Prosim o kontrolu logu

Zpráva

cedan · #16 Příspěvek od **cedan** » 01 čer 2014 08:45

Hm jedu jen podle instrukci ktere me davate, takze to uz bylo tak nastavene. Neni to moje PC jak jsem psal uz na zacatku a kdo se v tom hrabal predemnou opravdu netusim. Pokud tedy mam neco jinak nastavit prosim o radu a ja to dam do poradku jak to ma byt.

#17 Příspěvek od **Márty84** » 01 čer 2014 09:09

Znovu spustte RogueKiller a dejte prohledat. Pak nechte smazat/opravit vsechny nalezy. Zkontrolujte, ze jsou u vsech zatrzitka. Po oprave sem zase dejte jeho log.

cedan · #18 Příspěvek od **cedan** » 01 čer 2014 13:26

RogueKiller V9.0.0.0 [May 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : pocitac [Práva správce]
Mód : Odebrat -- Datum : 06/01/2014 13:05:53

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost -> VYMAZÁNO

¤¤¤ Antirootkit : 10 ¤¤¤
[SSDT:Addr] NtClose[25] : d347bus.sys @ 0xf736d818
[SSDT:Addr] NtCreateKey[41] : d347bus.sys @ 0xf736d7d0
[SSDT:Addr] NtCreatePagingFile[45] : d347bus.sys @ 0xf7361a20
[SSDT:Addr] NtEnumerateKey[71] : d347bus.sys @ 0xf73622a8
[SSDT:Addr] NtEnumerateValueKey[73] : d347bus.sys @ 0xf736d910
[SSDT:Addr] NtOpenKey[119] : d347bus.sys @ 0xf736d794
[SSDT:Addr] NtQueryKey[160] : d347bus.sys @ 0xf73622c8
[SSDT:Addr] NtQueryValueKey[177] : d347bus.sys @ 0xf736d866
[SSDT:Addr] NtSetSystemPowerState[241] : d347bus.sys @ 0xf736d0b0
[SSDT:Inl] NtCreatePagingFile[45] : d347bus.sys @ 0xf73755c4

¤¤¤ Webové prohlížeče : 9 ¤¤¤
[FIREFX:Addon] ygqnynkr.default-1385666418012 : Skype Click to Call [{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}] -> VYMAZÁNO
[FIREFX:Addon] ygqnynkr.default-1385666418012 : Microsoft .NET Framework Assistant [{20a82645-c095-46ed-80e3-08825760534b}] -> VYMAZÁNO
[FIREFX:Addon] ygqnynkr.default-1385666418012 : Java Quick Starter [jqs@sun.com] -> VYMAZÁNO
[CHROME:Addon] Default : Seznam LiÅ¡tiÄka - Email [bgjpfhpjcgdppjbgnpnjllokbmcdllig] -> ERROR [2]
[CHROME:Addon] Default : Seznam LiÅ¡tiÄka - SlovnÃk [blmojkbhnkkphngknkmgccmlenfaelkd] -> ERROR [2]
[CHROME:Addon] Default : AT_Porsche [gkclphmapdcppbmekmbkcjfanpmoidpg] -> ERROR [2]
[CHROME:Addon] Default : Skype Click to Call [lifbcibllhkdhoafpjfnlhfpfgnpldfl] -> ERROR [2]
[CHROME:Addon] Default : APP_NAME [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2]
[CHROME:Addon] Default : Seznam LiÅ¡tiÄka - RychlÃ¡ volba [olfeabkoenfaoljndfecamgilllcpiak] -> ERROR [2]

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD1600AAJS-00PSA0 +++++
--- User ---
[MBR] 5e528666f2872d82629d65292cd96a5e
[BSP] 65da6ae0d0738666ba89860f8cbe1e60 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 51999 MB
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 106494885 | Size: 100618 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Nesprávná funkce. )

+++++ PhysicalDrive1: Generic USB SD Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive2: Generic USB CF Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive3: Generic USB SM Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

+++++ PhysicalDrive4: Generic USB MS Reader USB Device +++++
Error reading User MBR! ([15] Za?ízení není p?ipraveno. )
--- LL1 ---
[MBR] NOT VALID
Error reading LL2 MBR! ([32] Po?adavek není podporován. )

============================================
RKreport_DEL_05312014_230041.log - RKreport_DEL_05312014_230659.log - RKreport_DEL_06012014_120037.log - RKreport_SCN_05312014_220015.log
RKreport_SCN_05312014_230630.log - RKreport_SCN_06012014_115942.log - RKreport_SCN_06012014_122501.log

Toto me to vyplivlo. Postupoval jsem podle navodu ktery byl doporucen ale porad tam vidim nejake soubory. Ty soubory v tom ANTIROOTKIT smazat nejdou nebo nevim jak. Log protoze jsem myslel ze jsem ho udelal spatne jsem delal jeste jednou.

