent.exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent.exe:*:Enabled:µTorrent"
"C:\torent\utorrent.exe"="C:\torent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\uTorrent(1).exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\uTorrent(1).exe:*:Enabled:µTorrent"
"C:\Program Files\GoforFiles\goforfilesdl.exe"="C:\Program Files\GoforFiles\goforfilesdl.exe:*:Enabled:GoforFiles"
"C:\Program Files\GoforFiles\GoforFiles.exe"="C:\Program Files\GoforFiles\GoforFiles.exe:*:Enabled:GoforFiles"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent(2).exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent(2).exe:*:Enabled:µTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=vdrcodec.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MJPG"=Pvmjpg30.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.CSCD"=camcodec.dll
"msacm.dvacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
======List of files/folders created in the last 1 month======
2014-05-02 21:25:26 ----D---- C:\rsit
2014-05-02 21:19:11 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2014-05-02 21:19:07 ----A---- C:\WINDOWS\avastSS.scr
2014-04-18 09:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-04-05 22:11:48 ----D---- C:\Program Files\AdTrustMedia
2014-04-05 22:11:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adtrustmedia
======List of files/folders modified in the last 1 month======
2014-05-02 21:19:35 ----D---- C:\WINDOWS\Temp
2014-05-02 21:19:15 ----SD---- C:\WINDOWS\Tasks
2014-05-02 21:19:11 ----D---- C:\WINDOWS\system32\drivers
2014-05-02 21:19:09 ----D---- C:\WINDOWS
2014-05-02 21:19:07 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-05-02 21:18:41 ----D---- C:\WINDOWS\Prefetch
2014-05-02 21:16:40 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-02 21:15:31 ----D---- C:\WINDOWS\system32
2014-05-02 21:15:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-04-29 22:09:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-04-29 21:39:16 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-18 10:07:16 ----RD---- C:\Program Files
2014-04-18 09:22:47 ----SHD---- C:\WINDOWS\Installer
2014-04-18 09:03:27 ----HD---- C:\WINDOWS\inf
2014-04-18 09:03:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-18 09:00:48 ----D---- C:\WINDOWS\system32\MRT
2014-04-18 09:00:40 ----A---- C:\WINDOWS\system32\MRT.exe
2014-04-18 09:00:33 ----A---- C:\WINDOWS\imsins.BAK
2014-04-18 09:00:23 ----D---- C:\Program Files\Internet Explorer
2014-04-18 09:00:14 ----D---- C:\WINDOWS\ie8updates
2014-04-13 20:03:17 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-04-06 23:01:32 ----D---- C:\Program Files\Mozilla Thunderbird
2014-04-06 17:18:00 ----D---- C:\Config.Msi
2014-04-05 22:11:24 ----D---- C:\WINDOWS\system32\config
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-05-02 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-05-02 180632]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2014-04-16 104920]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-01-18 64160]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-05-02 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-05-02 776976]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-05-02 411552]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-05-02 57672]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\system32\drivers\cmderd.sys [2014-04-16 15704]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2014-04-16 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2014-04-16 29912]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 NmPar;MosChip PCI Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2007-06-04 76416]
R1 nmserial;MosChip PCI Serial Port; C:\WINDOWS\system32\DRIVERS\nmserial.sys [2007-06-04 60032]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-05-02 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-05-02 67824]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-30 6032928]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-14 63744]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys [2013-02-07 16024]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 APC Data Service;APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-03-27 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-04-16 5306504]
R2 CobianBackup10;Cobian Backup 10; C:\Program Files\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
R2 DirMngr;DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [2013-05-28 218112]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-03-29 487424]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-30 119408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S4 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2013-02-07 1223704]
S4 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2013-02-07 660504]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalé nabíhání, neznámý program s dlouhým číselným názvem,
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé nabíhání, neznámý program s dlouhým číselným názv
Zdravím!
Spusťte nejprve tuto utilitu:
Spusťte nejprve tuto utilitu:
Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé nabíhání, neznámý program s dlouhým číselným názv
Dobrý večer
Provedeno celkem 2*, vždy tento průběh: scan, clean, pak žádost, že se to musí restartovat a že log bude po restartu. Po restartu se to nespustí. (Tedy alespoň ani po delší době jsem si ničeho nevšiml)
Provedeno celkem 2*, vždy tento průběh: scan, clean, pak žádost, že se to musí restartovat a že log bude po restartu. Po restartu se to nespustí. (Tedy alespoň ani po delší době jsem si ničeho nevšiml)
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé nabíhání, neznámý program s dlouhým číselným názv
OK. Dejte nový log RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé nabíhání, neznámý program s dlouhým číselným názv
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-05-2014
Ran by Kristián Vrhel (administrator) on KRISTI-0D685CD2 on 02-05-2014 22:37:14
Running from C:\Documents and Settings\Kristián Vrhel\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 10\cbVSCService.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 10\cbService.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Crawler.com) C:\Program Files\Spyware Terminator\sp_rsser.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
() C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Mozilla Corporation) D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\firefox.exe
(Mozilla Corporation) D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SpywareTerminator] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2176000 2009-03-29] (Crawler.com)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-04-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3873704 2014-05-02] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microtek Scanner Finder.lnk
ShortcutTarget: Microtek Scanner Finder.lnk -> C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {330CB7BB-90B5-4F4F-85E2-8E6E0EDDFF1C} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No File
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll (Lizardtech Software)
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll (Lizardtech Software)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npexview.dll (Lizardtech Software)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: PrivDog - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\PrivDog@AdTrustMedia.com [2014-04-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-22]
FF Extension: DownloadHelper - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Add Bookmark Here ² - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\abhere2@moztw.org.xpi [2013-04-12]
FF Extension: Flat Bookmarks - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\flatbm@xuldev.org.xpi [2013-04-12]
FF Extension: Locator - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}.xpi [2013-01-28]
FF Extension: Web Developer - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-01-05]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-27]
FF HKCU\...\Firefox\Extensions: [{57319509-7821-41B0-9FDF-3B58F146AE33}] - c:\program files\copernic desktop search - home\firefoxconnector
FF Extension: Copernic Desktop Search - Search Firefox content - c:\program files\copernic desktop search - home\firefoxconnector [2009-02-09]
FF StartMenuInternet: FIREFOX.EXE - D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\Application\32.0.1700.76\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Express View) - D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\plugins\npexview.dll (Lizardtech Software)
CHR Plugin: (Google Update) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Update\1.2.183.29\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (PrivDog) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-04-05]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR HKLM\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-05]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-12-01] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-05-02] (AVAST Software)
R2 cbVSCService; C:\Program Files\Cobian Backup 10\cbVSCService.exe [67584 2010-09-23] (CobianSoft, Luis Cobian)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
R2 CobianBackup10; C:\Program Files\Cobian Backup 10\cbService.exe [1125376 2010-09-23] (Luis Cobian, CobianSoft)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()
S4 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
S4 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 sp_rssrv; C:\Program Files\Spyware Terminator\sp_rsser.exe [487424 2009-03-29] (Crawler.com)
