Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o kontrolu, asi tam vlezl nějaký červ
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o kontrolu, asi tam vlezl nějaký červ
Dejte novy log z RSIT
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu, asi tam vlezl nějaký červ
Logfile of random's system information tool 1.09 (written by random/random)
Run by m at 2014-01-25 13:37:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 60 GB (39%) free of 153 GB
Total RAM: 2047 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:37:48, on 25.1.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\m\Plocha\RSIT.exe
C:\Program Files\trend micro\m.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - (no file)
O2 - BHO: WsSVRIEHelper - {C7C3BC26-4F2B-4997-A3CB-163337FE975B} - C:\Program Files\iSkysoft\Video Converter Ultimate\SVRIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 4626 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{845257EF-A892-484e-8EB0-47F563D75939}"=C:\Program Files\iSkysoft\Video Converter Ultimate\SVRFirefoxExt\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{ea614400-e918-4741-9a97-7a972ff7c30b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-05 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7C3BC26-4F2B-4997-A3CB-163337FE975B}]
iSkysoft Video Converter Ultimate - C:\Program Files\iSkysoft\Video Converter Ultimate\SVRIEPlugin.dll [2012-11-29 275304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-05 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-08-28 33673216]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2010-07-06 1797008]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-10-26 188416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe"="C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe:*:Disabled:Driver"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"F:\Hry\FS 2004\FS 2004 Crack\FS 2004 Crack\fs9.exe"="F:\Hry\FS 2004\FS 2004 Crack\FS 2004 Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"F:\Hry\FS 2004\FS 2004\Crack\fs9.exe"="F:\Hry\FS 2004\FS 2004\Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=i263_32.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"vidc.mjpg"=pvmjpg30.dll
"msacm.g723"=g723.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.I263"=I263_32.drv
"VIDC.IV41"=ir41_32.ax
"vidc.iv50"=ir50_32.dll
"VIDC.FFDS"=ff_vfw.dll
======List of files/folders created in the last 1 month======
2014-01-23 20:33:08 ----D---- C:\AdwCleaner
2014-01-23 20:15:20 ----SHD---- C:\RECYCLER
2014-01-23 19:55:42 ----A---- C:\ComboFix.txt
2014-01-23 19:49:33 ----D---- C:\WINDOWS\temp
2014-01-21 20:39:34 ----D---- C:\Documents and Settings\m\Data aplikací\Malwarebytes
2014-01-21 20:39:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-01-21 20:19:30 ----ASH---- C:\hiberfil.sys
2014-01-21 20:06:42 ----A---- C:\WINDOWS\zip.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\SWSC.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\SWREG.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\sed.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\PEV.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\NIRCMD.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\MBR.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\grep.exe
2014-01-21 20:06:25 ----D---- C:\Qoobox
2014-01-21 20:06:13 ----D---- C:\WINDOWS\erdnt
2014-01-21 20:03:58 ----D---- C:\WINDOWS\CSC
2014-01-21 20:01:40 ----D---- C:\WINDOWS\pss
2014-01-21 18:00:03 ----D---- C:\rsit
2014-01-14 14:34:09 ----D---- C:\found.001
2014-01-12 21:15:55 ----D---- C:\Documents and Settings\m\Data aplikací\MultiSkypeLauncher
2014-01-12 21:11:18 ----D---- C:\Program Files\MultiSkypeLauncher
2014-01-12 21:03:47 ----D---- C:\Program Files\Seznam.cz
2014-01-12 21:03:27 ----D---- C:\Documents and Settings\m\Data aplikací\Seznam.cz
======List of files/folders modified in the last 1 month======
2014-01-25 13:37:48 ----D---- C:\Program Files\trend micro
2014-01-25 13:34:49 ----D---- C:\Documents and Settings\m\Data aplikací\Skype
2014-01-25 12:17:58 ----D---- C:\WINDOWS\system32
2014-01-25 12:13:03 ----D---- C:\WINDOWS\system32\drivers
2014-01-25 09:20:01 ----D---- C:\WINDOWS\Prefetch
2014-01-25 09:12:31 ----SD---- C:\WINDOWS\Tasks
2014-01-25 09:11:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-25 09:08:12 ----D---- C:\WINDOWS\system32\CatRoot2
2014-01-24 20:32:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-01-24 19:37:11 ----RD---- C:\Program Files
2014-01-24 13:20:59 ----D---- C:\WINDOWS
2014-01-24 13:20:59 ----A---- C:\WINDOWS\WDICT32.INI
2014-01-23 19:51:23 ----A---- C:\WINDOWS\system.ini
2014-01-23 19:51:06 ----D---- C:\WINDOWS\system32\drivers\etc
2014-01-23 19:48:00 ----D---- C:\WINDOWS\AppPatch
2014-01-23 19:47:58 ----D---- C:\Program Files\Common Files
2014-01-22 19:56:42 ----SHD---- C:\System Volume Information
2014-01-22 19:56:42 ----D---- C:\WINDOWS\system32\Restore
2014-01-22 19:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2014-01-22 19:44:43 ----SHD---- C:\WINDOWS\Installer
2014-01-22 19:44:43 ----D---- C:\Config.Msi
2014-01-22 16:48:10 ----D---- C:\Marian
2014-01-21 20:18:29 ----ASH---- C:\boot.ini
2014-01-21 20:18:29 ----A---- C:\WINDOWS\win.ini
2014-01-21 20:15:34 ----D---- C:\Documents and Settings\m\Data aplikací\Adobe
2014-01-21 17:47:33 ----D---- C:\Documents and Settings\m\Data aplikací\Media Player Classic
2014-01-21 17:46:26 ----D---- C:\WINDOWS\Debug
2014-01-20 16:58:47 ----HD---- C:\Program Files\InstallShield Installation Information
2014-01-19 08:32:23 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2014-01-15 20:56:56 ----D---- C:\Ája
2014-01-12 10:57:27 ----D---- C:\Fotky
2014-01-12 10:07:33 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2009-08-04 11296]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKslb9738591;MpKslb9738591; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{871854E5-855C-4BFB-A046-83DBEFDD763D}\MpKslb9738591.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-10-26 7412736]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2009-06-26 56992]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2008-01-29 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\System32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-08-17 1390976]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dc3d;MS Hardware Device Detection Driver (USB); C:\WINDOWS\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
S3 h643331;h643331; C:\WINDOWS\system32\drivers\h643331.sys []
S3 hid3331;hid3331; C:\WINDOWS\system32\drivers\hid3331.sys [2008-05-19 41336]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2008-01-29 54016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2010-06-30 40848]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-10-26 643072]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-11-05 182696]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-29 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-29 116648]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-20 119408]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Run by m at 2014-01-25 13:37:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 60 GB (39%) free of 153 GB
Total RAM: 2047 MB (60% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:37:48, on 25.1.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\m\Plocha\RSIT.exe
C:\Program Files\trend micro\m.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - (no file)
O2 - BHO: WsSVRIEHelper - {C7C3BC26-4F2B-4997-A3CB-163337FE975B} - C:\Program Files\iSkysoft\Video Converter Ultimate\SVRIEPlugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
--
End of file - 4626 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{845257EF-A892-484e-8EB0-47F563D75939}"=C:\Program Files\iSkysoft\Video Converter Ultimate\SVRFirefoxExt\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.45.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{ea614400-e918-4741-9a97-7a972ff7c30b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-11-05 462760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7C3BC26-4F2B-4997-A3CB-163337FE975B}]
iSkysoft Video Converter Ultimate - C:\Program Files\iSkysoft\Video Converter Ultimate\SVRIEPlugin.dll [2012-11-29 275304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-11-05 171944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [2009-08-28 33673216]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2010-07-06 1797008]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-10-26 188416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe"="C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application"
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi"
"C:\WINDOWS\system32\msiexec.exe"="C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup"
"C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe"="C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe:*:Disabled:Driver"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"F:\Hry\FS 2004\FS 2004 Crack\FS 2004 Crack\fs9.exe"="F:\Hry\FS 2004\FS 2004 Crack\FS 2004 Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"F:\Hry\FS 2004\FS 2004\Crack\fs9.exe"="F:\Hry\FS 2004\FS 2004\Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=i263_32.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"VIDC.YV12"=xvidvfw.dll
"vidc.mjpg"=pvmjpg30.dll
"msacm.g723"=g723.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.I263"=I263_32.drv
"VIDC.IV41"=ir41_32.ax
"vidc.iv50"=ir50_32.dll
"VIDC.FFDS"=ff_vfw.dll
======List of files/folders created in the last 1 month======
2014-01-23 20:33:08 ----D---- C:\AdwCleaner
2014-01-23 20:15:20 ----SHD---- C:\RECYCLER
2014-01-23 19:55:42 ----A---- C:\ComboFix.txt
2014-01-23 19:49:33 ----D---- C:\WINDOWS\temp
2014-01-21 20:39:34 ----D---- C:\Documents and Settings\m\Data aplikací\Malwarebytes
2014-01-21 20:39:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-01-21 20:19:30 ----ASH---- C:\hiberfil.sys
2014-01-21 20:06:42 ----A---- C:\WINDOWS\zip.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\SWSC.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\SWREG.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\sed.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\PEV.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\NIRCMD.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\MBR.exe
2014-01-21 20:06:42 ----A---- C:\WINDOWS\grep.exe
2014-01-21 20:06:25 ----D---- C:\Qoobox
2014-01-21 20:06:13 ----D---- C:\WINDOWS\erdnt
2014-01-21 20:03:58 ----D---- C:\WINDOWS\CSC
2014-01-21 20:01:40 ----D---- C:\WINDOWS\pss
2014-01-21 18:00:03 ----D---- C:\rsit
2014-01-14 14:34:09 ----D---- C:\found.001
2014-01-12 21:15:55 ----D---- C:\Documents and Settings\m\Data aplikací\MultiSkypeLauncher
2014-01-12 21:11:18 ----D---- C:\Program Files\MultiSkypeLauncher
2014-01-12 21:03:47 ----D---- C:\Program Files\Seznam.cz
2014-01-12 21:03:27 ----D---- C:\Documents and Settings\m\Data aplikací\Seznam.cz
======List of files/folders modified in the last 1 month======
2014-01-25 13:37:48 ----D---- C:\Program Files\trend micro
2014-01-25 13:34:49 ----D---- C:\Documents and Settings\m\Data aplikací\Skype
2014-01-25 12:17:58 ----D---- C:\WINDOWS\system32
2014-01-25 12:13:03 ----D---- C:\WINDOWS\system32\drivers
2014-01-25 09:20:01 ----D---- C:\WINDOWS\Prefetch
2014-01-25 09:12:31 ----SD---- C:\WINDOWS\Tasks
2014-01-25 09:11:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-25 09:08:12 ----D---- C:\WINDOWS\system32\CatRoot2
2014-01-24 20:32:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-01-24 19:37:11 ----RD---- C:\Program Files
2014-01-24 13:20:59 ----D---- C:\WINDOWS
2014-01-24 13:20:59 ----A---- C:\WINDOWS\WDICT32.INI
2014-01-23 19:51:23 ----A---- C:\WINDOWS\system.ini
2014-01-23 19:51:06 ----D---- C:\WINDOWS\system32\drivers\etc
2014-01-23 19:48:00 ----D---- C:\WINDOWS\AppPatch
2014-01-23 19:47:58 ----D---- C:\Program Files\Common Files
2014-01-22 19:56:42 ----SHD---- C:\System Volume Information
2014-01-22 19:56:42 ----D---- C:\WINDOWS\system32\Restore
2014-01-22 19:51:06 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2014-01-22 19:44:43 ----SHD---- C:\WINDOWS\Installer
2014-01-22 19:44:43 ----D---- C:\Config.Msi
2014-01-22 16:48:10 ----D---- C:\Marian
2014-01-21 20:18:29 ----ASH---- C:\boot.ini
2014-01-21 20:18:29 ----A---- C:\WINDOWS\win.ini
2014-01-21 20:15:34 ----D---- C:\Documents and Settings\m\Data aplikací\Adobe
2014-01-21 17:47:33 ----D---- C:\Documents and Settings\m\Data aplikací\Media Player Classic
2014-01-21 17:46:26 ----D---- C:\WINDOWS\Debug
2014-01-20 16:58:47 ----HD---- C:\Program Files\InstallShield Installation Information
2014-01-19 08:32:23 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2014-01-15 20:56:56 ----D---- C:\Ája