#19 Příspěvek od **Márty84** » 01 čer 2014 14:31

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Spustte ComboFix.
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

cedan · #20 Příspěvek od **cedan** » 01 čer 2014 20:25

ComboFix 14-05-29.01 - pocitac 01.06.2014 20:51:02.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.1 [GMT 2:00]
Spuštěný z: d:\oblýbenú polo×ky\Dokumenty\Sta×enÚ soubory\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\pocitac\WINDOWS
C:\Documents
c:\program files\MediaBuzzV1
c:\program files\RichMediaViewV1
c:\windows\daemon.dll
c:\windows\IsUn0405.exe
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\N002036C3-Mortal Kombat 4-Setup.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\wmpvis.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NNSERV
-------\Service_NNServ
-------\Legacy_MpKsl8e25cace
-------\Legacy_Skype_C2C_Service
-------\Service_MpKsl8e25cace
-------\Service_Skype C2C Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-01 do 2014-06-01 )))))))))))))))))))))))))))))))
.
.
2014-05-31 19:52 . 2014-06-01 10:12 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-05-31 19:52 . 2014-05-31 19:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2014-05-31 10:39 . 2014-05-31 10:39 -------- d-----w- c:\documents and settings\pocitac\Data aplikací\Malwarebytes
2014-05-31 10:39 . 2014-05-31 10:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-05-31 10:39 . 2014-05-31 19:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-05-31 10:29 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-31 10:28 . 2014-05-31 10:31 -------- d-----w- C:\AdwCleaner
2014-05-31 10:21 . 2014-05-31 10:21 -------- d-----w- C:\rsit
2014-05-31 09:29 . 2014-05-31 09:29 -------- d-----w- c:\program files\TeamViewer
2014-05-31 09:16 . 2014-05-31 10:21 -------- d-----w- c:\program files\trend micro
2014-05-31 09:00 . 2014-05-31 09:14 -------- d-----w- c:\documents and settings\pocitac\Data aplikací\TS3Client
2014-05-31 09:00 . 2014-05-31 09:03 -------- d-----w- c:\program files\TeamSpeak 3 Client
2014-05-31 08:51 . 2014-05-31 08:51 -------- d-----w- c:\program files\Lavalys
2014-05-30 20:04 . 2014-04-30 23:37 8073384 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-24 07:48 . 2014-05-24 07:48 -------- d-sh--w- c:\documents and settings\pocitac\IECompatCache
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 . 2008-01-04 15:35 2023957 ----a-r- c:\windows\system32\DUCHOVE.scr
2014-06-01 19:08 . 2014-06-01 19:08 39464 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6035444C-C529-4DB8-884C-5C047C7DE317}\MpKsl2181ac35.sys
2014-05-14 13:37 . 2012-04-03 07:19 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 13:37 . 2011-08-13 21:00 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-30 23:37 . 2014-05-31 21:11 8073384 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6035444C-C529-4DB8-884C-5C047C7DE317}\mpengine.dll
2014-03-10 12:33 . 2014-03-09 17:39 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-03-10 12:33 . 2014-03-09 17:39 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-03-09 17:39 . 2014-03-09 17:39 22328 ----a-w- c:\documents and settings\pocitac\Data aplikací\PnkBstrK.sys
2014-03-09 17:39 . 2014-03-09 17:39 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-03-09 17:39 . 2014-03-09 17:39 682280 ----a-w- c:\windows\system32\pbsvc.exe
2014-03-06 17:58 . 2002-09-20 16:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:58 . 2002-09-20 16:05 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2002-09-20 16:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2001-10-25 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2007-07-16 14:58 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TransClock"="d:\po formatu systemu windows xp\Průhledné hodiny\tclock.exe" [2001-11-15 245760]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 1211176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-02-01 1083264]
"SystemProc"="c:\users\Public\Other\run_shc.lnk" [2014-05-04 1272]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-08 282624]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-03-27 36352]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" [2011-10-21 2193000]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
"seznam-listicka-distribuce"="c:\program files\Seznam.cz\distribution\szninstall.exe" [2013-05-16 1062472]
"mncykydSrv"="c:\windows\system32\mncykyd.vbe" [2014-03-05 7670]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Rychlý začátek s aplikací HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe -s [2006-2-10 73728]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\Java\\jre1.6.0_24\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [23.5.2010 12:15 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [23.5.2010 12:15 5248]
R1 MpKsl2181ac35;MpKsl2181ac35;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{6035444C-C529-4DB8-884C-5C047C7DE317}\MpKsl2181ac35.sys [1.6.2014 21:08 39464]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [31.5.2014 11:29 5024576]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29.2.2012 8:50 158856]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [24.7.2007 23:00 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [26.7.2007 15:10 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [26.7.2007 15:10 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [28.10.2007 21:15 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [26.7.2007 15:10 86368]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL2181AC35
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-23 12:00 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:37]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 16:08]
.
2014-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 16:08]
.
2014-06-01 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 09:11]
.
2014-06-01 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 09:11]
.
2014-03-10 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-07 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\pocitac\Data aplikací\Mozilla\Firefox\Profiles\ygqnynkr.default-1385666418012\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-ICQ - ~c:\program files\ICQ6.5\ICQ.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Indeo® Software - c:\program files\Ligos\Indeo\Uninst.isu
AddRemove-Kalender - c:\windows\Uninstall_tkexe -kalender
AddRemove-MediaViewV1alpha2671 - c:\program files\MediaViewV1\MediaViewV1alpha2671\uninstall.exe
AddRemove-MediaViewV1alpha6989 - c:\program files\MediaViewV1\MediaViewV1alpha6989\uninstall.exe
AddRemove-MediaWatchV1home4947 - c:\program files\MediaWatchV1\MediaWatchV1home4947\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-01 21:08
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\TEMP\TMP000000715272BF7737BEBA67 524288 bytes
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3660)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
d:\po formatu systemu windows xp\Prc:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\dwwin.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2014-06-01 21:17:22 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-01 19:17
.
Před spuštěním: 7 352 520 704
Po spuštění: Volných bajtů: 10 245 316 608
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - B79BFAEB58F857035DF7CD35164EC56E
413FC2A0C716421B3158746D63736515

#21 Příspěvek od **Márty84** » 02 čer 2014 08:52

Presunte ComboFix na plochu, jinak to nebude fungovat!