==================== Drivers (Whitelisted) ====================
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-02] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-05-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-05-02] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-02] ()
R1 cmderd; C:\WINDOWS\system32\Drivers\cmderd.sys [15704 2014-04-16] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [607448 2014-04-16] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [29912 2014-04-16] (COMODO)
S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] ()
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [104920 2014-04-16] (COMODO)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-06-25] (Atheros Communications, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-01-18] (Lavasoft AB)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
R3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-14] (Microsoft Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R1 NmPar; C:\WINDOWS\System32\DRIVERS\NmPar.sys [76416 2007-06-04] (Windows (R) 2000 DDK provider)
R1 nmserial; C:\WINDOWS\System32\DRIVERS\nmserial.sys [60032 2007-06-04] (Windows (R) 2000 DDK provider)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2009-03-29] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-02 22:37 - 2014-05-02 22:37 - 00016441 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\FRST.txt
2014-05-02 22:37 - 2014-05-02 22:37 - 00000000 ____D () C:\FRST
2014-05-02 22:36 - 2014-05-02 22:36 - 00015327 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\LM.bat
2014-05-02 22:34 - 2014-05-02 22:34 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Kristián Vrhel\Plocha\FRSTLauncher.exe
2014-05-02 22:32 - 2014-05-02 22:32 - 01050624 _____ (Farbar) C:\Documents and Settings\Kristián Vrhel\Plocha\FRST.exe
2014-05-02 21:52 - 2014-05-02 21:53 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Data aplikací\DropboxMaster
2014-05-02 21:52 - 2014-05-02 21:52 - 00000000 ____D () C:\Program Files\Dropbox
2014-05-02 21:52 - 2014-05-02 21:52 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Nabídka Start\Programy\Dropbox
2014-05-02 21:51 - 2014-05-02 21:53 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox
2014-05-02 21:50 - 2014-05-02 21:51 - 36818984 _____ (Dropbox, Inc.) C:\Documents and Settings\All Users\Plocha\DropboxInstallerAvast.exe
2014-05-02 21:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-02 21:41 - 2014-05-02 21:59 - 00000000 ____D () C:\AdwCleaner
2014-05-02 21:38 - 2014-05-02 21:38 - 01310621 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\adwcleaner.exe
2014-05-02 21:25 - 2014-05-02 21:26 - 00000000 ____D () C:\rsit
2014-05-02 21:19 - 2014-05-02 21:19 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-02 21:19 - 2014-05-02 21:19 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-02 21:11 - 2014-05-02 22:01 - 00000021 _____ () C:\WINDOWS\S.dirmngr
2014-04-18 09:03 - 2014-04-18 09:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-18 08:58 - 2014-04-18 09:00 - 00011642 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-13 20:06 - 2014-04-18 09:03 - 00012849 _____ () C:\WINDOWS\KB2922229.log
2014-04-06 17:12 - 2014-05-02 22:02 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-05 22:12 - 2014-04-05 22:12 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\AdTrustMedia
2014-04-05 22:11 - 2014-05-02 22:00 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Adtrustmedia
2014-04-05 22:05 - 2014-04-05 22:05 - 00007650 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\hijackthis.log
==================== One Month Modified Files and Folders =======
2014-05-02 22:37 - 2014-05-02 22:37 - 00016441 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\FRST.txt
2014-05-02 22:37 - 2014-05-02 22:37 - 00000000 ____D () C:\FRST
2014-05-02 22:37 - 2009-01-25 16:47 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Plocha
2014-05-02 22:36 - 2014-05-02 22:36 - 00015327 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\LM.bat
2014-05-02 22:36 - 2012-04-10 22:31 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-02 22:36 - 2009-01-25 16:47 - 00000000 ___HD () C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací
2014-05-02 22:34 - 2014-05-02 22:34 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Kristián Vrhel\Plocha\FRSTLauncher.exe
2014-05-02 22:34 - 2009-11-17 22:45 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory
2014-05-02 22:32 - 2014-05-02 22:32 - 01050624 _____ (Farbar) C:\Documents and Settings\Kristián Vrhel\Plocha\FRST.exe
2014-05-02 22:32 - 2013-03-13 01:46 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-05-02 22:15 - 2009-06-30 19:55 - 00001062 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003UA.job
2014-05-02 22:15 - 2009-03-12 02:09 - 00002330 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\Google Chrome.lnk
2014-05-02 22:07 - 2012-07-06 13:12 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-02 22:05 - 2009-01-25 17:37 - 00690568 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-02 22:03 - 2009-01-25 16:43 - 01751975 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-02 22:02 - 2014-04-06 17:12 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-05-02 22:01 - 2014-05-02 21:11 - 00000021 _____ () C:\WINDOWS\S.dirmngr
2014-05-02 22:01 - 2014-03-30 10:42 - 00000240 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-05-02 22:01 - 2009-01-25 17:39 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-02 22:01 - 2009-01-25 17:39 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-05-02 22:01 - 2008-04-14 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-02 22:00 - 2014-04-05 22:11 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-05-02 22:00 - 2009-01-25 16:46 - 00032476 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-02 22:00 - 2009-01-25 16:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-02 22:00 - 2008-12-01 22:11 - 00069112 _____ () C:\WINDOWS\system32\ativvaxx.cap
2014-05-02 21:59 - 2014-05-02 21:41 - 00000000 ____D () C:\AdwCleaner
2014-05-02 21:59 - 2009-01-25 16:47 - 00000178 ___SH () C:\Documents and Settings\Kristián Vrhel\ntuser.ini
2014-05-02 21:53 - 2014-05-02 21:52 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Data aplikací\DropboxMaster
2014-05-02 21:53 - 2014-05-02 21:51 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox
2014-05-02 21:52 - 2014-05-02 21:52 - 00000000 ____D () C:\Program Files\Dropbox
2014-05-02 21:52 - 2014-05-02 21:52 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Nabídka Start\Programy\Dropbox
2014-05-02 21:52 - 2009-05-14 12:03 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Nabídka Start\Programy
2014-05-02 21:52 - 2009-01-25 16:47 - 00000000 __RHD () C:\Documents and Settings\Kristián Vrhel\Data aplikací
2014-05-02 21:51 - 2014-05-02 21:50 - 36818984 _____ (Dropbox, Inc.) C:\Documents and Settings\All Users\Plocha\DropboxInstallerAvast.exe
2014-05-02 21:51 - 2009-01-25 17:36 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-05-02 21:42 - 2009-02-08 23:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-02 21:42 - 2009-01-25 17:36 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-05-02 21:38 - 2014-05-02 21:38 - 01310621 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\adwcleaner.exe
2014-05-02 21:36 - 2012-04-10 22:31 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-02 21:36 - 2011-05-24 22:27 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-02 21:26 - 2014-05-02 21:25 - 00000000 ____D () C:\rsit
2014-05-02 21:19 - 2014-05-02 21:19 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-02 21:19 - 2014-05-02 21:19 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-02 21:19 - 2014-03-27 23:04 - 00001750 _____ () C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
2014-05-02 21:19 - 2013-03-05 23:01 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-05-02 21:19 - 2013-03-05 23:01 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-05-02 21:19 - 2013-03-05 23:01 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-05-02 21:19 - 2011-05-27 17:05 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-05-02 21:19 - 2009-02-08 23:01 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-05-02 21:19 - 2009-02-08 23:01 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-05-02 21:19 - 2009-02-08 23:01 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-05-02 21:19 - 2009-02-08 23:01 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-04-20 10:12 - 2009-06-30 19:55 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003Core.job
2014-04-18 14:47 - 2013-07-28 21:05 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Corel
2014-04-18 14:24 - 2013-07-28 21:14 - 00003140 ___SH () C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
2014-04-18 14:24 - 2013-07-28 21:05 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Dokumenty\My PSP Files
2014-04-18 09:14 - 2009-01-25 16:47 - 00000000 ___RD () C:\Documents and Settings\Kristián Vrhel\Dokumenty\Obrázky