2014-01-12 10:57:27 ----D---- C:\Fotky
2014-01-12 10:07:33 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2009-08-04 11296]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2011-04-18 165648]
R1 MpKslb9738591;MpKslb9738591; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{871854E5-855C-4BFB-A046-83DBEFDD763D}\MpKslb9738591.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-10-26 7412736]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\WINDOWS\system32\drivers\nvhda32.sys [2009-06-26 56992]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2008-01-29 22016]
R3 nvsmu;nvsmu; C:\WINDOWS\System32\DRIVERS\nvsmu.sys [2007-10-12 13312]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\WINDOWS\system32\drivers\viahduaa.sys [2009-08-17 1390976]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač pro sériovou komunikaci protokolem Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 dc3d;MS Hardware Device Detection Driver (USB); C:\WINDOWS\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
S3 h643331;h643331; C:\WINDOWS\system32\drivers\h643331.sys []
S3 hid3331;hid3331; C:\WINDOWS\system32\drivers\hid3331.sys [2008-05-19 41336]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2008-01-29 54016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2010-06-30 40848]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-10-26 643072]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-11-05 182696]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2011-04-27 11736]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-29 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-09-05 171680]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-29 116648]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-12-20 119408]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Re: Prosím o kontrolu, asi tam vlezl nějaký červ
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu, asi tam vlezl nějaký červ
OTL logfile created on: 25.1.2014 13:56:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\m\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,33% Memory free
3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 58,07 Gb Free Space | 38,96% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 509,15 Gb Free Space | 72,88% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 17,56 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Computer Name: MB | User Name: m | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.01.25 13:54:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\m\Plocha\OTL.exe
PRC - [2013.12.20 20:41:54 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.11.05 12:20:51 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013.12.20 20:41:28 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.12.11 18:53:50 | 016,242,056 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2012.11.20 10:05:08 | 000,153,088 | ---- | M] () -- C:\WINDOWS\system32\ISCM32.dll
MOD - [2008.04.14 08:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.06.04 10:30:00 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2007.05.30 03:07:00 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2013.12.20 20:41:53 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.11 18:53:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.11.05 12:20:51 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.09.05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\h643331.sys -- (h643331)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014.01.25 12:11:50 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{871854E5-855C-4BFB-A046-83DBEFDD763D}\MpKslb9738591.sys -- (MpKslb9738591)
DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.10.26 04:01:40 | 007,412,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.07.01 18:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2009.08.17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.08.04 10:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.06.26 15:55:12 | 000,056,992 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008.05.19 14:15:10 | 000,041,336 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hid3331.sys -- (hid3331)
DRV - [2008.04.13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2008.01.29 12:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.01.29 12:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.10.12 16:53:10 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004.08.13 10:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001.08.17 19:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{07C6F82E-D72D-444D-8976-2B26B8BC3988}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{07C6F82E-D72D-444D-8976-2B26B8BC3988}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{084D7833-2601-4262-8AE5-FEF9321DF1E9}: "URL" = http://www.novinky.cz/hledej?w={searchT ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{0EF63EDE-1B56-4461-9693-874C463C5550}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{19EF289D-3421-4420-A106-0560BF684B77}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{39632938-56C9-4FC0-A73B-49A9D5ABF606}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{710F087F-ABBA-42BA-81E1-A90643E447D4}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{915F33FB-ED78-4F2F-871E-4A78AE3C51A1}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{BDD54C1C-D179-41E7-8F4D-800A0727FF09}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{FCE46290-A3E5-4C86-BBD9-64E304F649CF}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{FF0455BE-BCDD-43E1-BDE5-E9763DD0B5E5}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@kb-ext.cz/PKIComponent: C:\Documents and Settings\m\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{845257EF-A892-484e-8EB0-47F563D75939}: C:\Program Files\iSkysoft\Video Converter Ultimate\SVRFirefoxExt\ [2013.08.21 17:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013.08.17 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\m\Data aplikací\Mozilla\Extensions
[2014.01.12 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default\extensions
[2013.12.27 20:10:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.01.12 21:03:44 | 000,000,000 | ---D | M] (Seznam lištiÄŤka) -- C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2013.10.10 09:15:53 | 000,060,290 | ---- | M] () (No name found) -- C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default\extensions\translator@zoli.bod.xpi
[2013.12.20 20:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.12.20 20:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.12.20 20:41:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\M\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\6OZXJT53.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\M\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\6OZXJT53.DEFAULT\EXTENSIONS\TRANSLATOR@ZOLI.BOD.XPI
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Documents and Settings\m\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
O1 HOSTS File: ([2014.01.25 12:14:04 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O2 - BHO: (iSkysoft Video Converter Ultimate) - {C7C3BC26-4F2B-4997-A3CB-163337FE975B} - C:\Program Files\iSkysoft\Video Converter Ultimate\SVRIEPlugin.dll (iSkysoft Software Co., Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: localhost ([]http in Internet)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojebanka.cz ([etrading] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojebanka.cz ([sign] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojeplatba.cz ([www] https in Důvěryhodné servery)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254 81.19.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A43EF3A-EC6D-4E71-8126-EF0DBA131FE4}: DhcpNameServer = 192.168.2.254 81.19.5.10
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\m\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\m\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.g723 - g723.acm File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.01.25 13:54:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\m\Plocha\OTL.exe
[2014.01.24 15:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Plocha\RK_Quarantine
[2014.01.23 20:33:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.01.23 20:15:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014.01.23 19:49:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014.01.21 20:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Data aplikací\Malwarebytes
[2014.01.21 20:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2014.01.21 20:36:00 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\m\Plocha\mbam-setup-1.75.0.1300.exe
[2014.01.21 20:06:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014.01.21 20:06:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014.01.21 20:06:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014.01.21 20:06:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014.01.21 20:06:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.01.21 20:06:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014.01.21 20:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2014.01.21 20:01:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2014.01.21 19:48:43 | 005,175,240 | R--- | C] (Swearware) -- C:\Documents and Settings\m\Plocha\ComboFix.exe
[2014.01.21 18:00:03 | 000,000,000 | ---D | C] -- C:\rsit
[2014.01.21 17:46:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\m\Recent
[2014.01.20 17:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Dokumenty\GTA San Andreas User Files
[2014.01.20 16:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Rockstar Games
[2014.01.14 14:34:09 | 000,000,000 | ---D | C] -- C:\found.001
[2014.01.12 21:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Data aplikací\MultiSkypeLauncher
[2014.01.12 21:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Nabídka Start\Programy\MultiSkypeLauncher
[2014.01.12 21:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\MultiSkypeLauncher
[2014.01.12 21:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Nabídka Start\Programy\SmartTweak Software
[2014.01.12 21:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Seznam.cz
[2014.01.12 21:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Data aplikací\Seznam.cz
[2013.12.28 14:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Plocha\Aukro
[2013.12.27 20:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\dwhelper
[1 C:\Documents and Settings\m\*.tmp files -> C:\Documents and Settings\m\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.01.25 13:58:03 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.01.25 13:54:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\m\Plocha\OTL.exe
[2014.01.25 13:53:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.01.25 13:11:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.25 12:14:04 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014.01.25 09:12:32 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014.01.25 09:11:41 | 000,429,178 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2014.01.25 09:11:41 | 000,424,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.01.25 09:11:41 | 000,078,300 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2014.01.25 09:11:41 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014.01.25 09:07:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.01.25 09:07:25 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.25 09:07:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.01.25 09:07:14 | 2146,615,296 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.24 15:05:08 | 003,792,384 | ---- | M] () -- C:\Documents and Settings\m\Plocha\RogueKiller.exe
[2014.01.24 13:20:59 | 000,002,420 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2014.01.23 20:32:23 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\m\Plocha\adwcleaner.exe
[2014.01.23 19:33:29 | 005,175,240 | R--- | M] (Swearware) -- C:\Documents and Settings\m\Plocha\ComboFix.exe
[2014.01.23 14:49:59 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\m\Plocha\Martin.lnk
[2014.01.21 20:36:03 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\m\Plocha\mbam-setup-1.75.0.1300.exe
[2014.01.21 20:18:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2014.01.21 17:59:45 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\m\Plocha\RSIT.exe
[2014.01.21 17:48:15 | 000,005,084 | ---- | M] () -- C:\Documents and Settings\m\Plocha\cc_20140121_174812.reg
[2014.01.20 16:58:47 | 000,001,591 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\GTA San Andreas.lnk