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

File::
c:\windows\system32\mncykyd.vbe

Folder::
c:\windows\TEMP\TMP000000715272BF7737BEBA67

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"=-
"NokiaSuite.exe"=-
"SystemProc"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"=-
"HP Software Update"=-
"QuickTime Task"=-
"WinampAgent"=-
"DAEMON Tools-1033"=-
"NokiaMusic FastStart"=-
"Adobe ARM"=-
"seznam-listicka-distribuce"=-
"mncykydSrv"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

DDS::
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML

Driver::
SkypeUpdate

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

cedan · #22 Příspěvek od **cedan** » 02 čer 2014 17:59

ComboFix 14-05-29.01 - pocitac 02.06.2014 18:01:13.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.959.312 [GMT 2:00]
Spuštěný z: d:\oblíbené položky\Dokumenty\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\pocitac\Plocha\CFScript.txt
.
FILE ::
"c:\windows\system32\mncykyd.vbe"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SKYPEUPDATE
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-05-02 do 2014-06-02 )))))))))))))))))))))))))))))))
.
.
2014-05-31 19:52 . 2014-06-01 10:12 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-05-31 19:52 . 2014-05-31 19:52 -------- d-----w- c:\documents and settings\All Users\Data aplikací\RogueKiller
2014-05-31 10:39 . 2014-05-31 10:39 -------- d-----w- c:\documents and settings\pocitac\Data aplikací\Malwarebytes
2014-05-31 10:39 . 2014-05-31 10:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2014-05-31 10:39 . 2014-05-31 19:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-05-31 10:29 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-31 10:28 . 2014-05-31 10:31 -------- d-----w- C:\AdwCleaner
2014-05-31 10:21 . 2014-05-31 10:21 -------- d-----w- C:\rsit
2014-05-31 09:29 . 2014-05-31 09:29 -------- d-----w- c:\program files\TeamViewer
2014-05-31 09:16 . 2014-05-31 10:21 -------- d-----w- c:\program files\trend micro
2014-05-31 09:00 . 2014-05-31 09:14 -------- d-----w- c:\documents and settings\pocitac\Data aplikací\TS3Client
2014-05-31 09:00 . 2014-05-31 09:03 -------- d-----w- c:\program files\TeamSpeak 3 Client
2014-05-31 08:51 . 2014-05-31 08:51 -------- d-----w- c:\program files\Lavalys
2014-05-24 07:48 . 2014-05-24 07:48 -------- d-sh--w- c:\documents and settings\pocitac\IECompatCache
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2036-02-07 01:58 . 2008-01-04 15:35 2023957 ----a-r- c:\windows\system32\DUCHOVE.scr
2014-05-14 13:37 . 2012-04-03 07:19 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-14 13:37 . 2011-08-13 21:00 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-10 12:33 . 2014-03-09 17:39 138464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-03-10 12:33 . 2014-03-09 17:39 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-03-09 17:39 . 2014-03-09 17:39 22328 ----a-w- c:\documents and settings\pocitac\Data aplikací\PnkBstrK.sys
2014-03-09 17:39 . 2014-03-09 17:39 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-03-09 17:39 . 2014-03-09 17:39 682280 ----a-w- c:\windows\system32\pbsvc.exe
2014-03-06 17:58 . 2002-09-20 16:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 17:58 . 2002-09-20 16:05 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:58 . 2002-09-20 16:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:58 . 2001-10-25 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 00:46 . 2007-07-16 14:58 385024 ----a-w- c:\windows\system32\html.iec
2014-03-05 21:19 . 2014-05-03 11:41 7670 --s-a-w- c:\windows\system32\mncykyd.vbe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TransClock"="d:\po formatu systemu windows xp\Průhledné hodiny\tclock.exe" [2001-11-15 245760]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-27 1211176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [2013-05-01 543]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Rychlý začátek s aplikací HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe -s [2006-2-10 73728]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\Java\\jre1.6.0_24\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version9\\TeamViewer_Service.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [23.5.2010 12:15 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [23.5.2010 12:15 5248]
R2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [31.5.2014 11:29 5024576]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [24.7.2007 23:00 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [26.7.2007 15:10 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [26.7.2007 15:10 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [28.10.2007 21:15 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [26.7.2007 15:10 86368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-02 13:48 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:37]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 16:08]
.
2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-13 16:08]
.
2014-03-10 c:\windows\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
- c:\windows\system32\xp_eos.exe [2014-03-07 23:28]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\sign
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojeplatba.cz\www
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\pocitac\Data aplikací\Mozilla\Firefox\Profiles\ygqnynkr.default-1385666418012\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-06-02 18:14
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4020)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\PnkBstrA.exe
d:\po formatu systemu windows xp\Prc:\windows\System32\svchost.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2014-06-02 18:18:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-06-02 16:18
ComboFix2.txt 2014-06-01 19:17
.
Před spuštěním: Volných bajtů: 10 357 166 080
Po spuštění: Volných bajtů: 10 368 458 752
.
- - End Of File - - B5087A0D393E307D287EAE856CF7156B
413FC2A0C716421B3158746D63736515

cedan · #23 Příspěvek od **cedan** » 02 čer 2014 18:02

moc se omlouvam, nejde to moc rychle jak jsem si predstavoval. Logy delam pres Teamviewer a pokazde cekam nez se sestra logne na PC. Dekuji za Vasi trpelivost