2014-04-18 09:03 - 2014-04-18 09:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-18 09:03 - 2014-04-13 20:06 - 00012849 _____ () C:\WINDOWS\KB2922229.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00059846 _____ () C:\WINDOWS\iis6.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00055648 _____ () C:\WINDOWS\FaxSetup.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00026604 _____ () C:\WINDOWS\ocgen.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00025393 _____ () C:\WINDOWS\tsoc.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00018676 _____ () C:\WINDOWS\comsetup.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00017330 _____ () C:\WINDOWS\msmqinst.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00011295 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00009747 _____ () C:\WINDOWS\netfxocm.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00003825 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00003474 _____ () C:\WINDOWS\ocmsn.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00002799 _____ () C:\WINDOWS\tabletoc.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00002781 _____ () C:\WINDOWS\msgsocm.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-18 09:03 - 2013-09-01 09:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-18 09:00 - 2014-04-18 08:58 - 00011642 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-18 09:00 - 2014-03-02 23:22 - 00009228 _____ () C:\WINDOWS\updspapi.log
2014-04-18 09:00 - 2014-03-02 23:21 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-04-18 09:00 - 2012-03-17 02:06 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-18 09:00 - 2009-02-09 00:36 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-16 23:12 - 2013-01-16 20:51 - 00607448 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdGuard.sys
2014-04-16 23:12 - 2013-01-16 20:51 - 00104920 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2014-04-16 23:12 - 2013-01-16 20:51 - 00029912 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2014-04-16 23:12 - 2013-01-16 20:51 - 00015704 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2014-04-13 20:03 - 2012-06-26 23:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-06 23:01 - 2014-03-28 00:26 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-06 17:17 - 2011-12-25 14:20 - 00000956 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 17:17 - 2011-12-25 14:20 - 00000952 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 00:21 - 2013-06-26 16:41 - 00002072 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2014-04-05 22:12 - 2014-04-05 22:12 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\AdTrustMedia
2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Adtrustmedia
2014-04-05 22:05 - 2014-04-05 22:05 - 00007650 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\hijackthis.log
2014-04-05 22:00 - 2014-03-30 10:42 - 00000234 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
Files to move or delete:
====================
C:\Documents and Settings\Kristián Vrhel\en_res.dll
C:\Documents and Settings\Kristián Vrhel\es_res.dll
C:\Documents and Settings\Kristián Vrhel\fr_res.dll
C:\Documents and Settings\Kristián Vrhel\grm_res.dll
C:\Documents and Settings\Kristián Vrhel\it_res.dll
C:\Documents and Settings\Kristián Vrhel\jp_res.dll
C:\Documents and Settings\Kristián Vrhel\mfc80u.dll
C:\Documents and Settings\Kristián Vrhel\msvcr80.dll
C:\Documents and Settings\Kristián Vrhel\PCPE Setup.exe
C:\Documents and Settings\Kristián Vrhel\pt_res.dll
C:\Documents and Settings\Kristián Vrhel\ResourceReader.dll
C:\Documents and Settings\Kristián Vrhel\ru_res.dll
C:\Documents and Settings\Kristián Vrhel\zh_res.dll
Some content of TEMP:
====================
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\7415nua.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\appshat-distribution.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\BabylonTB.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8rk3yq.dll
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\FreeZip920.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\htmlayout.dll
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\KMP_3.6.0.87.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\LemurLeap_sm.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\PIPInstaller_PTV_.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\toolbar16436859.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\toolbar16447109.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\uninstall29045843.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\uninstall29053671.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\uninstall29053703.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\WiEqPJdSJAeyyhsGNcfJ.DLL
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1
C:\WINDOWS\system32\winlogon.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea
C:\WINDOWS\system32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93
C:\WINDOWS\system32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7
C:\WINDOWS\system32\User32.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53
C:\WINDOWS\system32\userinit.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 14:00] - [2008-04-14 14:00] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1
==================== End Of Log ============================
Ran by Kristián Vrhel (administrator) on KRISTI-0D685CD2 on 02-05-2014 22:37:14
Running from C:\Documents and Settings\Kristián Vrhel\Plocha
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files\Cobian Backup 10\cbVSCService.exe
(Luis Cobian, CobianSoft) C:\Program Files\Cobian Backup 10\cbService.exe
(Crawler.com) C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Crawler.com) C:\Program Files\Spyware Terminator\sp_rsser.exe
(Schneider Electric) C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
() C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Mozilla Corporation) D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\firefox.exe
(Mozilla Corporation) D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\plugin-container.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [SpywareTerminator] => C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2176000 2009-03-29] (Crawler.com)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-04-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\Alwil Software\Avast5\AvastUI.exe [3873704 2014-05-02] (AVAST Software)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microtek Scanner Finder.lnk
ShortcutTarget: Microtek Scanner Finder.lnk -> C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {330CB7BB-90B5-4F4F-85E2-8E6E0EDDFF1C} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No File
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll (Lizardtech Software)
Handler: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll (Lizardtech Software)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npexview.dll (Lizardtech Software)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: PrivDog - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\PrivDog@AdTrustMedia.com [2014-04-20]
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010-05-22]
FF Extension: DownloadHelper - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Add Bookmark Here ² - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\abhere2@moztw.org.xpi [2013-04-12]
FF Extension: Flat Bookmarks - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\flatbm@xuldev.org.xpi [2013-04-12]
FF Extension: Locator - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3fff}.xpi [2013-01-28]
FF Extension: Web Developer - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-01-05]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010-10-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-27]
FF HKCU\...\Firefox\Extensions: [{57319509-7821-41B0-9FDF-3B58F146AE33}] - c:\program files\copernic desktop search - home\firefoxconnector
FF Extension: Copernic Desktop Search - Search Firefox content - c:\program files\copernic desktop search - home\firefoxconnector [2009-02-09]
FF StartMenuInternet: FIREFOX.EXE - D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\Application\32.0.1700.76\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\Application\32.0.1700.76\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Express View) - D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\plugins\npexview.dll (Lizardtech Software)
CHR Plugin: (Google Update) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Update\1.2.183.29\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (PrivDog) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja [2014-04-05]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR HKLM\...\Chrome\Extension: [cmaiofennmphjldldcpphcechfnnohja] - C:\Program Files\AdTrustMedia\PrivDog\PrivDog_chrome.crx [2014-04-05]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)
R2 APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-12-01] ()
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [50344 2014-05-02] (AVAST Software)
R2 cbVSCService; C:\Program Files\Cobian Backup 10\cbVSCService.exe [67584 2010-09-23] (CobianSoft, Luis Cobian)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96370 2007-01-31] (Canon Inc.)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
R2 CobianBackup10; C:\Program Files\Cobian Backup 10\cbService.exe [1125376 2010-09-23] (Luis Cobian, CobianSoft)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [218112 2013-05-28] ()
S4 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH)
S4 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1223704 2013-02-07] (Secunia)
S4 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [660504 2013-02-07] (Secunia)
R2 sp_rssrv; C:\Program Files\Spyware Terminator\sp_rsser.exe [487424 2009-03-29] (Crawler.com)
==================== Drivers (Whitelisted) ====================
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-05-02] ()
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-05-02] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-05-02] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-05-02] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [776976 2014-05-02] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [411552 2014-05-02] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-05-02] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180632 2014-05-02] ()