[2014.01.19 20:11:06 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\m\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.01.19 08:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2014.01.17 14:16:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2014.01.16 16:02:55 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
[2014.01.12 10:07:33 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014.01.06 15:33:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014.01.01 21:08:33 | 000,163,767 | ---- | M] () -- C:\Documents and Settings\m\Plocha\led.jpg
[1 C:\Documents and Settings\m\*.tmp files -> C:\Documents and Settings\m\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014.01.25 13:58:03 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.01.24 15:05:07 | 003,792,384 | ---- | C] () -- C:\Documents and Settings\m\Plocha\RogueKiller.exe
[2014.01.23 20:32:22 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\m\Plocha\adwcleaner.exe
[2014.01.21 20:19:30 | 2146,615,296 | -HS- | C] () -- C:\hiberfil.sys
[2014.01.21 20:06:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014.01.21 20:06:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014.01.21 20:06:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014.01.21 20:06:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014.01.21 20:06:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014.01.21 17:59:44 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\m\Plocha\RSIT.exe
[2014.01.21 17:48:13 | 000,005,084 | ---- | C] () -- C:\Documents and Settings\m\Plocha\cc_20140121_174812.reg
[2014.01.20 16:58:47 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\GTA San Andreas.lnk
[2014.01.01 21:08:33 | 000,163,767 | ---- | C] () -- C:\Documents and Settings\m\Plocha\led.jpg
[2013.11.05 12:15:21 | 000,241,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.08.21 17:47:54 | 000,721,917 | ---- | C] () -- C:\WINDOWS\System32\ISCM64.dll
[2013.08.21 17:47:54 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\ISCM32.dll
[2012.10.28 17:28:34 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.10.26 12:41:21 | 000,041,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Hid3331.sys
[2012.10.18 13:43:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2012.10.17 18:05:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012.10.14 13:08:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\d3dcsx_42.dll
[2012.10.14 13:08:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\XAudio2_2.dll
[2012.06.02 15:58:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2012.03.19 17:37:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.19 12:02:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012.02.04 08:47:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012.02.04 08:46:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012.02.04 08:46:15 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012.02.04 08:46:14 | 000,242,430 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012.02.04 08:46:14 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012.02.03 23:13:11 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\m\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.03 23:08:14 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\m\Data aplikací\AutoGK.ini
[2012.02.03 22:49:37 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012.02.03 22:49:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012.02.03 22:49:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012.02.03 22:49:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012.02.03 22:49:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012.02.03 22:49:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012.02.03 22:49:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012.02.03 22:49:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012.02.03 22:49:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012.02.03 22:49:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2012.02.03 22:49:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012.02.03 22:49:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012.02.03 22:49:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012.02.03 22:49:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012.02.03 22:49:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012.02.03 22:49:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2012.02.03 22:49:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2012.02.03 22:49:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012.02.03 22:49:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012.02.03 22:35:06 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.02.03 22:12:05 | 000,002,420 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2012.02.03 22:02:03 | 000,004,265 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.02.03 22:00:51 | 000,194,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.03 21:26:01 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2012.02.03 21:26:00 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2012.02.03 21:26:00 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2012.02.03 21:25:49 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012.02.03 21:21:32 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012.02.03 21:09:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.02.03 21:05:56 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2012.02.04 09:06:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.02.03 22:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EPSON
[2013.06.15 11:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2013.08.23 17:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\iSkysoft Video Converter Ultimate
[2013.06.15 11:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2012.02.04 09:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2012.02.04 09:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Plus
[2012.02.04 09:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate Collection
[2012.02.04 09:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Studio 14
[2012.02.03 22:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\UDL
[2013.08.23 17:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\xml_param
[2013.10.06 06:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\calibre
[2012.02.04 08:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Epson
[2013.03.30 17:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\GHISLER
[2013.08.21 17:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\iSkysoft Video Converter Ultimate
[2013.10.25 09:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\KB-ext
[2012.04.15 18:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Moto assistant
[2014.01.12 21:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\MultiSkypeLauncher
[2013.06.15 11:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Nokia
[2013.06.15 11:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\PC Suite
[2014.01.23 19:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Seznam.cz
[2013.07.02 15:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Unity
[2012.02.03 23:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< >
[2012.02.03 21:06:32 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012.02.03 21:08:29 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.08.16 21:48:11 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2013.09.16 17:05:15 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.12.20 19:58:36 | 000,000,926 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.12.20 19:58:37 | 000,000,930 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
< >
< MD5 for: AGP440.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2002.09.20 19:05:14 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=82CD2AA659D68781D29BA87421BE0E40 -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
< MD5 for: CDROM.SYS >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2002.08.29 02:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2002.09.20 19:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\erdnt\cache\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2002.09.20 19:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2002.09.20 19:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: HAL.DLL >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2002.08.29 02:05:04 | 000,129,920 | ---- | M] (Microsoft Corporation) MD5=308709E92843DFF3A5CDCA069F6F5C61 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.25 15:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2002.09.20 19:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\erdnt\cache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2002.08.29 03:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
[2002.09.20 19:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
[2002.09.20 19:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: SMSS.EXE >
[2002.09.20 19:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2001.10.25 15:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2002.08.29 02:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\erdnt\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2002.09.20 19:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
[2002.09.20 19:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
< MD5 for: WS2_32.DLL >
[2001.10.25 15:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\erdnt\cache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2014.01.21 20:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Adobe
[2012.02.04 08:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Ahead
[2012.02.04 10:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\ATI
[2013.10.06 06:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\calibre
[2012.02.04 08:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Epson
[2013.03.30 17:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\GHISLER
[2012.02.04 13:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Google
[2012.02.03 21:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Identities
[2012.02.03 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\InstallShield
[2013.08.21 17:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\iSkysoft Video Converter Ultimate
[2013.10.25 09:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\KB-ext
[2012.02.04 09:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Macromedia
[2014.01.21 20:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Malwarebytes
[2014.01.21 17:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Media Player Classic
[2013.11.20 18:11:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\m\Data aplikací\Microsoft
[2012.04.15 18:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Moto assistant
[2013.08.17 11:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Mozilla
[2013.05.18 10:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\MSN6
[2014.01.12 21:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\MultiSkypeLauncher
[2013.06.15 11:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Nokia
[2013.06.15 11:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\PC Suite
[2014.01.23 19:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Seznam.cz
[2014.01.25 14:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Skype
[2012.02.04 08:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Sun
[2013.07.02 15:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Unity
[2012.02.04 08:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\WinRAR
[2012.02.03 23:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Zoner
< %APPDATA%\*.exe /s >
[2014.01.20 18:59:25 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Adobe\x64\msdtce.exe
[2014.01.20 18:59:17 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Adobe\x86\msdtce.exe
[2013.10.25 09:56:04 | 001,175,960 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\KB-ext\lib\unins000.exe
[2012.02.04 09:25:51 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\m\Data aplikací\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2012.08.12 17:11:57 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\m\Data aplikací\Microsoft\Installer\{80074966-5231-428D-9AE7-B7D5D2DC3246}\_45E5F1A4BC29289B0B1E70.exe
[2012.08.12 17:11:57 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\m\Data aplikací\Microsoft\Installer\{80074966-5231-428D-9AE7-B7D5D2DC3246}\_55F11AB420338FF650F1F4.exe
[2013.05.16 14:25:04 | 001,062,472 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\szninstall.exe
[2013.05.16 14:26:24 | 002,589,256 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\sznsetup.exe
[2013.04.16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\bin\ffkill.exe