#24 Příspěvek od **Márty84** » 02 čer 2014 18:48

cedan píše:moc se omlouvam, nejde to moc rychle jak jsem si predstavoval. Logy delam pres Teamviewer a pokazde cekam nez se sestra logne na PC. Dekuji za Vasi trpelivost

Neni proc se omlouvat!

Taky jsem ted u pc malo. V praci nemam k pocitaci pristup.

Dejte novy log z RSIT

a k tomu

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

cedan · #25 Příspěvek od **cedan** » 03 čer 2014 15:26

Logfile of random's system information tool 1.06 (written by random/random)
Run by pocitac at 2014-06-03 16:21:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (19%) free of 52 GB
Total RAM: 959 MB (30% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_24\bin\ssv.dll [2012-01-04 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-09-16 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.6.0_24\bin\jp2ssv.dll [2012-01-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ie\jqs_plugin.dll [2012-01-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-06 16262656]
"Printsrv"=c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs [2013-05-01 543]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TransClock"=D:\PO FORMATU SYSTEMU WINDOWS XP\Průhledné hodiny\tclock.exe [2001-11-15 245760]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-27 1211176]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlý začátek s aplikací HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\InterVideo\DVD6\WinDVD.exe"="D:\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\Java\jre1.6.0_24\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_24\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\TeamViewer\Version9\TeamViewer.exe"="C:\Program Files\TeamViewer\Version9\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======List of files/folders created in the last 1 months======

2014-06-02 18:18:27 ----D---- C:\WINDOWS\temp
2014-06-02 18:18:25 ----A---- C:\ComboFix.txt
2014-06-01 20:45:40 ----A---- C:\Boot.bak
2014-06-01 20:45:31 ----RASHD---- C:\cmdcons
2014-06-01 20:37:33 ----A---- C:\WINDOWS\zip.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\SWSC.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\SWREG.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\sed.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\PEV.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\NIRCMD.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\MBR.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\grep.exe
2014-06-01 20:37:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-06-01 20:37:09 ----D---- C:\Qoobox
2014-06-01 20:36:20 ----D---- C:\WINDOWS\erdnt
2014-05-31 21:52:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2014-05-31 12:39:59 ----D---- C:\Documents and Settings\pocitac\Data aplikací\Malwarebytes
2014-05-31 12:39:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-05-31 12:39:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-05-31 12:29:47 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-05-31 12:28:21 ----D---- C:\AdwCleaner
2014-05-31 12:21:26 ----D---- C:\rsit
2014-05-31 11:29:54 ----D---- C:\Program Files\TeamViewer
2014-05-31 11:16:16 ----D---- C:\Program Files\trend micro
2014-05-31 11:00:53 ----D---- C:\Documents and Settings\pocitac\Data aplikací\TS3Client
2014-05-31 11:00:30 ----D---- C:\Program Files\TeamSpeak 3 Client
2014-05-31 10:51:23 ----D---- C:\Program Files\Lavalys
2014-05-10 15:27:59 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 months======

2014-06-03 16:16:22 ----D---- C:\WINDOWS\Prefetch
2014-06-03 16:05:07 ----D---- C:\Documents and Settings\pocitac\Data aplikací\.minecraft
2014-06-02 18:18:28 ----D---- C:\WINDOWS\system32\drivers
2014-06-02 18:18:27 ----D---- C:\WINDOWS
2014-06-02 18:17:29 ----D---- C:\WINDOWS\system32\CatRoot2
2014-06-02 18:14:20 ----A---- C:\WINDOWS\system.ini
2014-06-02 18:13:53 ----D---- C:\Config.Msi
2014-06-02 18:12:51 ----D---- C:\WINDOWS\system32\config
2014-06-02 18:09:18 ----D---- C:\WINDOWS\system32
2014-06-02 18:09:17 ----D---- C:\WINDOWS\AppPatch
2014-06-02 18:09:16 ----D---- C:\Program Files\Common Files
2014-06-02 17:55:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-06-02 17:54:34 ----SHD---- C:\WINDOWS\Installer
2014-06-02 17:54:34 ----RD---- C:\Program Files
2014-06-02 17:54:11 ----SD---- C:\WINDOWS\Tasks
2014-06-02 17:50:44 ----D---- C:\WINDOWS\Help
2014-06-02 17:22:16 ----D---- C:\Documents and Settings\pocitac\Data aplikací\Skype
2014-06-01 21:07:47 ----SHD---- C:\System Volume Information
2014-06-01 21:07:47 ----D---- C:\WINDOWS\system32\Restore
2014-06-01 21:04:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-06-01 20:45:40 ----RASH---- C:\boot.ini
2014-06-01 20:32:51 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2014-06-01 20:32:46 ----D---- C:\Program Files\Common Files\PC Tools
2014-05-31 17:38:33 ----D---- C:\Documents and Settings\pocitac\Data aplikací\Seznam.cz
2014-05-31 17:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2884256$
2014-05-31 17:26:59 ----HD---- C:\WINDOWS\inf
2014-05-31 17:26:59 ----D---- C:\Program Files\GotClip
2014-05-31 12:30:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2014-05-31 11:30:06 ----RSD---- C:\WINDOWS\Fonts
2014-05-15 14:11:24 ----D---- C:\WINDOWS\system32\MRT
2014-05-15 07:16:45 ----A---- C:\WINDOWS\system32\MRT.exe
2014-05-14 15:37:00 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-14 15:20:19 ----D---- C:\Program Files\Common Files\Adobe
2014-05-14 15:10:14 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-05-05 17:17:42 ----D---- C:\Program Files\Minecraft 1.7.2
2014-05-04 10:37:50 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2013-02-08 12648960]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2009-03-18 30336]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 K320bus;Sony Ericsson K320 driver (WDM); C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
S3 mbr;mbr; \??\C:\DOCUME~1\pocitac\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-11-01 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2014-03-09 66872]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-08-16 155715]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-10 119408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