R1 cmderd; C:\WINDOWS\system32\Drivers\cmderd.sys [15704 2014-04-16] (COMODO)
R1 cmdGuard; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [607448 2014-04-16] (COMODO)
R1 cmdHlp; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [29912 2014-04-16] (COMODO)
S3 FreshIO; C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] ()
R0 Inspect; C:\WINDOWS\System32\DRIVERS\inspect.sys [104920 2014-04-16] (COMODO)
R3 L1e; C:\WINDOWS\System32\DRIVERS\l1e51x86.sys [36864 2008-06-25] (Atheros Communications, Inc.)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-01-18] (Lavasoft AB)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH)
R3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-14] (Microsoft Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R1 NmPar; C:\WINDOWS\System32\DRIVERS\NmPar.sys [76416 2007-06-04] (Windows (R) 2000 DDK provider)
R1 nmserial; C:\WINDOWS\System32\DRIVERS\nmserial.sys [60032 2007-06-04] (Windows (R) 2000 DDK provider)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf_x86.sys [16024 2013-02-07] (Secunia)
R1 sp_rsdrv2; C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [142592 2009-03-29] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-02 22:37 - 2014-05-02 22:37 - 00016441 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\FRST.txt
2014-05-02 22:37 - 2014-05-02 22:37 - 00000000 ____D () C:\FRST
2014-05-02 22:36 - 2014-05-02 22:36 - 00015327 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\LM.bat
2014-05-02 22:34 - 2014-05-02 22:34 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Kristián Vrhel\Plocha\FRSTLauncher.exe
2014-05-02 22:32 - 2014-05-02 22:32 - 01050624 _____ (Farbar) C:\Documents and Settings\Kristián Vrhel\Plocha\FRST.exe
2014-05-02 21:52 - 2014-05-02 21:53 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Data aplikací\DropboxMaster
2014-05-02 21:52 - 2014-05-02 21:52 - 00000000 ____D () C:\Program Files\Dropbox
2014-05-02 21:52 - 2014-05-02 21:52 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Nabídka Start\Programy\Dropbox
2014-05-02 21:51 - 2014-05-02 21:53 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox
2014-05-02 21:50 - 2014-05-02 21:51 - 36818984 _____ (Dropbox, Inc.) C:\Documents and Settings\All Users\Plocha\DropboxInstallerAvast.exe
2014-05-02 21:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-02 21:41 - 2014-05-02 21:59 - 00000000 ____D () C:\AdwCleaner
2014-05-02 21:38 - 2014-05-02 21:38 - 01310621 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\adwcleaner.exe
2014-05-02 21:25 - 2014-05-02 21:26 - 00000000 ____D () C:\rsit
2014-05-02 21:19 - 2014-05-02 21:19 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-02 21:19 - 2014-05-02 21:19 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-02 21:11 - 2014-05-02 22:01 - 00000021 _____ () C:\WINDOWS\S.dirmngr
2014-04-18 09:03 - 2014-04-18 09:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-18 08:58 - 2014-04-18 09:00 - 00011642 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-13 20:06 - 2014-04-18 09:03 - 00012849 _____ () C:\WINDOWS\KB2922229.log
2014-04-06 17:12 - 2014-05-02 22:02 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-04-05 22:12 - 2014-04-05 22:12 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\AdTrustMedia
2014-04-05 22:11 - 2014-05-02 22:00 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Adtrustmedia
2014-04-05 22:05 - 2014-04-05 22:05 - 00007650 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\hijackthis.log
==================== One Month Modified Files and Folders =======
2014-05-02 22:37 - 2014-05-02 22:37 - 00016441 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\FRST.txt
2014-05-02 22:37 - 2014-05-02 22:37 - 00000000 ____D () C:\FRST
2014-05-02 22:37 - 2009-01-25 16:47 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Plocha
2014-05-02 22:36 - 2014-05-02 22:36 - 00015327 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\LM.bat
2014-05-02 22:36 - 2012-04-10 22:31 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-02 22:36 - 2009-01-25 16:47 - 00000000 ___HD () C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací
2014-05-02 22:34 - 2014-05-02 22:34 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Kristián Vrhel\Plocha\FRSTLauncher.exe
2014-05-02 22:34 - 2009-11-17 22:45 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory
2014-05-02 22:32 - 2014-05-02 22:32 - 01050624 _____ (Farbar) C:\Documents and Settings\Kristián Vrhel\Plocha\FRST.exe
2014-05-02 22:32 - 2013-03-13 01:46 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
2014-05-02 22:15 - 2009-06-30 19:55 - 00001062 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003UA.job
2014-05-02 22:15 - 2009-03-12 02:09 - 00002330 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\Google Chrome.lnk
2014-05-02 22:07 - 2012-07-06 13:12 - 00000366 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-05-02 22:05 - 2009-01-25 17:37 - 00690568 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-02 22:03 - 2009-01-25 16:43 - 01751975 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-02 22:02 - 2014-04-06 17:12 - 00000440 _____ () C:\WINDOWS\Tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
2014-05-02 22:01 - 2014-05-02 21:11 - 00000021 _____ () C:\WINDOWS\S.dirmngr
2014-05-02 22:01 - 2014-03-30 10:42 - 00000240 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-05-02 22:01 - 2009-01-25 17:39 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-02 22:01 - 2009-01-25 17:39 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-05-02 22:01 - 2008-04-14 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-02 22:00 - 2014-04-05 22:11 - 00065536 _____ () C:\WINDOWS\system32\config\COMODO I.evt
2014-05-02 22:00 - 2009-01-25 16:46 - 00032476 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-02 22:00 - 2009-01-25 16:46 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-02 22:00 - 2008-12-01 22:11 - 00069112 _____ () C:\WINDOWS\system32\ativvaxx.cap
2014-05-02 21:59 - 2014-05-02 21:41 - 00000000 ____D () C:\AdwCleaner
2014-05-02 21:59 - 2009-01-25 16:47 - 00000178 ___SH () C:\Documents and Settings\Kristián Vrhel\ntuser.ini
2014-05-02 21:53 - 2014-05-02 21:52 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Data aplikací\DropboxMaster
2014-05-02 21:53 - 2014-05-02 21:51 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox
2014-05-02 21:52 - 2014-05-02 21:52 - 00000000 ____D () C:\Program Files\Dropbox
2014-05-02 21:52 - 2014-05-02 21:52 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Nabídka Start\Programy\Dropbox
2014-05-02 21:52 - 2009-05-14 12:03 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Nabídka Start\Programy
2014-05-02 21:52 - 2009-01-25 16:47 - 00000000 __RHD () C:\Documents and Settings\Kristián Vrhel\Data aplikací
2014-05-02 21:51 - 2014-05-02 21:50 - 36818984 _____ (Dropbox, Inc.) C:\Documents and Settings\All Users\Plocha\DropboxInstallerAvast.exe
2014-05-02 21:51 - 2009-01-25 17:36 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2014-05-02 21:42 - 2009-02-08 23:04 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-02 21:42 - 2009-01-25 17:36 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-05-02 21:38 - 2014-05-02 21:38 - 01310621 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\adwcleaner.exe
2014-05-02 21:36 - 2012-04-10 22:31 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-02 21:36 - 2011-05-24 22:27 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-02 21:26 - 2014-05-02 21:25 - 00000000 ____D () C:\rsit
2014-05-02 21:19 - 2014-05-02 21:19 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-05-02 21:19 - 2014-05-02 21:19 - 00024184 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-05-02 21:19 - 2014-03-27 23:04 - 00001750 _____ () C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
2014-05-02 21:19 - 2013-03-05 23:01 - 00180632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-05-02 21:19 - 2013-03-05 23:01 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-05-02 21:19 - 2013-03-05 23:01 - 00049944 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-05-02 21:19 - 2011-05-27 17:05 - 00776976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-05-02 21:19 - 2009-02-08 23:01 - 00411552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-05-02 21:19 - 2009-02-08 23:01 - 00271264 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-05-02 21:19 - 2009-02-08 23:01 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2014-05-02 21:19 - 2009-02-08 23:01 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2014-04-20 10:12 - 2009-06-30 19:55 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003Core.job
2014-04-18 14:47 - 2013-07-28 21:05 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Corel
2014-04-18 14:24 - 2013-07-28 21:14 - 00003140 ___SH () C:\Documents and Settings\All Users\Data aplikací\KGyGaAvL.sys
2014-04-18 14:24 - 2013-07-28 21:05 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Dokumenty\My PSP Files
2014-04-18 09:14 - 2009-01-25 16:47 - 00000000 ___RD () C:\Documents and Settings\Kristián Vrhel\Dokumenty\Obrázky