[2013.04.29 11:53:34 | 000,045,560 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\bin\szndesktop.exe
[2013.04.12 09:10:22 | 000,092,664 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\bin\wszndesktop.exe
[2013.10.25 09:35:00 | 000,915,368 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\m\Data aplikací\Sun\Java\JRERunOnce.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2012.02.03 21:59:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.02.03 21:59:58 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.02.03 21:59:58 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014.01.25 09:11:41 | 000,078,300 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2014.01.25 09:11:41 | 000,067,740 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2014.01.25 09:11:41 | 000,429,178 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2014.01.25 09:11:41 | 000,424,032 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2014.01.25 09:11:41 | 001,013,278 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2014.01.25 09:07:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.01.25 13:58:03 | 000,000,512 | ---- | M] () MD5=27A83832E603DB9F1241AFEA886F89AA -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2003.12.05 14:52:40 | 000,000,796 | ---- | M] () -- \Program Files\Rockstar Games\GTA San Andreas\data\Decision\Craig\crack1.ped
[2013.01.20 13:33:48 | 014,494,194 | ---- | M] () -- \RECYCLER\S-1-5-21-861567501-2111687655-725345543-1003\Dc1\crack.exe
< *keygen* /s >
[2007.04.24 22:06:15 | 000,064,000 | ---- | M] () -- \Marian\navigace+PDA\TTv3\aktivátor\Aktivátor map\27.2._Easyusetools_for_Keygen_Mapcheck_Metacheck_ttsystempatcher\Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher\Progs\keygen6.exe
[2007.12.29 15:08:45 | 000,050,176 | ---- | M] () -- \Marian\navigace+PDA\TTv3\aktivátor\Aktivátor map\27.2._Easyusetools_for_Keygen_Mapcheck_Metacheck_ttsystempatcher\Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher\Progs\tt7_keygen.exe
[2008.06.18 14:16:42 | 000,050,176 | ---- | M] () -- \Marian\navigace+PDA\TTv3\aktivátor\Aktivátor map\27.2._Easyusetools_for_Keygen_Mapcheck_Metacheck_ttsystempatcher\Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher\Progs\tt8_keygen.exe
< *AntiWPA* /s >
< *loader* /s >
[2013.09.16 13:37:22 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2013.09.16 13:37:22 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2013.10.09 17:07:12 | 000,006,012 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\normal\loader_15fps.gif
[2013.10.09 17:07:12 | 000,021,956 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\normal\loader_30fps.gif
[2013.09.16 13:37:22 | 000,009,772 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\retina\loader@2x.png
[2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- \Documents and Settings\m\Data aplikací\Seznam.cz\bin\28704libfoxloader.dll
[2013.04.15 12:32:10 | 000,060,416 | ---- | M] () -- \Documents and Settings\m\Data aplikací\Seznam.cz\bin\28707libfoxloader-x64.dll
[2014.01.12 21:03:41 | 000,000,165 | ---- | M] () -- \Documents and Settings\m\Data aplikací\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.03.25 15:27:20 | 000,000,665 | ---- | M] () -- \Documents and Settings\m\Data aplikací\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 15:27:26 | 000,000,117 | ---- | M] () -- \Documents and Settings\m\Data aplikací\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
[2014.01.25 12:18:12 | 000,001,537 | ---- | M] () -- \Documents and Settings\m\Local Settings\Temporary Internet Files\Content.IE5\05551ET8\AdLoader[1].htm
[2014.01.24 17:36:31 | 000,110,991 | ---- | M] () -- \Documents and Settings\m\Local Settings\Temporary Internet Files\Content.IE5\TZKFK545\AdLoader-7b857a7be889bd57f92da60a9b6146bb.min[1].js
[2013.08.29 19:42:36 | 000,044,032 | R--- | M] () -- \Program Files\Calibre2\DLLs\PyISAPI_loader.dll
[2007.10.23 17:52:22 | 000,114,688 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\APFLoaderV13.dll
[2007.10.23 17:52:22 | 000,069,632 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader.dll
[2007.10.23 17:52:22 | 000,102,400 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader2006.dll
[2012.11.27 18:59:14 | 000,063,149 | ---- | M] () -- \Program Files\iSkysoft\Video Converter Ultimate\SVRFirefoxExt\chrome\ISVideoConvertDownloader.jar
[2009.05.31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2003.06.30 09:37:32 | 000,002,315 | ---- | M] () -- \Program Files\Smoky City Design\The Panorama Factory V5\help\loader.js
[2012.08.25 16:17:46 | 000,002,315 | ---- | M] () -- \Program Files\Smoky City Design\The Panorama Factory V5\help\cs_CZ\loader.js
[2003.06.30 09:37:32 | 000,002,315 | ---- | M] () -- \Program Files\Smoky City Design\The Panorama Factory V5\help_batch\loader.js
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2011.09.24 00:19:26 | 000,228,352 | ---- | M] () -- \Program Files\Ubisoft\Driver San Francisco\ubiorbitapi_r2_loader.dll
[2011.08.30 15:21:56 | 000,171,320 | ---- | M] () -- \Program Files\Ubisoft\Driver San Francisco\uplay_r1_loader.dll
[2007.05.30 03:07:00 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2010.04.29 15:12:38 | 000,673,160 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Plugins\Facebook\ZPSPluginLoader.exe
[2010.04.29 15:12:42 | 000,686,984 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 15:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Plugins\Flickr\ZPSPluginLoader.exe
[2010.09.27 14:18:52 | 000,102,792 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Program32\8bfLoader.exe
[2010.09.27 14:19:22 | 000,019,336 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Program32\WICLoader.exe
[2002.09.20 19:03:42 | 000,031,744 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2013.09.05 10:43:36 | 000,012,532 | ---- | M] () -- \WINDOWS\system32\Adobe\Shockwave 12\shockwave_Projector_Loader.dcr
< *minodlogin* /s >
< *tnod* /s >
[2009.09.05 15:47:34 | 000,000,233 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickCore\ftv2lastnode.png
[2009.09.05 15:47:34 | 000,000,160 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickCore\ftv2mlastnode.png
[2009.09.05 15:47:34 | 000,000,165 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickCore\ftv2plastnode.png
[2009.09.05 15:47:34 | 000,003,222 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickCore\struct__MedianListNode.html
[2009.09.05 15:47:34 | 000,000,233 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickWand\ftv2lastnode.png
[2009.09.05 15:47:34 | 000,000,160 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickWand\ftv2mlastnode.png
[2009.09.05 15:47:34 | 000,000,165 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickWand\ftv2plastnode.png
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2008.09.04 09:06:40 | 000,079,120 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\HfxSerial.exe
[2008.09.04 09:07:02 | 000,010,512 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-CHS.dll
[2008.09.04 09:07:04 | 000,011,024 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-DEU.dll
[2008.09.04 09:07:04 | 000,011,024 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-ESP.dll
[2008.09.04 09:07:06 | 000,011,024 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-FRA.dll
[2008.09.04 09:07:10 | 000,011,024 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-ITA.dll
[2008.09.04 09:07:14 | 000,010,512 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-JPN.dll
[2008.09.04 09:07:14 | 000,010,512 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-KOR.dll
[2008.09.04 09:07:16 | 000,011,024 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-NLD.dll
[2013.05.13 14:14:36 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20513.0\System.Runtime.Serialization.dll
[2013.07.17 08:54:00 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20513.0\System.Runtime.Serialization.ni.dll
[2012.09.26 23:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2002.09.20 18:21:56 | 000,062,208 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2012.02.04 09:18:57 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.08 07:04:54 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.02.04 09:19:03 | 000,090,112 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2013.09.08 06:59:44 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.09.08 07:17:22 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a95e0af6fa5d2e8ffd5e0091f6513271\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.09.08 07:15:43 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
[2010.04.07 23:48:30 | 000,970,752 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\FL_System_Runtime_Serialization_dll_133675_____x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2010.04.07 23:48:30 | 000,970,752 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\FL_System_Runtime_Serialization_dll_147207_____x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.09.10 17:46:28 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.09.26 23:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 07:47:26 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2007.06.27 18:29:04 | 000,131,072 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\system.runtime.serialization.formatters.soap.dll
[2001.10.25 15:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2001.10.25 15:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2001.10.25 15:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2001.10.25 15:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\m\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,33% Memory free
3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 58,07 Gb Free Space | 38,96% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 509,15 Gb Free Space | 72,88% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 17,56 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Computer Name: MB | User Name: m | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014.01.25 13:54:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\m\Plocha\OTL.exe
PRC - [2013.12.20 20:41:54 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013.11.05 12:20:51 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013.12.20 20:41:28 | 003,559,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013.12.11 18:53:50 | 016,242,056 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll
MOD - [2012.11.20 10:05:08 | 000,153,088 | ---- | M] () -- C:\WINDOWS\system32\ISCM32.dll
MOD - [2008.04.14 08:51:48 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.06.04 10:30:00 | 000,319,488 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2007.05.30 03:07:00 | 000,128,512 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2013.12.20 20:41:53 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.12.11 18:53:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.11.05 12:20:51 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.09.05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.11 10:33:26 | 000,724,376 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDRm.sys -- (InCDRm)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\InCDPass.sys -- (InCDPass)
DRV - File not found [File_System | Disabled | Stopped] -- system32\drivers\InCDFs.sys -- (InCDFs)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\h643331.sys -- (h643331)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2014.01.25 12:11:50 | 000,040,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{871854E5-855C-4BFB-A046-83DBEFDD763D}\MpKslb9738591.sys -- (MpKslb9738591)
DRV - [2012.06.11 10:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.01.09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2012.01.09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2012.01.09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.10.26 04:01:40 | 007,412,736 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.07.01 18:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d)
DRV - [2009.08.17 19:16:06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.08.04 10:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.06.26 15:55:12 | 000,056,992 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008.05.19 14:15:10 | 000,041,336 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hid3331.sys -- (hid3331)
DRV - [2008.04.13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139)