cedan · #26 Příspěvek od **cedan** » 03 čer 2014 15:53

OTL Extras logfile created on: 3.6.2014 16:29:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\pocitac\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

959,36 Mb Total Physical Memory | 277,43 Mb Available Physical Memory | 28,92% Memory free
2,26 Gb Paging File | 1,40 Gb Available in Paging File | 61,83% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,78 Gb Total Space | 9,66 Gb Free Space | 19,03% Space Free | Partition Type: NTFS
Drive D: | 98,26 Gb Total Space | 46,88 Gb Free Space | 47,71% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: pocitac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-329068152-1078081533-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE prezentace fotografií] -- "C:\Program Files\Fotolab\Fotolab Fotosvet\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet] -- "C:\Program Files\Fotolab\Fotolab Fotosvet\Fotolab Fotosvet.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\InterVideo\DVD6\WinDVD.exe" = D:\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)
"C:\Program Files\Java\jre1.6.0_24\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_24\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"C:\Program Files\TeamViewer\Version9\TeamViewer.exe" = C:\Program Files\TeamViewer\Version9\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{11F26C09-3821-46E5-8351-612BE5953F22}_is1" = Minecraft 1.2.5 with Technic Pack [FEarBG] version 1
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{179624B1-2683-45ED-965A-B72189EB5820}" = Opera 9.51
"{2048F008-BDCD-485E-B552-B60E15BDC668}" = Disney Popelka
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{25F61E72-AAA4-4607-95D2-1E5139C98FFB}" = Nokia_Multimedia_Common_Components_2_5
"{26A24AE4-039D-4CA4-87B4-2F83216024F0}" = Java(TM) 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4FCB1267-7380-4EBA-9A6C-69809C6E8227}" = Nokia Music Player
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{57B2281D-A34A-4a48-8C68-169B8873659D}" = c4100_Help
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6ACA2FD2-4C4A-42F3-AFB5-7B433BBDF6DB}" = InterVideo WinDVD 6
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{95120000-00AF-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Czech)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.07)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C871525F-7116-4d26-BA6D-215F59B6F88B}" = C4100
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E4BFD80B-5A9B-CF21-D247-85F8D1CF5E2F}_is1" = Minecraft 1.7.2 version for Windows
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE7E1DD7-EBCE-4696-ADE2-22BDBF2372DA}" = DocumentViewer
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fotolab Fotosvet" = Fotolab Fotosvet
"Google Chrome" = Google Chrome
"HappyFoto-Designer_is1" = HF Designer 4.4
"HP Document Viewer" = HP Document Viewer 7.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"LIŠKA RYŠKA - ZÁHADA BERMUDSKÉHO TROJÚHELNÍKU" = LIŠKA RYŠKA - ZÁHADA BERMUDSKÉHO TROJÚHELNÍKU
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MINECRAFT 1.5.2 FULL 1.00" = MINECRAFT 1.5.2 FULL 1.00
"Montezumova pomsta" = Montezumova pomsta
"Mozilla Firefox 29.0.1 (x86 cs)" = Mozilla Firefox 29.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre Studio" = PhotoFiltre Studio
"Polární dobrodružství 2" = Polární dobrodružství 2
"PunkBusterSvc" = PunkBuster Services
"Robomoucha" = Robomoucha
"Room Arranger" = Room Arranger
"Smokule_angielski" = DRÁČKOVÉ - DOBRODRUŽSTVÍ S ANGLIČTINOU
"Tajemná písmena" = Tajemná písmena
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 9" = TeamViewer 9
"VLC media player" = VLC media player 1.0.3
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SeznamInstall" = Seznam Software
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29.4.2014 1:46:15 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description =

Error - 29.4.2014 13:12:33 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1.5.2014 8:47:06 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description =

Error - 1.5.2014 8:50:30 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description =

Error - 2.5.2014 2:00:10 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description =

Error - 4.5.2014 11:04:44 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description =

Error - 6.5.2014 8:38:36 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description =

Error - 10.5.2014 4:06:38 | Computer Name = HOME | Source = MPSampleSubmission | ID = 5000
Description =

[ System Events ]
Error - 28.5.2014 12:03:11 | Computer Name = HOME | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 192.168.1.68 pro síťovou kartu se síťovou
adresou 001617EE45E7 byla ukončena.