2014-04-18 09:03 - 2014-04-18 09:03 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-18 09:03 - 2014-04-13 20:06 - 00012849 _____ () C:\WINDOWS\KB2922229.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00059846 _____ () C:\WINDOWS\iis6.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00055648 _____ () C:\WINDOWS\FaxSetup.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00026604 _____ () C:\WINDOWS\ocgen.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00025393 _____ () C:\WINDOWS\tsoc.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00018676 _____ () C:\WINDOWS\comsetup.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00017330 _____ () C:\WINDOWS\msmqinst.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00011295 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00009747 _____ () C:\WINDOWS\netfxocm.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00003825 _____ () C:\WINDOWS\MedCtrOC.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00003474 _____ () C:\WINDOWS\ocmsn.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00002799 _____ () C:\WINDOWS\tabletoc.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00002781 _____ () C:\WINDOWS\msgsocm.log
2014-04-18 09:03 - 2014-03-02 23:21 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-04-18 09:03 - 2013-09-01 09:40 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-18 09:00 - 2014-04-18 08:58 - 00011642 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-18 09:00 - 2014-03-02 23:22 - 00009228 _____ () C:\WINDOWS\updspapi.log
2014-04-18 09:00 - 2014-03-02 23:21 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-04-18 09:00 - 2012-03-17 02:06 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-18 09:00 - 2009-02-09 00:36 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-16 23:12 - 2013-01-16 20:51 - 00607448 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdGuard.sys
2014-04-16 23:12 - 2013-01-16 20:51 - 00104920 _____ (COMODO) C:\WINDOWS\system32\Drivers\inspect.sys
2014-04-16 23:12 - 2013-01-16 20:51 - 00029912 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmdhlp.sys
2014-04-16 23:12 - 2013-01-16 20:51 - 00015704 _____ (COMODO) C:\WINDOWS\system32\Drivers\cmderd.sys
2014-04-13 20:03 - 2012-06-26 23:28 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-06 23:01 - 2014-03-28 00:26 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-06 17:17 - 2011-12-25 14:20 - 00000956 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-06 17:17 - 2011-12-25 14:20 - 00000952 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-06 00:21 - 2013-06-26 16:41 - 00002072 _____ () C:\WINDOWS\system32\Drivers\fvstore.dat
2014-04-05 22:12 - 2014-04-05 22:12 - 00000000 ____D () C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\AdTrustMedia
2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-04-05 22:11 - 2014-04-05 22:11 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Adtrustmedia
2014-04-05 22:05 - 2014-04-05 22:05 - 00007650 _____ () C:\Documents and Settings\Kristián Vrhel\Plocha\hijackthis.log
2014-04-05 22:00 - 2014-03-30 10:42 - 00000234 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
Files to move or delete:
====================
C:\Documents and Settings\Kristián Vrhel\en_res.dll
C:\Documents and Settings\Kristián Vrhel\es_res.dll
C:\Documents and Settings\Kristián Vrhel\fr_res.dll
C:\Documents and Settings\Kristián Vrhel\grm_res.dll
C:\Documents and Settings\Kristián Vrhel\it_res.dll
C:\Documents and Settings\Kristián Vrhel\jp_res.dll
C:\Documents and Settings\Kristián Vrhel\mfc80u.dll
C:\Documents and Settings\Kristián Vrhel\msvcr80.dll
C:\Documents and Settings\Kristián Vrhel\PCPE Setup.exe
C:\Documents and Settings\Kristián Vrhel\pt_res.dll
C:\Documents and Settings\Kristián Vrhel\ResourceReader.dll
C:\Documents and Settings\Kristián Vrhel\ru_res.dll
C:\Documents and Settings\Kristián Vrhel\zh_res.dll
Some content of TEMP:
====================
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\7415nua.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\appshat-distribution.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\BabylonTB.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8rk3yq.dll
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\FreeZip920.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\htmlayout.dll
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\KMP_3.6.0.87.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\LemurLeap_sm.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\PIPInstaller_PTV_.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\toolbar16436859.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\toolbar16447109.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\uninstall29045843.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\uninstall29053671.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\uninstall29053703.exe
C:\Documents and Settings\Kristián Vrhel\Local Settings\Temp\WiEqPJdSJAeyyhsGNcfJ.DLL
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1
C:\WINDOWS\system32\winlogon.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea
C:\WINDOWS\system32\svchost.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93
C:\WINDOWS\system32\services.exe
[2008-04-14 14:00] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7
C:\WINDOWS\system32\User32.dll
[2008-04-14 14:00] - [2008-04-14 14:00] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53
C:\WINDOWS\system32\userinit.exe
[2008-04-14 14:00] - [2008-04-14 14:00] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 14:00] - [2008-04-14 14:00] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1
==================== End Of Log ============================
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé nabíhání, neznámý program s dlouhým číselným názv
Toto je FRST. Když jsme začali u RSIT, musíme v něm i pokračovat.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé nabíhání, neznámý program s dlouhým číselným názv
Eh, neumím číst, promiňte
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kristián Vrhel at 2014-05-02 22:57:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 129 GB (42%) free of 305 GB
Total RAM: 3327 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:57:32, on 2.5.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbService.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Documents and Settings\Kristián Vrhel\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Kristián Vrhel.exe
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microtek Scanner Finder.lnk
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 10\cbService.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7683 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003UA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Program spuštěný službou UPS před vypnutím systému.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}:3.0.3.18, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\plugins\
npexview.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\extensions\
PrivDog@AdTrustMedia.com
{20a82645-c095-46ed-80e3-08825760534b}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-05-02 436600]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-03-29 2176000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-30 19523616]
""= []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1225944]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-05-02 3873704]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-14 1603152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-26 652624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search - Home]
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2013-01-28 1692200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
C:\PROGRA~1\PIXELA\IMAGEM~1\CAMERA~1.EXE [2008-02-08 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kristián Vrhel^Nabídka Start^Programy^Po spuštění^Spamihilator.lnk]
C:\Program Files\Spamihilator\spamihilator.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent.exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent.exe:*:Enabled:µTorrent"
"C:\torent\utorrent.exe"="C:\torent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\uTorrent(1).exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\uTorrent(1).exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent(2).exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent(2).exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=vdrcodec.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MJPG"=Pvmjpg30.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.CSCD"=camcodec.dll
"msacm.dvacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
======List of files/folders created in the last 1 month======
2014-05-02 22:37:02 ----D---- C:\FRST
2014-05-02 21:52:49 ----D---- C:\Documents and Settings\Kristián Vrhel\Data aplikací\DropboxMaster
2014-05-02 21:52:40 ----D---- C:\Program Files\Dropbox
2014-05-02 21:51:56 ----D---- C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox
2014-05-02 21:42:35 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-05-02 21:41:47 ----D---- C:\AdwCleaner
2014-05-02 21:25:26 ----D---- C:\rsit
2014-05-02 21:19:11 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2014-05-02 21:19:07 ----A---- C:\WINDOWS\avastSS.scr
2014-04-18 09:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-04-05 22:11:48 ----D---- C:\Program Files\AdTrustMedia
2014-04-05 22:11:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adtrustmedia
======List of files/folders modified in the last 1 month======
2014-05-02 22:37:54 ----D---- C:\WINDOWS
2014-05-02 22:36:02 ----D---- C:\WINDOWS\Temp
2014-05-02 22:05:37 ----D---- C:\WINDOWS\system32
2014-05-02 22:05:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-02 22:02:23 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-02 22:00:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-02 21:52:40 ----RD---- C:\Program Files
2014-05-02 21:42:57 ----SD---- C:\WINDOWS\Tasks
2014-05-02 21:42:57 ----D---- C:\Program Files\Mozilla Firefox