DRV - [2008.01.29 12:37:48 | 000,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008.01.29 12:37:46 | 000,054,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007.10.12 16:53:10 | 000,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004.08.13 10:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001.08.17 19:12:02 | 000,063,208 | ---- | M] (Intel Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dc21x4.sys -- (DC21x4)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{07C6F82E-D72D-444D-8976-2B26B8BC3988}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{07C6F82E-D72D-444D-8976-2B26B8BC3988}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{084D7833-2601-4262-8AE5-FEF9321DF1E9}: "URL" = http://www.novinky.cz/hledej?w={searchT ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{0EF63EDE-1B56-4461-9693-874C463C5550}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{19EF289D-3421-4420-A106-0560BF684B77}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{39632938-56C9-4FC0-A73B-49A9D5ABF606}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{710F087F-ABBA-42BA-81E1-A90643E447D4}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{915F33FB-ED78-4F2F-871E-4A78AE3C51A1}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{BDD54C1C-D179-41E7-8F4D-800A0727FF09}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{FCE46290-A3E5-4C86-BBD9-64E304F649CF}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{FF0455BE-BCDD-43E1-BDE5-E9763DD0B5E5}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@kb-ext.cz/PKIComponent: C:\Documents and Settings\m\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{845257EF-A892-484e-8EB0-47F563D75939}: C:\Program Files\iSkysoft\Video Converter Ultimate\SVRFirefoxExt\ [2013.08.21 17:47:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2013.08.17 11:20:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\m\Data aplikací\Mozilla\Extensions
[2014.01.12 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default\extensions
[2013.12.27 20:10:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014.01.12 21:03:44 | 000,000,000 | ---D | M] (Seznam lištiÄŤka) -- C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2013.10.10 09:15:53 | 000,060,290 | ---- | M] () (No name found) -- C:\Documents and Settings\m\Data aplikací\Mozilla\Firefox\Profiles\6ozxjt53.default\extensions\translator@zoli.bod.xpi
[2013.12.20 20:41:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013.12.20 20:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013.12.20 20:41:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\M\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\6OZXJT53.DEFAULT\EXTENSIONS\{B9DB16A4-6EDC-47EC-A1F4-B86292ED211D}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\M\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\6OZXJT53.DEFAULT\EXTENSIONS\TRANSLATOR@ZOLI.BOD.XPI
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Pen\u011B\u017Eenka Google = C:\Documents and Settings\m\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
O1 HOSTS File: ([2014.01.25 12:14:04 | 000,000,741 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O2 - BHO: (iSkysoft Video Converter Ultimate) - {C7C3BC26-4F2B-4997-A3CB-163337FE975B} - C:\Program Files\iSkysoft\Video Converter Ultimate\SVRIEPlugin.dll (iSkysoft Software Co., Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dll ()
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: localhost ([]http in Internet)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojebanka.cz ([etrading] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojebanka.cz ([sign] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojeplatba.cz ([www] https in Důvěryhodné servery)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254 81.19.5.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A43EF3A-EC6D-4E71-8126-EF0DBA131FE4}: DhcpNameServer = 192.168.2.254 81.19.5.10
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\m\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\m\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.g723 - g723.acm File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.I263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.IV41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2014.01.25 13:54:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\m\Plocha\OTL.exe
[2014.01.24 15:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Plocha\RK_Quarantine
[2014.01.23 20:33:08 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.01.23 20:15:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014.01.23 19:49:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014.01.21 20:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Data aplikací\Malwarebytes
[2014.01.21 20:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2014.01.21 20:36:00 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\m\Plocha\mbam-setup-1.75.0.1300.exe
[2014.01.21 20:06:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014.01.21 20:06:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014.01.21 20:06:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014.01.21 20:06:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014.01.21 20:06:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.01.21 20:06:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014.01.21 20:03:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2014.01.21 20:01:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2014.01.21 19:48:43 | 005,175,240 | R--- | C] (Swearware) -- C:\Documents and Settings\m\Plocha\ComboFix.exe
[2014.01.21 18:00:03 | 000,000,000 | ---D | C] -- C:\rsit
[2014.01.21 17:46:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\m\Recent
[2014.01.20 17:07:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Dokumenty\GTA San Andreas User Files
[2014.01.20 16:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Rockstar Games
[2014.01.14 14:34:09 | 000,000,000 | ---D | C] -- C:\found.001
[2014.01.12 21:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Data aplikací\MultiSkypeLauncher
[2014.01.12 21:11:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Nabídka Start\Programy\MultiSkypeLauncher
[2014.01.12 21:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\MultiSkypeLauncher
[2014.01.12 21:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Nabídka Start\Programy\SmartTweak Software
[2014.01.12 21:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Seznam.cz
[2014.01.12 21:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Data aplikací\Seznam.cz
[2013.12.28 14:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\Plocha\Aukro
[2013.12.27 20:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\m\dwhelper
[1 C:\Documents and Settings\m\*.tmp files -> C:\Documents and Settings\m\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014.01.25 13:58:03 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.01.25 13:54:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\m\Plocha\OTL.exe
[2014.01.25 13:53:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.01.25 13:11:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.01.25 12:14:04 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014.01.25 09:12:32 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014.01.25 09:11:41 | 000,429,178 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2014.01.25 09:11:41 | 000,424,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014.01.25 09:11:41 | 000,078,300 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2014.01.25 09:11:41 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014.01.25 09:07:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.01.25 09:07:25 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.25 09:07:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.01.25 09:07:14 | 2146,615,296 | -HS- | M] () -- C:\hiberfil.sys
[2014.01.24 15:05:08 | 003,792,384 | ---- | M] () -- C:\Documents and Settings\m\Plocha\RogueKiller.exe
[2014.01.24 13:20:59 | 000,002,420 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2014.01.23 20:32:23 | 001,236,282 | ---- | M] () -- C:\Documents and Settings\m\Plocha\adwcleaner.exe
[2014.01.23 19:33:29 | 005,175,240 | R--- | M] (Swearware) -- C:\Documents and Settings\m\Plocha\ComboFix.exe
[2014.01.23 14:49:59 | 000,000,426 | ---- | M] () -- C:\Documents and Settings\m\Plocha\Martin.lnk
[2014.01.21 20:36:03 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\m\Plocha\mbam-setup-1.75.0.1300.exe
[2014.01.21 20:18:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2014.01.21 17:59:45 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\m\Plocha\RSIT.exe
[2014.01.21 17:48:15 | 000,005,084 | ---- | M] () -- C:\Documents and Settings\m\Plocha\cc_20140121_174812.reg
[2014.01.20 16:58:47 | 000,001,591 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\GTA San Andreas.lnk
[2014.01.19 20:11:06 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\m\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.01.19 08:32:23 | 000,231,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2014.01.17 14:16:20 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2014.01.16 16:02:55 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
[2014.01.12 10:07:33 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2014.01.06 15:33:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014.01.01 21:08:33 | 000,163,767 | ---- | M] () -- C:\Documents and Settings\m\Plocha\led.jpg
[1 C:\Documents and Settings\m\*.tmp files -> C:\Documents and Settings\m\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014.01.25 13:58:03 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.01.24 15:05:07 | 003,792,384 | ---- | C] () -- C:\Documents and Settings\m\Plocha\RogueKiller.exe
[2014.01.23 20:32:22 | 001,236,282 | ---- | C] () -- C:\Documents and Settings\m\Plocha\adwcleaner.exe
[2014.01.21 20:19:30 | 2146,615,296 | -HS- | C] () -- C:\hiberfil.sys
[2014.01.21 20:06:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014.01.21 20:06:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014.01.21 20:06:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014.01.21 20:06:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014.01.21 20:06:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014.01.21 17:59:44 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\m\Plocha\RSIT.exe
[2014.01.21 17:48:13 | 000,005,084 | ---- | C] () -- C:\Documents and Settings\m\Plocha\cc_20140121_174812.reg
[2014.01.20 16:58:47 | 000,001,591 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\GTA San Andreas.lnk
[2014.01.01 21:08:33 | 000,163,767 | ---- | C] () -- C:\Documents and Settings\m\Plocha\led.jpg
[2013.11.05 12:15:21 | 000,241,032 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.08.21 17:47:54 | 000,721,917 | ---- | C] () -- C:\WINDOWS\System32\ISCM64.dll
[2013.08.21 17:47:54 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\ISCM32.dll
[2012.10.28 17:28:34 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.10.26 12:41:21 | 000,041,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Hid3331.sys
[2012.10.18 13:43:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2012.10.17 18:05:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012.10.14 13:08:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\d3dcsx_42.dll
[2012.10.14 13:08:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\XAudio2_2.dll
[2012.06.02 15:58:53 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2012.03.19 17:37:39 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.19 12:02:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012.02.04 08:47:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012.02.04 08:46:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012.02.04 08:46:15 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012.02.04 08:46:14 | 000,242,430 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012.02.04 08:46:14 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012.02.03 23:13:11 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\m\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.03 23:08:14 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\m\Data aplikací\AutoGK.ini