Error - 28.5.2014 12:03:14 | Computer Name = HOME | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby WZCSVC.

Error - 30.5.2014 7:20:53 | Computer Name = HOME | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 192.168.1.68 pro síťovou kartu se síťovou
adresou 001617EE45E7 byla ukončena.

Error - 30.5.2014 8:33:04 | Computer Name = HOME | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby WZCSVC.

Error - 30.5.2014 8:33:07 | Computer Name = HOME | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 192.168.1.68 pro síťovou kartu se síťovou
adresou 001617EE45E7 byla ukončena.

Error - 2.6.2014 9:03:05 | Computer Name = HOME | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 192.168.1.68 pro síťovou kartu se síťovou
adresou 001617EE45E7 byla ukončena.

Error - 3.6.2014 10:03:17 | Computer Name = HOME | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 192.168.1.68 pro síťovou kartu se síťovou
adresou 001617EE45E7 byla ukončena.

< End of report >

cedan · #27 Příspěvek od **cedan** » 03 čer 2014 15:56

OTL logfile created on: 3.6.2014 16:29:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\pocitac\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

959,36 Mb Total Physical Memory | 277,43 Mb Available Physical Memory | 28,92% Memory free
2,26 Gb Paging File | 1,40 Gb Available in Paging File | 61,83% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50,78 Gb Total Space | 9,66 Gb Free Space | 19,03% Space Free | Partition Type: NTFS
Drive D: | 98,26 Gb Total Space | 46,88 Gb Free Space | 47,71% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: pocitac | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.06.03 16:26:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pocitac\Plocha\OTL.exe
PRC - [2014.05.14 01:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014.04.25 11:56:13 | 004,582,720 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version9\TeamViewer_Desktop.exe
PRC - [2014.04.25 11:56:12 | 012,971,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer.exe
PRC - [2014.04.25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014.04.25 11:42:00 | 000,238,400 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version9\tv_w32.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.02.10 07:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2001.11.15 10:00:16 | 000,245,760 | ---- | M] (rc) -- D:\PO FORMATU SYSTEMU WINDOWS XP\Průhledné hodiny\tclock.exe

========== Modules (No Company Name) ==========

MOD - [2014.05.14 01:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014.05.14 01:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014.05.14 01:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2013.07.12 09:50:58 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a2223024\mscorlib.dll
MOD - [2013.07.12 09:50:55 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_9f7d5fe5\system.drawing.dll
MOD - [2013.07.12 09:50:49 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a1c74181\system.xml.dll
MOD - [2013.07.12 09:50:44 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_74904e54\system.windows.forms.dll
MOD - [2013.07.12 09:50:34 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_787016cb\system.dll
MOD - [2013.07.12 09:50:24 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2013.07.12 09:50:23 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2013.07.12 09:50:22 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2010.02.18 00:49:10 | 000,323,584 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2010.02.10 18:10:12 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.05.01 10:19:28 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2008.05.01 10:19:27 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_cs_a53cf5803f4c3827\hpqisrtb.resources.dll
MOD - [2008.05.01 10:19:21 | 001,163,264 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2008.05.01 10:19:21 | 000,790,528 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2008.05.01 10:19:21 | 000,376,832 | ---- | M] () -- c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_cs_a53cf5803f4c3827\hpqedit.resources.dll
MOD - [2008.05.01 10:19:21 | 000,258,048 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_cs_a53cf5803f4c3827\hpqbakup.resources.dll
MOD - [2008.05.01 10:19:19 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2008.05.01 10:19:18 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2008.05.01 10:19:18 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2008.05.01 10:19:18 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2008.05.01 10:19:18 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll
MOD - [2008.05.01 10:19:18 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2008.05.01 10:19:18 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2008.05.01 10:19:18 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2008.05.01 10:19:18 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2008.05.01 10:19:18 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2008.05.01 10:19:18 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2008.05.01 10:19:18 | 000,016,384 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_cs_a53cf5803f4c3827\hpqprrsc.resources.dll
MOD - [2008.05.01 10:19:17 | 000,516,096 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2008.05.01 10:19:17 | 000,192,512 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2008.05.01 10:19:17 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2008.05.01 10:19:17 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2008.05.01 10:19:17 | 000,014,848 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2008.05.01 10:19:17 | 000,010,240 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2008.05.01 10:19:17 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2008.05.01 10:19:16 | 000,593,920 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2008.05.01 10:19:16 | 000,425,984 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2008.05.01 10:19:16 | 000,385,024 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2008.05.01 10:19:16 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2008.05.01 10:19:16 | 000,135,168 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_cs_a53cf5803f4c3827\hpqcc2.resources.dll
MOD - [2008.05.01 10:19:16 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_cs_a53cf5803f4c3827\hpqtray.resources.dll
MOD - [2008.05.01 10:19:16 | 000,094,208 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_cs_a53cf5803f4c3827\hpqcprsc.resources.dll
MOD - [2008.05.01 10:19:16 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2008.05.01 10:19:16 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2008.05.01 10:19:16 | 000,061,440 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2008.05.01 10:19:16 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2008.05.01 10:19:16 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_cs_a53cf5803f4c3827\hpqfmrsc.resources.dll
MOD - [2008.05.01 10:19:16 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2008.05.01 10:19:16 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2008.05.01 10:18:57 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2008.05.01 10:18:57 | 000,081,920 | ---- | M] () -- c:\windows\assembly\gac\system.resources\1.0.5000.0_cs_b77a5c561934e089\system.resources.dll
MOD - [2008.04.14 05:21:47 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.11.18 21:21:21 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2007.07.16 17:06:53 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2006.06.27 12:53:08 | 000,017,704 | ---- | M] () -- C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll
MOD - [2005.10.20 10:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005.10.20 10:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll

========== Services (SafeList) ==========

SRV - [2014.05.14 15:37:03 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.05.10 15:30:09 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.04.25 11:56:12 | 005,024,576 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\pocitac\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011.11.01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006.11.07 10:42:30 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200obex.sys -- (w200obex)
DRV - [2006.11.07 10:42:28 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mgmt.sys -- (w200mgmt)
DRV - [2006.11.07 10:42:24 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdm.sys -- (w200mdm)
DRV - [2006.11.07 10:42:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200mdfl.sys -- (w200mdfl)
DRV - [2006.11.07 10:42:16 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w200bus.sys -- (w200bus)
DRV - [2006.09.06 10:04:12 | 004,377,600 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2006.08.18 11:10:24 | 000,061,504 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320bus.sys -- (K320bus)
DRV - [2006.08.18 11:10:22 | 000,097,056 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdm.sys -- (K320mdm)
DRV - [2006.08.18 11:10:22 | 000,009,328 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mdfl.sys -- (K320mdfl)
DRV - [2006.08.18 11:10:20 | 000,088,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320mgmt.sys -- (K320mgmt)
DRV - [2006.08.18 11:10:18 | 000,086,368 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\K320obex.sys -- (K320obex)
DRV - [2006.08.14 08:51:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006.07.11 15:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.07.11 15:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.03.09 08:53:00 | 000,036,352 | R--- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.08.22 16:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004.08.22 16:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
DRV - [2004.08.09 13:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 13:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 16:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp01.sys -- (sfhlp01)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = http://www.google.com
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://www.google.com
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchT ... f8&oe=utf8
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes,DefaultScope = {0A0F1224-0E62-4622-8D15-B25B0769D083}
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes\{0A0F1224-0E62-4622-8D15-B25B0769D083}: "URL" = http://www.google.com/search?q={searchT ... 1I7GGLL_en
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes\{0C68024A-F373-4481-A37D-5F032C4568EB}: "URL" = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_16194
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes\{148257B2-D4E9-42B0-8256-F7484946FD21}: "URL" = http://encyklopedie.seznam.cz/search?q= ... arch_16194
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes\{3838B315-F9A5-461F-9DE7-5FAA5AEBFF2A}: "URL" = http://www.firmy.cz/?q={searchTerms}&so ... arch_16194
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes\{3F84B0DC-194B-4679-BD27-28BB90ECAB32}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes\{47AC5287-B6DE-426B-940F-3AC40128BFC7}: "URL" = http://tv.seznam.cz/hledej?w={searchTer ... arch_16194
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes\{548C06F1-1398-482F-84AE-08A460026E6B}: "URL" = http://www.novinky.cz/hledej?w={searchT ... arch_16194
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes\{6E026E0F-6B99-4A4C-ABD6-8791396A0F0A}: "URL" = http://www.mapy.cz/?query={searchTerms} ... arch_16194
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes\{ADA46E29-79AB-428D-B746-8104FE478F30}: "URL" = http://slovnik.seznam.cz/?q={searchTerm ... arch_16194
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..\SearchScopes\{BE44ACC0-0906-406E-8603-541EA2D97D37}: "URL" = http://search.seznam.cz/?q={searchTerms ... arch_16194
IE - HKU\S-1-5-21-329068152-1078081533-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@kb-ext.cz/PKIComponent: C:\Documents and Settings\pocitac\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\pocitac\Local Settings\Data aplikací\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ff [2012.01.04 23:41:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014.05.10 15:28:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.05.14 15:21:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.05.17 20:46:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009.08.11 22:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pocitac\Data aplikací\Mozilla\Extensions
[2014.05.02 15:40:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\pocitac\Data aplikací\Mozilla\Firefox\Profiles\ygqnynkr.default-1385666418012\extensions
[2014.05.10 15:28:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014.05.10 15:28:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.05.10 15:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014.05.10 15:28:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014.05.10 15:30:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.01.04 23:41:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\gears.dll
CHR - plugin: MicrosoftĂÂĂ‚ÂĂÂ‚Ă‚ÂĂÂĂ‚Â‚ĂÂ‚Ă‚Â‚ĂÂĂ‚ÂĂÂ‚Ă‚Â‚ĂÂĂ‚Â‚ĂÂ‚Ă‚Â® DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: MicrosoftĂÂĂ‚ÂĂÂ‚Ă‚ÂĂÂĂ‚Â‚ĂÂ‚Ă‚Â‚ĂÂĂ‚ÂĂÂ‚Ă‚Â‚ĂÂĂ‚Â‚ĂÂ‚Ă‚Â® DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Seznam LiĂÂĂ‚ÂĂÂ‚Ă‚Â…ĂÂĂ‚Â‚ĂÂ‚Ă‚ÂˇtiĂÂĂ‚ÂĂÂ‚Ă‚Â„ĂÂĂ‚Â‚ĂÂ‚Ă‚ÂŤka - Email = C:\Documents and Settings\pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0\
CHR - Extension: Seznam LiĂÂĂ‚ÂĂÂ‚Ă‚Â…ĂÂĂ‚Â‚ĂÂ‚Ă‚ÂˇtiĂÂĂ‚ÂĂÂ‚Ă‚Â„ĂÂĂ‚Â‚ĂÂ‚Ă‚ÂŤka - SlovnĂÂĂ‚ÂĂÂ‚Ă‚ÂĂÂĂ‚Â‚ĂÂ‚Ă‚Âk = C:\Documents and Settings\pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_1\
CHR - Extension: AT_Porsche = C:\Documents and Settings\pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg\3_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: PenĂÂĂ‚ÂĂÂ‚Ă‚Â„ĂÂĂ‚Â‚ĂÂ‚Ă‚Â›ĂÂĂ‚ÂĂÂ‚Ă‚Â…ĂÂĂ‚Â‚ĂÂ‚Ă‚Âľenka Google = C:\Documents and Settings\pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Seznam LiĂÂ…Ă‚ÂˇtiĂÂ„Ă‚ÂŤka - RychlĂÂĂ‚Âˇ volba = C:\Documents and Settings\pocitac\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.6.5_0\