2014-05-02 21:36:11 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-02 21:19:11 ----D---- C:\WINDOWS\system32\drivers
2014-05-02 21:19:07 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-05-02 21:18:41 ----D---- C:\WINDOWS\Prefetch
2014-04-18 09:22:47 ----SHD---- C:\WINDOWS\Installer
2014-04-18 09:03:27 ----HD---- C:\WINDOWS\inf
2014-04-18 09:03:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-18 09:03:13 ----D---- C:\WINDOWS\system32\MRT
2014-04-18 09:00:40 ----A---- C:\WINDOWS\system32\MRT.exe
2014-04-18 09:00:33 ----A---- C:\WINDOWS\imsins.BAK
2014-04-18 09:00:23 ----D---- C:\Program Files\Internet Explorer
2014-04-18 09:00:14 ----D---- C:\WINDOWS\ie8updates
2014-04-13 20:03:17 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-04-06 23:01:32 ----D---- C:\Program Files\Mozilla Thunderbird
2014-04-06 17:18:00 ----D---- C:\Config.Msi
2014-04-05 22:11:24 ----D---- C:\WINDOWS\system32\config
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-05-02 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-05-02 180632]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2014-04-16 104920]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-01-18 64160]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-05-02 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-05-02 776976]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-05-02 411552]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-05-02 57672]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\system32\drivers\cmderd.sys [2014-04-16 15704]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2014-04-16 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2014-04-16 29912]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 NmPar;MosChip PCI Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2007-06-04 76416]
R1 nmserial;MosChip PCI Serial Port; C:\WINDOWS\system32\DRIVERS\nmserial.sys [2007-06-04 60032]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-05-02 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-05-02 67824]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-30 6032928]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-14 63744]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys [2013-02-07 16024]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 APC Data Service;APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-05-02 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-04-16 5306504]
R2 CobianBackup10;Cobian Backup 10; C:\Program Files\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
R2 DirMngr;DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [2013-05-28 218112]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-03-29 487424]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-02 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-30 119408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S4 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2013-02-07 1223704]
S4 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2013-02-07 660504]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kristián Vrhel at 2014-05-02 22:57:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 129 GB (42%) free of 305 GB
Total RAM: 3327 MB (80% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:57:32, on 2.5.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbService.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Documents and Settings\Kristián Vrhel\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Kristián Vrhel.exe
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microtek Scanner Finder.lnk
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 10\cbService.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7683 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003UA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Program spuštěný službou UPS před vypnutím systému.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}:3.0.3.18, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\plugins\
npexview.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\extensions\
PrivDog@AdTrustMedia.com
{20a82645-c095-46ed-80e3-08825760534b}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-05-02 436600]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-03-29 2176000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-30 19523616]
""= []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1225944]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-05-02 3873704]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-14 1603152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-26 652624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search - Home]
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2013-01-28 1692200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
C:\PROGRA~1\PIXELA\IMAGEM~1\CAMERA~1.EXE [2008-02-08 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kristián Vrhel^Nabídka Start^Programy^Po spuštění^Spamihilator.lnk]
C:\Program Files\Spamihilator\spamihilator.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent.exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent.exe:*:Enabled:µTorrent"
"C:\torent\utorrent.exe"="C:\torent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\uTorrent(1).exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\uTorrent(1).exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent(2).exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent(2).exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=vdrcodec.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MJPG"=Pvmjpg30.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.CSCD"=camcodec.dll
"msacm.dvacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
======List of files/folders created in the last 1 month======
2014-05-02 22:37:02 ----D---- C:\FRST
2014-05-02 21:52:49 ----D---- C:\Documents and Settings\Kristián Vrhel\Data aplikací\DropboxMaster
2014-05-02 21:52:40 ----D---- C:\Program Files\Dropbox
2014-05-02 21:51:56 ----D---- C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox
2014-05-02 21:42:35 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-05-02 21:41:47 ----D---- C:\AdwCleaner
2014-05-02 21:25:26 ----D---- C:\rsit
2014-05-02 21:19:11 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2014-05-02 21:19:07 ----A---- C:\WINDOWS\avastSS.scr
2014-04-18 09:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-04-05 22:11:48 ----D---- C:\Program Files\AdTrustMedia
2014-04-05 22:11:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adtrustmedia
======List of files/folders modified in the last 1 month======
2014-05-02 22:37:54 ----D---- C:\WINDOWS
2014-05-02 22:36:02 ----D---- C:\WINDOWS\Temp
2014-05-02 22:05:37 ----D---- C:\WINDOWS\system32
2014-05-02 22:05:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-02 22:02:23 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-02 22:00:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-02 21:52:40 ----RD---- C:\Program Files
2014-05-02 21:42:57 ----SD---- C:\WINDOWS\Tasks
2014-05-02 21:42:57 ----D---- C:\Program Files\Mozilla Firefox
2014-05-02 21:36:11 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-02 21:19:11 ----D---- C:\WINDOWS\system32\drivers
2014-05-02 21:19:07 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-05-02 21:18:41 ----D---- C:\WINDOWS\Prefetch
2014-04-18 09:22:47 ----SHD---- C:\WINDOWS\Installer
2014-04-18 09:03:27 ----HD---- C:\WINDOWS\inf
2014-04-18 09:03:21 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-18 09:03:13 ----D---- C:\WINDOWS\system32\MRT
2014-04-18 09:00:40 ----A---- C:\WINDOWS\system32\MRT.exe
2014-04-18 09:00:33 ----A---- C:\WINDOWS\imsins.BAK
2014-04-18 09:00:23 ----D---- C:\Program Files\Internet Explorer
2014-04-18 09:00:14 ----D---- C:\WINDOWS\ie8updates
2014-04-13 20:03:17 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-04-06 23:01:32 ----D---- C:\Program Files\Mozilla Thunderbird
2014-04-06 17:18:00 ----D---- C:\Config.Msi
2014-04-05 22:11:24 ----D---- C:\WINDOWS\system32\config
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-05-02 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-05-02 180632]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2014-04-16 104920]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-01-18 64160]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-05-02 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-05-02 776976]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-05-02 411552]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-05-02 57672]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\system32\drivers\cmderd.sys [2014-04-16 15704]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2014-04-16 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2014-04-16 29912]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 NmPar;MosChip PCI Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2007-06-04 76416]
R1 nmserial;MosChip PCI Serial Port; C:\WINDOWS\system32\DRIVERS\nmserial.sys [2007-06-04 60032]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-05-02 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-05-02 67824]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-30 6032928]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-14 63744]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys [2013-02-07 16024]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 APC Data Service;APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-05-02 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-04-16 5306504]
R2 CobianBackup10;Cobian Backup 10; C:\Program Files\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