[2012.02.03 22:49:37 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012.02.03 22:49:37 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012.02.03 22:49:37 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012.02.03 22:49:37 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012.02.03 22:49:37 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012.02.03 22:49:37 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012.02.03 22:49:37 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012.02.03 22:49:37 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012.02.03 22:49:37 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012.02.03 22:49:37 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2012.02.03 22:49:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012.02.03 22:49:37 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012.02.03 22:49:37 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012.02.03 22:49:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012.02.03 22:49:37 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012.02.03 22:49:37 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2012.02.03 22:49:37 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2012.02.03 22:49:37 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012.02.03 22:49:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012.02.03 22:35:06 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.02.03 22:12:05 | 000,002,420 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2012.02.03 22:02:03 | 000,004,265 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.02.03 22:00:51 | 000,194,568 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.03 21:26:01 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2012.02.03 21:26:00 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2012.02.03 21:26:00 | 000,011,296 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2012.02.03 21:25:49 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2012.02.03 21:21:32 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012.02.03 21:09:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.02.03 21:05:56 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== ZeroAccess Check ==========
[2012.02.04 09:06:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 08:51:56 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 08:52:06 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.02.03 22:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EPSON
[2013.06.15 11:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2013.08.23 17:25:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\iSkysoft Video Converter Ultimate
[2013.06.15 11:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2012.02.04 09:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2012.02.04 09:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Plus
[2012.02.04 09:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate Collection
[2012.02.04 09:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Studio 14
[2012.02.03 22:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\UDL
[2013.08.23 17:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\xml_param
[2013.10.06 06:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\calibre
[2012.02.04 08:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Epson
[2013.03.30 17:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\GHISLER
[2013.08.21 17:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\iSkysoft Video Converter Ultimate
[2013.10.25 09:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\KB-ext
[2012.04.15 18:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Moto assistant
[2014.01.12 21:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\MultiSkypeLauncher
[2013.06.15 11:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Nokia
[2013.06.15 11:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\PC Suite
[2014.01.23 19:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Seznam.cz
[2013.07.02 15:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Unity
[2012.02.03 23:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Zoner
========== Purity Check ==========
========== Custom Scans ==========
< >
[2012.02.03 21:06:32 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012.02.03 21:08:29 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.08.16 21:48:11 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2013.09.16 17:05:15 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2013.12.20 19:58:36 | 000,000,926 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2013.12.20 19:58:37 | 000,000,930 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
< >
< MD5 for: AGP440.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2002.09.20 19:05:14 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=82CD2AA659D68781D29BA87421BE0E40 -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
< MD5 for: CDROM.SYS >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2002.08.29 02:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2002.09.20 19:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\erdnt\cache\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2002.09.20 19:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2002.09.20 19:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: HAL.DLL >
[2002.09.20 19:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2002.08.29 02:05:04 | 000,129,920 | ---- | M] (Microsoft Corporation) MD5=308709E92843DFF3A5CDCA069F6F5C61 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.25 15:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2002.09.20 19:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\erdnt\cache\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2002.08.29 03:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
[2002.09.20 19:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
[2002.09.20 19:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: SMSS.EXE >
[2002.09.20 19:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2001.10.25 15:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2002.08.29 02:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\erdnt\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2002.09.20 19:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
[2002.09.20 19:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
< MD5 for: WS2_32.DLL >
[2001.10.25 15:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\erdnt\cache\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2014.01.21 20:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Adobe
[2012.02.04 08:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Ahead
[2012.02.04 10:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\ATI
[2013.10.06 06:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\calibre
[2012.02.04 08:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Epson
[2013.03.30 17:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\GHISLER
[2012.02.04 13:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Google
[2012.02.03 21:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Identities
[2012.02.03 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\InstallShield
[2013.08.21 17:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\iSkysoft Video Converter Ultimate
[2013.10.25 09:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\KB-ext
[2012.02.04 09:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Macromedia
[2014.01.21 20:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Malwarebytes
[2014.01.21 17:47:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Media Player Classic
[2013.11.20 18:11:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\m\Data aplikací\Microsoft
[2012.04.15 18:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Moto assistant
[2013.08.17 11:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Mozilla
[2013.05.18 10:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\MSN6
[2014.01.12 21:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\MultiSkypeLauncher
[2013.06.15 11:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Nokia
[2013.06.15 11:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\PC Suite
[2014.01.23 19:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Seznam.cz
[2014.01.25 14:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Skype
[2012.02.04 08:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Sun
[2013.07.02 15:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Unity
[2012.02.04 08:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\WinRAR
[2012.02.03 23:26:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\m\Data aplikací\Zoner
< %APPDATA%\*.exe /s >
[2014.01.20 18:59:25 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Adobe\x64\msdtce.exe
[2014.01.20 18:59:17 | 000,344,064 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Adobe\x86\msdtce.exe
[2013.10.25 09:56:04 | 001,175,960 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\KB-ext\lib\unins000.exe
[2012.02.04 09:25:51 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\m\Data aplikací\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2012.08.12 17:11:57 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\m\Data aplikací\Microsoft\Installer\{80074966-5231-428D-9AE7-B7D5D2DC3246}\_45E5F1A4BC29289B0B1E70.exe
[2012.08.12 17:11:57 | 000,005,430 | R--- | M] () -- C:\Documents and Settings\m\Data aplikací\Microsoft\Installer\{80074966-5231-428D-9AE7-B7D5D2DC3246}\_55F11AB420338FF650F1F4.exe
[2013.05.16 14:25:04 | 001,062,472 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\szninstall.exe
[2013.05.16 14:26:24 | 002,589,256 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\sznsetup.exe
[2013.04.16 12:52:34 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\bin\ffkill.exe
[2013.04.29 11:53:34 | 000,045,560 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 09:13:24 | 000,457,208 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\bin\szndesktop.exe
[2013.04.12 09:10:22 | 000,092,664 | ---- | M] () -- C:\Documents and Settings\m\Data aplikací\Seznam.cz\bin\wszndesktop.exe
[2013.10.25 09:35:00 | 000,915,368 | ---- | M] (Oracle Corporation) -- C:\Documents and Settings\m\Data aplikací\Sun\Java\JRERunOnce.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2012.02.03 21:59:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.02.03 21:59:58 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.02.03 21:59:58 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2014.01.25 09:11:41 | 000,078,300 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2014.01.25 09:11:41 | 000,067,740 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2014.01.25 09:11:41 | 000,429,178 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2014.01.25 09:11:41 | 000,424,032 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2014.01.25 09:11:41 | 001,013,278 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2014.01.25 09:07:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.01.25 13:58:03 | 000,000,512 | ---- | M] () MD5=27A83832E603DB9F1241AFEA886F89AA -- C:\PhysicalMBR.bin
< >
< *crack* /s >
[2003.12.05 14:52:40 | 000,000,796 | ---- | M] () -- \Program Files\Rockstar Games\GTA San Andreas\data\Decision\Craig\crack1.ped
[2013.01.20 13:33:48 | 014,494,194 | ---- | M] () -- \RECYCLER\S-1-5-21-861567501-2111687655-725345543-1003\Dc1\crack.exe
< *keygen* /s >
[2007.04.24 22:06:15 | 000,064,000 | ---- | M] () -- \Marian\navigace+PDA\TTv3\aktivátor\Aktivátor map\27.2._Easyusetools_for_Keygen_Mapcheck_Metacheck_ttsystempatcher\Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher\Progs\keygen6.exe
[2007.12.29 15:08:45 | 000,050,176 | ---- | M] () -- \Marian\navigace+PDA\TTv3\aktivátor\Aktivátor map\27.2._Easyusetools_for_Keygen_Mapcheck_Metacheck_ttsystempatcher\Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher\Progs\tt7_keygen.exe
[2008.06.18 14:16:42 | 000,050,176 | ---- | M] () -- \Marian\navigace+PDA\TTv3\aktivátor\Aktivátor map\27.2._Easyusetools_for_Keygen_Mapcheck_Metacheck_ttsystempatcher\Easyusetools_for Keygen_Mapcheck_Metacheck_ttsystempatcher\Progs\tt8_keygen.exe
< *AntiWPA* /s >
< *loader* /s >
[2013.09.16 13:37:22 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2013.09.16 13:37:22 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2013.10.09 17:07:12 | 000,006,012 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\normal\loader_15fps.gif
[2013.10.09 17:07:12 | 000,021,956 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\normal\loader_30fps.gif
[2013.09.16 13:37:22 | 000,009,772 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\retina\loader@2x.png
[2013.03.29 12:37:34 | 000,059,384 | ---- | M] () -- \Documents and Settings\m\Data aplikací\Seznam.cz\bin\28704libfoxloader.dll
[2013.04.15 12:32:10 | 000,060,416 | ---- | M] () -- \Documents and Settings\m\Data aplikací\Seznam.cz\bin\28707libfoxloader-x64.dll
[2014.01.12 21:03:41 | 000,000,165 | ---- | M] () -- \Documents and Settings\m\Data aplikací\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.03.25 15:27:20 | 000,000,665 | ---- | M] () -- \Documents and Settings\m\Data aplikací\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 15:27:26 | 000,000,117 | ---- | M] () -- \Documents and Settings\m\Data aplikací\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
[2014.01.25 12:18:12 | 000,001,537 | ---- | M] () -- \Documents and Settings\m\Local Settings\Temporary Internet Files\Content.IE5\05551ET8\AdLoader[1].htm
[2014.01.24 17:36:31 | 000,110,991 | ---- | M] () -- \Documents and Settings\m\Local Settings\Temporary Internet Files\Content.IE5\TZKFK545\AdLoader-7b857a7be889bd57f92da60a9b6146bb.min[1].js
[2013.08.29 19:42:36 | 000,044,032 | R--- | M] () -- \Program Files\Calibre2\DLLs\PyISAPI_loader.dll
[2007.10.23 17:52:22 | 000,114,688 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\APFLoaderV13.dll
[2007.10.23 17:52:22 | 000,069,632 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader.dll
[2007.10.23 17:52:22 | 000,102,400 | ---- | M] () -- \Program Files\Epson Software\Easy Photo Print\EpAPFLoader2006.dll
[2012.11.27 18:59:14 | 000,063,149 | ---- | M] () -- \Program Files\iSkysoft\Video Converter Ultimate\SVRFirefoxExt\chrome\ISVideoConvertDownloader.jar
[2009.05.31 03:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2003.06.30 09:37:32 | 000,002,315 | ---- | M] () -- \Program Files\Smoky City Design\The Panorama Factory V5\help\loader.js
[2012.08.25 16:17:46 | 000,002,315 | ---- | M] () -- \Program Files\Smoky City Design\The Panorama Factory V5\help\cs_CZ\loader.js
[2003.06.30 09:37:32 | 000,002,315 | ---- | M] () -- \Program Files\Smoky City Design\The Panorama Factory V5\help_batch\loader.js
[2008.02.25 07:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2011.09.24 00:19:26 | 000,228,352 | ---- | M] () -- \Program Files\Ubisoft\Driver San Francisco\ubiorbitapi_r2_loader.dll
[2011.08.30 15:21:56 | 000,171,320 | ---- | M] () -- \Program Files\Ubisoft\Driver San Francisco\uplay_r1_loader.dll
[2007.05.30 03:07:00 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2010.04.29 15:12:38 | 000,673,160 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Plugins\Facebook\ZPSFacebookUploader.exe
[2010.04.29 15:12:40 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Plugins\Facebook\ZPSPluginLoader.exe
[2010.04.29 15:12:42 | 000,686,984 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Plugins\Flickr\ZPSFlickrUploader.exe
[2010.04.29 15:12:42 | 000,053,640 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Plugins\Flickr\ZPSPluginLoader.exe
[2010.09.27 14:18:52 | 000,102,792 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Program32\8bfLoader.exe
[2010.09.27 14:19:22 | 000,019,336 | ---- | M] () -- \Program Files\Zoner\Photo Studio 13\Program32\WICLoader.exe
[2002.09.20 19:03:42 | 000,031,744 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2013.09.05 10:43:36 | 000,012,532 | ---- | M] () -- \WINDOWS\system32\Adobe\Shockwave 12\shockwave_Projector_Loader.dcr
< *minodlogin* /s >
< *tnod* /s >
[2009.09.05 15:47:34 | 000,000,233 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickCore\ftv2lastnode.png
[2009.09.05 15:47:34 | 000,000,160 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickCore\ftv2mlastnode.png
[2009.09.05 15:47:34 | 000,000,165 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickCore\ftv2plastnode.png
[2009.09.05 15:47:34 | 000,003,222 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickCore\struct__MedianListNode.html
[2009.09.05 15:47:34 | 000,000,233 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickWand\ftv2lastnode.png
[2009.09.05 15:47:34 | 000,000,160 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickWand\ftv2mlastnode.png
[2009.09.05 15:47:34 | 000,000,165 | ---- | M] () -- \Program Files\ImageMagick-6.7.3-Q8\www\api\MagickWand\ftv2plastnode.png
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2008.09.04 09:06:40 | 000,079,120 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\HfxSerial.exe
[2008.09.04 09:07:02 | 000,010,512 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-CHS.dll
[2008.09.04 09:07:04 | 000,011,024 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-DEU.dll
[2008.09.04 09:07:04 | 000,011,024 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-ESP.dll
[2008.09.04 09:07:06 | 000,011,024 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-FRA.dll
[2008.09.04 09:07:10 | 000,011,024 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-ITA.dll
[2008.09.04 09:07:14 | 000,010,512 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-JPN.dll
[2008.09.04 09:07:14 | 000,010,512 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-KOR.dll
[2008.09.04 09:07:16 | 000,011,024 | ---- | M] () -- \Documents and Settings\All Users\Dokumenty\Pinnacle\Content\HollywoodFX\Languages\HfxSerial-NLD.dll
[2013.05.13 14:14:36 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20513.0\System.Runtime.Serialization.dll
[2013.07.17 08:54:00 | 001,164,288 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.20513.0\System.Runtime.Serialization.ni.dll
[2012.09.26 23:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2002.09.20 18:21:56 | 000,062,208 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2012.02.04 09:18:57 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2013.09.08 07:04:54 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.02.04 09:19:03 | 000,090,112 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2013.09.08 06:59:44 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013.09.08 07:17:22 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a95e0af6fa5d2e8ffd5e0091f6513271\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.09.08 07:15:43 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
[2010.04.07 23:48:30 | 000,970,752 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\FL_System_Runtime_Serialization_dll_133675_____x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2010.04.07 23:48:30 | 000,970,752 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\FL_System_Runtime_Serialization_dll_147207_____x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.09.10 17:46:28 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.09.26 23:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 07:47:26 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2007.06.27 18:29:04 | 000,131,072 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\system.runtime.serialization.formatters.soap.dll
[2001.10.25 15:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2001.10.25 15:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2001.10.25 15:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2001.10.25 15:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
< End of report >
Re: Prosím o kontrolu, asi tam vlezl nějaký červ
OTL Extras logfile created on: 25.1.2014 13:56:39 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\m\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,33% Memory free
3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 58,07 Gb Free Space | 38,96% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 509,15 Gb Free Space | 72,88% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 17,56 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Computer Name: MB | User Name: m | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Skype
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe" = C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe:*:Disabled:Driver -- ()
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"F:\Hry\FS 2004\FS 2004 Crack\FS 2004 Crack\fs9.exe" = F:\Hry\FS 2004\FS 2004 Crack\FS 2004 Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"F:\Hry\FS 2004\FS 2004\Crack\fs9.exe" = F:\Hry\FS 2004\FS 2004\Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1A69935D-7AA8-C8E3-66FB-920279E0583A}" = Catalyst Control Center
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client CS-CZ Language Pack
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5801110B-4F00-4C73-9098-64306215AD4C}" = The Panorama Factory V5 m32 Edition with Batch Processing
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{80074966-5231-428D-9AE7-B7D5D2DC3246}" = Readon TV Movie Radio Player 7.6.0.0
"{84B2CF01-194D-2284-B313-F2E0D78D1029}" = Nero 7 Demo
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F747F2A-B5C7-5DA8-E686-7B343EFCFA48}" = Catalyst Control Center InstallProxy
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Czech
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFE59147-DDC0-4A42-A10C-9EF953728A1C}" = HAMA Racing Wheel Thunder V18
"{B36DF239-A12D-4C3C-B588-E09DA71F3BCC}_is1" = Moto assistant 1.3
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5ED7EC9-7C4D-AF4F-6C36-55DCDC6F4117}" = Catalyst Control Center Graphics Previews Common
"{C86492CA-DDD8-A358-75D8-7E86D5A4DE72}" = ccc-utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D9CC869F-DA2B-3E9B-EF47-29F831A41619}" = AMD Catalyst Install Manager
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
"{EEEC1285-F4B2-BD99-C895-BED9881795CC}" = CCC Help English
"{F58103AA-E713-4FB5-BBDB-AC6A156BF539}" = calibre
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Balíček ovladače systému Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CodInstl" = Intel A/V Codecs V2.0
"Driver San Francisco" = Driver San Francisco
"Driver San Francisco 1.01" = Driver San Francisco 1.01
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 User’s Guide" = Epson Stylus SX110_TX110 Manual
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"FormatFactory" = FormatFactory 3.1.1
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.7.3 Q8_is1" = ImageMagick 6.7.3-7 Q8 (2011-12-01)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"iSkysoft Video Converter Ultimate_is1" = iSkysoft Video Converter Ultimate(Build 4.0.0.1)
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 26.0 (x86 cs)" = Mozilla Firefox 26.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiSkypeLauncher" = MultiSkypeLauncher (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"rajče.net_is1" = rajče průvodce verze 1.59.42.257
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Unlocker" = Unlocker 1.9.1
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZonerPhotoStudio13_CZ_is1" = Zoner Photo Studio 13
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SeznamInstall" = Seznam Software
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.12.2013 11:02:26 | Computer Name = MB | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace explorer.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 20.12.2013 15:09:34 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
ntdll.dll, verze 5.1.2600.6055, adresa chyby 0x00011780.
Error - 20.12.2013 15:09:47 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace drwtsn32.exe, verze 5.1.2600.0, chybující modul
dbghelp.dll, verze 5.1.2600.5512, adresa chyby 0x0001295d.
Error - 20.12.2013 15:11:14 | Computer Name = MB | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 11.1.2014 14:29:29 | Computer Name = MB | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 15.1.2014 11:26:04 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
avisplitter.ax, verze 1.3.1290.0, adresa chyby 0x00023918.
Error - 21.1.2014 11:03:09 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace driver.exe, verze 0.0.0.0, chybující modul driver.exe,
verze 0.0.0.0, adresa chyby 0x007b0304.
Error - 24.1.2014 10:22:21 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace freesa~1.scr, verze 2.2.5.1, chybující modul freesa~1.scr,
verze 2.2.5.1, adresa chyby 0x00050a2c.
Error - 24.1.2014 11:16:25 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace freesa~1.scr, verze 2.2.5.1, chybující modul freesa~1.scr,
verze 2.2.5.1, adresa chyby 0x00050a2c.
Error - 24.1.2014 13:45:24 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace freesa~1.scr, verze 2.2.5.1, chybující modul freesa~1.scr,
verze 2.2.5.1, adresa chyby 0x00050a2c.
[ System Events ]
Error - 21.1.2014 15:04:44 | Computer Name = MB | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 21.1.2014 15:05:40 | Computer Name = MB | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AsIO Fips MpFilter Processor
Error - 21.1.2014 15:15:59 | Computer Name = MB | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_UNLOCKERDRIVER5\0000 se již v systému nenachází,
přestože nebylo nejdříve připraveno k odebrání.
Error - 21.1.2014 15:18:38 | Computer Name = MB | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 23.1.2014 14:43:35 | Computer Name = MB | Source = Service Control Manager | ID = 7034
Description = Služba Ati HotKey Poller byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 23.1.2014 14:43:35 | Computer Name = MB | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 23.1.2014 14:43:35 | Computer Name = MB | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 23.1.2014 14:43:35 | Computer Name = MB | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 23.1.2014 14:43:35 | Computer Name = MB | Source = Service Control Manager | ID = 7031
Description = Služba Microsoft Antimalware Service byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 15000 milisekund: Restartovat
službu.