R2 DirMngr;DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [2013-05-28 218112]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-03-29 487424]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-02 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-30 119408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S4 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2013-02-07 1223704]
S4 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2013-02-07 660504]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé nabíhání, neznámý program s dlouhým číselným názv
Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:
a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.:files
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-261903793-682003330-1003UA.job
:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-
:commands
[Purity]
[Emptytemp]
[Emptyflash]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé nabíhání, neznámý program s dlouhým číselným názv
Provedeno:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kristián Vrhel at 2014-05-03 12:36:49
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 133 GB (44%) free of 305 GB
Total RAM: 3327 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:14, on 3.5.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbService.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kristián Vrhel\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Kristián Vrhel.exe
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microtek Scanner Finder.lnk
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 10\cbService.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7682 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Program spuštěný službou UPS před vypnutím systému.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}:3.0.3.18, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\plugins\
npexview.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\extensions\
PrivDog@AdTrustMedia.com
{20a82645-c095-46ed-80e3-08825760534b}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-05-02 436600]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-03-29 2176000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-30 19523616]
""= []
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1225944]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-05-02 3873704]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-14 1603152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-26 652624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search - Home]
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2013-01-28 1692200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
C:\PROGRA~1\PIXELA\IMAGEM~1\CAMERA~1.EXE [2008-02-08 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kristián Vrhel^Nabídka Start^Programy^Po spuštění^Spamihilator.lnk]
C:\Program Files\Spamihilator\spamihilator.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent.exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent.exe:*:Enabled:µTorrent"
"C:\torent\utorrent.exe"="C:\torent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\uTorrent(1).exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\uTorrent(1).exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent(2).exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent(2).exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=vdrcodec.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MJPG"=Pvmjpg30.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.CSCD"=camcodec.dll
"msacm.dvacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
======List of files/folders created in the last 1 month======
2014-05-03 12:35:22 ----D---- C:\WINDOWS\LastGood
2014-05-03 12:29:08 ----D---- C:\_OTM
2014-05-03 02:17:05 ----N---- C:\WINDOWS\system32\SETA.tmp
2014-05-02 22:37:02 ----D---- C:\FRST
2014-05-02 21:52:49 ----D---- C:\Documents and Settings\Kristián Vrhel\Data aplikací\DropboxMaster
2014-05-02 21:52:40 ----D---- C:\Program Files\Dropbox
2014-05-02 21:51:56 ----D---- C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox
2014-05-02 21:42:35 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-05-02 21:41:47 ----D---- C:\AdwCleaner
2014-05-02 21:25:26 ----D---- C:\rsit
2014-05-02 21:19:11 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2014-05-02 21:19:07 ----A---- C:\WINDOWS\avastSS.scr
2014-04-18 09:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-04-05 22:11:48 ----D---- C:\Program Files\AdTrustMedia
2014-04-05 22:11:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adtrustmedia
======List of files/folders modified in the last 1 month======
2014-05-03 12:36:29 ----D---- C:\WINDOWS\system32
2014-05-03 12:36:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-03 12:36:24 ----HD---- C:\WINDOWS\inf
2014-05-03 12:36:23 ----D---- C:\WINDOWS\system32\CatRoot
2014-05-03 12:36:23 ----D---- C:\WINDOWS
2014-05-03 12:34:12 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-03 12:33:56 ----D---- C:\WINDOWS\Temp
2014-05-03 12:30:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-03 12:30:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-05-03 12:29:24 ----SD---- C:\WINDOWS\Tasks
2014-05-03 12:27:37 ----D---- C:\WINDOWS\ie8updates
2014-05-02 21:52:40 ----RD---- C:\Program Files
2014-05-02 21:42:57 ----D---- C:\Program Files\Mozilla Firefox
2014-05-02 21:36:11 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-02 21:19:11 ----D---- C:\WINDOWS\system32\drivers
2014-05-02 21:19:07 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-05-02 21:18:41 ----D---- C:\WINDOWS\Prefetch
2014-04-18 09:22:47 ----SHD---- C:\WINDOWS\Installer
2014-04-18 09:03:27 ----A---- C:\WINDOWS\imsins.BAK
2014-04-18 09:03:13 ----D---- C:\WINDOWS\system32\MRT
2014-04-18 09:00:40 ----A---- C:\WINDOWS\system32\MRT.exe
2014-04-18 09:00:23 ----D---- C:\Program Files\Internet Explorer
2014-04-13 20:03:17 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-04-06 23:01:32 ----D---- C:\Program Files\Mozilla Thunderbird
2014-04-06 17:18:00 ----D---- C:\Config.Msi
2014-04-05 22:11:24 ----D---- C:\WINDOWS\system32\config
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-05-02 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-05-02 180632]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2014-04-16 104920]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-01-18 64160]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-05-02 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-05-02 776976]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-05-02 411552]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-05-02 57672]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\system32\drivers\cmderd.sys [2014-04-16 15704]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2014-04-16 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2014-04-16 29912]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 NmPar;MosChip PCI Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2007-06-04 76416]
R1 nmserial;MosChip PCI Serial Port; C:\WINDOWS\system32\DRIVERS\nmserial.sys [2007-06-04 60032]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-05-02 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-05-02 67824]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-30 6032928]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-14 63744]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys [2013-02-07 16024]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 APC Data Service;APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-05-02 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-04-16 5306504]
R2 CobianBackup10;Cobian Backup 10; C:\Program Files\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
R2 DirMngr;DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [2013-05-28 218112]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-03-29 487424]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-02 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-30 119408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S4 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2013-02-07 1223704]
S4 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2013-02-07 660504]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Kristián Vrhel at 2014-05-03 12:36:49
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 133 GB (44%) free of 305 GB
Total RAM: 3327 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:37:14, on 3.5.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbService.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Kristián Vrhel\Plocha\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Kristián Vrhel.exe
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microtek Scanner Finder.lnk
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: jpip - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: sidlet - {B92DD248-E3D5-4A92-B311-C9B841681455} - C:\Program Files\LizardTech\Express View\expressview.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files\Cobian Backup 10\cbVSCService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: COMODO Virtual Service Manager (cmdvirth) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files\Cobian Backup 10\cbService.exe
O23 - Service: DirMngr - Unknown owner - C:\Program Files\GNU\GnuPG\dirmngr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
--
End of file - 7682 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}.job
C:\WINDOWS\tasks\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Program spuštěný službou UPS před vypnutím systému.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "extensions.enabledItems" - "jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}:3.0.3.18, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.206 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\extensions\