Error - 24.1.2014 13:18:18 | Computer Name = MB | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\m\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,33% Memory free
3,85 Gb Paging File | 3,02 Gb Available in Paging File | 78,47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 58,07 Gb Free Space | 38,96% Space Free | Partition Type: NTFS
Drive E: | 698,64 Gb Total Space | 509,15 Gb Free Space | 72,88% Space Free | Partition Type: NTFS
Drive F: | 111,79 Gb Total Space | 17,56 Gb Free Space | 15,71% Space Free | Partition Type: NTFS
Computer Name: MB | User Name: m | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Skype
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\WINDOWS\system32\msiexec.exe" = C:\WINDOWS\system32\msiexec.exe:*:Enabled:UpdateManagerSetup -- (Microsoft Corporation)
"C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe" = C:\Program Files\Ubisoft\Driver San Francisco\Driver.exe:*:Disabled:Driver -- ()
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"F:\Hry\FS 2004\FS 2004 Crack\FS 2004 Crack\fs9.exe" = F:\Hry\FS 2004\FS 2004 Crack\FS 2004 Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"F:\Hry\FS 2004\FS 2004\Crack\fs9.exe" = F:\Hry\FS 2004\FS 2004\Crack\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F93853-D9D3-4795-A89E-84CCBA0205C9}" = Microsoft IntelliPoint 8.0
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{17CA32D1-73BD-4990-B8F6-369D8D34B05D}" = Microsoft Antimalware Service CS-CZ Language Pack
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1A69935D-7AA8-C8E3-66FB-920279E0583A}" = Catalyst Control Center
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client CS-CZ Language Pack
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5801110B-4F00-4C73-9098-64306215AD4C}" = The Panorama Factory V5 m32 Edition with Batch Processing
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{644F4910-E812-49AD-93EC-86828CB81A0D}" = PC Connectivity Solution
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{80074966-5231-428D-9AE7-B7D5D2DC3246}" = Readon TV Movie Radio Player 7.6.0.0
"{84B2CF01-194D-2284-B313-F2E0D78D1029}" = Nero 7 Demo
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F747F2A-B5C7-5DA8-E686-7B343EFCFA48}" = Catalyst Control Center InstallProxy
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-7AD7-1029-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Czech
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFE59147-DDC0-4A42-A10C-9EF953728A1C}" = HAMA Racing Wheel Thunder V18
"{B36DF239-A12D-4C3C-B588-E09DA71F3BCC}_is1" = Moto assistant 1.3
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5ED7EC9-7C4D-AF4F-6C36-55DCDC6F4117}" = Catalyst Control Center Graphics Previews Common
"{C86492CA-DDD8-A358-75D8-7E86D5A4DE72}" = ccc-utility
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D9CC869F-DA2B-3E9B-EF47-29F831A41619}" = AMD Catalyst Install Manager
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E031338C-839D-4EDD-9537-99B653C39D81}" = Autodesk MapGuide(R) Viewer ActiveX Control Release 6.5
"{EEEC1285-F4B2-BD99-C895-BED9881795CC}" = CCC Help English
"{F58103AA-E713-4FB5-BBDB-AC6A156BF539}" = calibre
"{F5C372A1-40F3-49DA-A049-F75CDE9177DC}" = Pinnacle Studio Ultimate Collection Plugins
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Balíček ovladače systému Windows - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CodInstl" = Intel A/V Codecs V2.0
"Driver San Francisco" = Driver San Francisco
"Driver San Francisco 1.01" = Driver San Francisco 1.01
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 User’s Guide" = Epson Stylus SX110_TX110 Manual
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"FormatFactory" = FormatFactory 3.1.1
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"ImageMagick 6.7.3 Q8_is1" = ImageMagick 6.7.3-7 Q8 (2011-12-01)
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = Ontrack EasyRecovery Professional
"iSkysoft Video Converter Ultimate_is1" = iSkysoft Video Converter Ultimate(Build 4.0.0.1)
"Knoll Light Factory EZ Studio" = Knoll Light Factory EZ Studio
"Magic Bullet Looks Studio" = Magic Bullet Looks Studio
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 26.0 (x86 cs)" = Mozilla Firefox 26.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultiSkypeLauncher" = MultiSkypeLauncher (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"rajče.net_is1" = rajče průvodce verze 1.59.42.257
"Red Giant ToonIt Studio" = Red Giant ToonIt Studio
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Trapcode 3DStroke Studio" = Trapcode 3DStroke Studio
"Trapcode Particular Studio" = Trapcode Particular Studio
"Trapcode Shine Studio" = Trapcode Shine Studio
"Unlocker" = Unlocker 1.9.1
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZonerPhotoStudio13_CZ_is1" = Zoner Photo Studio 13
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SeznamInstall" = Seznam Software
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.12.2013 11:02:26 | Computer Name = MB | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace explorer.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 20.12.2013 15:09:34 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
ntdll.dll, verze 5.1.2600.6055, adresa chyby 0x00011780.
Error - 20.12.2013 15:09:47 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace drwtsn32.exe, verze 5.1.2600.0, chybující modul
dbghelp.dll, verze 5.1.2600.5512, adresa chyby 0x0001295d.
Error - 20.12.2013 15:11:14 | Computer Name = MB | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 11.1.2014 14:29:29 | Computer Name = MB | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 2152759308, P2 unspecified, P3 scanfile,
P4 3.0.8402.0, P5 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 15.1.2014 11:26:04 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
avisplitter.ax, verze 1.3.1290.0, adresa chyby 0x00023918.
Error - 21.1.2014 11:03:09 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace driver.exe, verze 0.0.0.0, chybující modul driver.exe,
verze 0.0.0.0, adresa chyby 0x007b0304.
Error - 24.1.2014 10:22:21 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace freesa~1.scr, verze 2.2.5.1, chybující modul freesa~1.scr,
verze 2.2.5.1, adresa chyby 0x00050a2c.
Error - 24.1.2014 11:16:25 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace freesa~1.scr, verze 2.2.5.1, chybující modul freesa~1.scr,
verze 2.2.5.1, adresa chyby 0x00050a2c.
Error - 24.1.2014 13:45:24 | Computer Name = MB | Source = Application Error | ID = 1000
Description = Chybující aplikace freesa~1.scr, verze 2.2.5.1, chybující modul freesa~1.scr,
verze 2.2.5.1, adresa chyby 0x00050a2c.
[ System Events ]
Error - 21.1.2014 15:04:44 | Computer Name = MB | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 21.1.2014 15:05:40 | Computer Name = MB | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AsIO Fips MpFilter Processor
Error - 21.1.2014 15:15:59 | Computer Name = MB | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_UNLOCKERDRIVER5\0000 se již v systému nenachází,
přestože nebylo nejdříve připraveno k odebrání.
Error - 21.1.2014 15:18:38 | Computer Name = MB | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 23.1.2014 14:43:35 | Computer Name = MB | Source = Service Control Manager | ID = 7034
Description = Služba Ati HotKey Poller byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 23.1.2014 14:43:35 | Computer Name = MB | Source = Service Control Manager | ID = 7034
Description = Služba Služba brány aplikačního rozhraní byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 23.1.2014 14:43:35 | Computer Name = MB | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 23.1.2014 14:43:35 | Computer Name = MB | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 23.1.2014 14:43:35 | Computer Name = MB | Source = Service Control Manager | ID = 7031
Description = Služba Microsoft Antimalware Service byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 15000 milisekund: Restartovat
službu.
Error - 24.1.2014 13:18:18 | Computer Name = MB | Source = Disk | ID = 262151
Description = Zařízení \Device\Harddisk0\D má chybný blok.
< End of report >
Re: Prosím o kontrolu, asi tam vlezl nějaký červ
Vypnete antivir, at nebrani programu v praci. Znovu spustte OTLDo spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]
:services
JavaQuickStarterService
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: localhost ([]http in Internet)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojebanka.cz ([etrading] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojebanka.cz ([sign] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-861567501-2111687655-725345543-1003\..Trusted Domains: mojeplatba.cz ([www] https in Důvěryhodné servery)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
[1 C:\Documents and Settings\m\*.tmp files -> C:\Documents and Settings\m\*.tmp -> ]
[5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Po restartu se objevi novy log, ten sem dejte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu, asi tam vlezl nějaký červ
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: KBCertifikat
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: m
->Temp folder emptied: 13799660 bytes
->Temporary Internet Files folder emptied: 12814320 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 307228119 bytes
->Google Chrome cache emptied: 48667495 bytes
->Flash cache emptied: 6592 bytes
User: NetworkService
->Temp folder emptied: 21018 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: stare certifikaty
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65373 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4253364713 bytes
Total Files Cleaned = 4 421,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: KBCertifikat
User: LocalService
User: m
->Flash cache emptied: 0 bytes
User: NetworkService
User: stare certifikaty
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry value HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\etrading\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\sign\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojeplatba.cz\www\ deleted successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\m\wuzsd.tmp~ deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP233.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP520.tmp folder deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
OTL by OldTimer - Version 3.2.69.0 log created on 01252014_143035
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: KBCertifikat
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: m
->Temp folder emptied: 13799660 bytes
->Temporary Internet Files folder emptied: 12814320 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 307228119 bytes
->Google Chrome cache emptied: 48667495 bytes
->Flash cache emptied: 6592 bytes
User: NetworkService
->Temp folder emptied: 21018 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: stare certifikaty
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65373 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 4253364713 bytes
Total Files Cleaned = 4 421,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: KBCertifikat
User: LocalService
User: m
->Flash cache emptied: 0 bytes
User: NetworkService
User: stare certifikaty
Total Flash Files Cleaned = 0,00 mb
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\MP Scheduled Scan.job moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry value HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\etrading\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\sign\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojebanka.cz\www\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-861567501-2111687655-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mojeplatba.cz\www\ deleted successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
C:\Documents and Settings\m\wuzsd.tmp~ deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP233.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP520.tmp folder deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
OTL by OldTimer - Version 3.2.69.0 log created on 01252014_143035
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Re: Prosím o kontrolu, asi tam vlezl nějaký červ
Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat. vyosek píše:
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.
Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustteKliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
Defragmentujte disk(y)Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.
Pak napiste, jak je na tom pc.Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: Prosím o kontrolu, asi tam vlezl nějaký červ
Sice nevím jak to děláte ale jste machři. PC funguje jako za mlada. Moc děkuji
Re: Prosím o kontrolu, asi tam vlezl nějaký červ
Kouzla a cary 
Dekujem za pochvalu 
Jsem rad, ze je to v poradku
Nemate vubec zac!
Mejte se a treba zase nekdy
Dekujem za pochvalu Jsem rad, ze je to v poradku
Nemate vubec zac!
Mejte se a treba zase nekdy
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?