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
D:\disk\Firefox_portable_3\FirefoxPortable\App\firefox\plugins\
npexview.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
C:\Documents and Settings\Kristián Vrhel\Data aplikací\Mozilla\Firefox\Profiles\r30hkhh1.default\extensions\
PrivDog@AdTrustMedia.com
{20a82645-c095-46ed-80e3-08825760534b}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2014-05-02 436600]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-03-29 2176000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2010-04-30 19523616]
""= []
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2014-03-25 1225944]
"AvastUI.exe"=C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2014-05-02 3873704]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-14 1603152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-26 652624]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Copernic Desktop Search - Home]
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe [2013-01-28 1692200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Kristián Vrhel\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-03-12 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^ImageMixer 3 SE Camera Monitor for SD.lnk]
C:\PROGRA~1\PIXELA\IMAGEM~1\CAMERA~1.EXE [2008-02-08 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kristián Vrhel^Nabídka Start^Programy^Po spuštění^Spamihilator.lnk]
C:\Program Files\Spamihilator\spamihilator.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=255
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent.exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent.exe:*:Enabled:µTorrent"
"C:\torent\utorrent.exe"="C:\torent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\uTorrent(1).exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\uTorrent(1).exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent(2).exe"="C:\Documents and Settings\Kristián Vrhel\Dokumenty\Stažené soubory\utorrent(2).exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"="C:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=vdrcodec.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.MJPG"=Pvmjpg30.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.CSCD"=camcodec.dll
"msacm.dvacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=c:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
======List of files/folders created in the last 1 month======
2014-05-03 12:35:22 ----D---- C:\WINDOWS\LastGood
2014-05-03 12:29:08 ----D---- C:\_OTM
2014-05-03 02:17:05 ----N---- C:\WINDOWS\system32\SETA.tmp
2014-05-02 22:37:02 ----D---- C:\FRST
2014-05-02 21:52:49 ----D---- C:\Documents and Settings\Kristián Vrhel\Data aplikací\DropboxMaster
2014-05-02 21:52:40 ----D---- C:\Program Files\Dropbox
2014-05-02 21:51:56 ----D---- C:\Documents and Settings\Kristián Vrhel\Data aplikací\Dropbox
2014-05-02 21:42:35 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-05-02 21:41:47 ----D---- C:\AdwCleaner
2014-05-02 21:25:26 ----D---- C:\rsit
2014-05-02 21:19:11 ----A---- C:\WINDOWS\system32\drivers\aswHwid.sys
2014-05-02 21:19:07 ----A---- C:\WINDOWS\avastSS.scr
2014-04-18 09:03:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2922229$
2014-04-05 22:11:48 ----D---- C:\Program Files\AdTrustMedia
2014-04-05 22:11:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adtrustmedia
======List of files/folders modified in the last 1 month======
2014-05-03 12:36:29 ----D---- C:\WINDOWS\system32
2014-05-03 12:36:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-03 12:36:24 ----HD---- C:\WINDOWS\inf
2014-05-03 12:36:23 ----D---- C:\WINDOWS\system32\CatRoot
2014-05-03 12:36:23 ----D---- C:\WINDOWS
2014-05-03 12:34:12 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-03 12:33:56 ----D---- C:\WINDOWS\Temp
2014-05-03 12:30:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-03 12:30:43 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-05-03 12:29:24 ----SD---- C:\WINDOWS\Tasks
2014-05-03 12:27:37 ----D---- C:\WINDOWS\ie8updates
2014-05-02 21:52:40 ----RD---- C:\Program Files
2014-05-02 21:42:57 ----D---- C:\Program Files\Mozilla Firefox
2014-05-02 21:36:11 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-02 21:19:11 ----D---- C:\WINDOWS\system32\drivers
2014-05-02 21:19:07 ----A---- C:\WINDOWS\system32\aswBoot.exe
2014-05-02 21:18:41 ----D---- C:\WINDOWS\Prefetch
2014-04-18 09:22:47 ----SHD---- C:\WINDOWS\Installer
2014-04-18 09:03:27 ----A---- C:\WINDOWS\imsins.BAK
2014-04-18 09:03:13 ----D---- C:\WINDOWS\system32\MRT
2014-04-18 09:00:40 ----A---- C:\WINDOWS\system32\MRT.exe
2014-04-18 09:00:23 ----D---- C:\Program Files\Internet Explorer
2014-04-13 20:03:17 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-04-06 23:01:32 ----D---- C:\Program Files\Mozilla Thunderbird
2014-04-06 17:18:00 ----D---- C:\Config.Msi
2014-04-05 22:11:24 ----D---- C:\WINDOWS\system32\config
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswRvrt;avast! Revert; C:\WINDOWS\system32\drivers\aswRvrt.sys [2014-05-02 49944]
R0 aswVmm;avast! VM Monitor; C:\WINDOWS\system32\drivers\aswVmm.sys [2014-05-02 180632]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2014-04-16 104920]
R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2009-01-18 64160]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2014-05-02 54832]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2014-05-02 776976]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2014-05-02 411552]
R1 aswTdi;aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [2014-05-02 57672]
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\system32\drivers\cmderd.sys [2014-04-16 15704]
R1 cmdGuard;COMODO Internet Security Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2014-04-16 607448]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2014-04-16 29912]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 NmPar;MosChip PCI Parallel Port; C:\WINDOWS\system32\DRIVERS\NmPar.sys [2007-06-04 76416]
R1 nmserial;MosChip PCI Serial Port; C:\WINDOWS\system32\DRIVERS\nmserial.sys [2007-06-04 60032]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 aswHwid;avast! HardwareID; C:\WINDOWS\system32\drivers\aswHwid.sys [2014-05-02 24184]
R2 aswMonFlt;aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [2014-05-02 67824]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-02 3452928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2010-04-30 6032928]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-06-25 36864]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mf;mf; C:\WINDOWS\system32\DRIVERS\mf.sys [2008-04-14 63744]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf_x86.sys [2013-02-07 16024]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 APC Data Service;APC Data Service; C:\Program Files\APC\PowerChute Personal Edition\dataserv.exe [2012-01-24 21880]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\PowerChute Personal Edition\mainserv.exe [2012-01-24 705912]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2014-05-02 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service; C:\Program Files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2014-04-16 5306504]
R2 CobianBackup10;Cobian Backup 10; C:\Program Files\Cobian Backup 10\cbService.exe [2010-09-23 1125376]
R2 DirMngr;DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [2013-05-28 218112]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-03-29 487424]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-02 257712]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 cmdvirth;COMODO Virtual Service Manager; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-03-25 1663192]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-03-30 119408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S4 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2013-02-07 1223704]
S4 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2013-02-07 660504]
-----------------EOF-----------------
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé nabíhání, neznámý program s dlouhým číselným názv
Dvouklikem na soubor D:\Kristián Vrhel.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:
Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalé nabíhání, neznámý program s dlouhým číselným názv
Děkuji
pochopil jsem, že to je asi vše. Také to zřetelně rychleji nabíhá. Mám na tomto kompu ten systém (WXP) 2* (aby případně jeden přežil) Myslím že ten druhý na tom bude podobně. Ale nebudu Vás s tím obtěžovat hned, už takto jste mi pomohli dost. Co to vlastně bylo (nebo jinak, co jsme udělal asi špatně, abych to nezopakoval příště, snažím se být opatrný ale asi ne dost) Pokud by odpověď byla příliš dlouhá či pracná, tak to nechte být.
S pozdravem Kryšpín
pochopil jsem, že to je asi vše. Také to zřetelně rychleji nabíhá. Mám na tomto kompu ten systém (WXP) 2* (aby případně jeden přežil) Myslím že ten druhý na tom bude podobně. Ale nebudu Vás s tím obtěžovat hned, už takto jste mi pomohli dost. Co to vlastně bylo (nebo jinak, co jsme udělal asi špatně, abych to nezopakoval příště, snažím se být opatrný ale asi ne dost) Pokud by odpověď byla příliš dlouhá či pracná, tak to nechte být.
S pozdravem Kryšpín
-
Rudy
- Site Admin
- Příspěvky: 119537
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalé nabíhání, neznámý program s dlouhým číselným názv
V podstatě tam byly AdWary a zbytečnosti. k občasnému vyčištění použijte CCleaner: http://forum.viry.cz/viewtopic.php?f=46&t=7478 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?