O1 HOSTS File: ([2014.06.02 18:14:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_24\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_24\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Printsrv] C:\WINDOWS\system32\Printing_Admin_Scripts\en-US\pubpr.vbs ()
O4 - HKU\S-1-5-21-329068152-1078081533-839522115-1003..\Run: [TransClock] D:\PO FORMATU SYSTEMU WINDOWS XP\Průhledné hodiny\tclock.exe (rc)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlý začátek s aplikací HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1078081533-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-329068152-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-329068152-1078081533-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_24\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..Trusted Domains: localhost ([]http in Internet)
O15 - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..Trusted Domains: mojebanka.cz ([*] https in Trusted sites)
O15 - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..Trusted Domains: mojebanka.cz ([etrading] https in Trusted sites)
O15 - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..Trusted Domains: mojebanka.cz ([sign] https in Trusted sites)
O15 - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-329068152-1078081533-839522115-1003\..Trusted Domains: mojeplatba.cz ([www] https in Trusted sites)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BEDD1CE1-A339-41D5-AE71-2DDADCA6CE0C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18 - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - https://www.mojebanka.cz/js/cexi/zoom.js?2402
O24 - Desktop Components:1 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.07.15 22:39:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.06.03 16:27:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pocitac\Plocha\OTL.exe
[2014.06.02 18:18:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2014.06.01 20:45:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014.06.01 20:37:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014.06.01 20:37:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014.06.01 20:37:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014.06.01 20:37:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014.06.01 20:37:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014.06.01 20:36:44 | 000,000,000 | R--D | C] -- D:\Oblíbené položky\Dokumenty\Hudba
[2014.06.01 20:36:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014.05.31 21:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\RogueKiller
[2014.05.31 12:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pocitac\Data aplikací\Malwarebytes
[2014.05.31 12:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2014.05.31 12:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014.05.31 12:29:47 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014.05.31 12:28:21 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.05.31 12:21:26 | 000,000,000 | ---D | C] -- C:\rsit
[2014.05.31 11:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamViewer 9
[2014.05.31 11:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2014.05.31 11:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.05.31 11:00:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pocitac\Data aplikací\TS3Client
[2014.05.31 11:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\TeamSpeak 3 Client
[2014.05.31 11:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2014.05.31 10:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2014.05.30 21:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pocitac\Plocha\Práce Květen2014
[2014.05.24 09:48:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\pocitac\IECompatCache
[2014.05.10 15:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.05.07 16:25:20 | 001,557,017 | ---- | C] (TeamExtreme) -- C:\Documents and Settings\pocitac\Plocha\Minecraft-1.7.2.exe
[2014.05.04 21:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pocitac\Plocha\Práce Duben 2014
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2036.02.07 03:58:15 | 002,023,957 | R--- | M] (Finalhit Ltd) -- C:\WINDOWS\System32\DUCHOVE.scr
[2014.06.03 16:32:44 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.06.03 16:26:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pocitac\Plocha\OTL.exe
[2014.06.03 16:19:57 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\pocitac\Plocha\RSIT.exe
[2014.06.02 21:58:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.06.02 21:35:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.06.02 18:58:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.06.02 18:14:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014.06.02 18:14:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014.06.02 18:13:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.06.02 17:54:37 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2014.06.02 15:52:54 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\pocitac\Plocha\Zástupce - ComboFix.exe.lnk
[2014.06.02 15:49:28 | 000,001,693 | ---- | M] () -- D:\Plocha\Google Chrome.lnk
[2014.06.02 15:22:10 | 000,002,193 | ---- | M] () -- D:\Plocha\Skype.lnk
[2014.06.01 21:11:58 | 000,000,003 | ---- | M] () -- C:\Documents and Settings\pocitac\stut
[2014.06.01 20:45:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014.06.01 12:12:38 | 000,026,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2014.05.31 12:34:53 | 000,000,062 | ---- | M] () -- C:\Documents and Settings\pocitac\rgut
[2014.05.31 12:32:36 | 000,204,920 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014.05.31 11:30:04 | 000,000,699 | ---- | M] () -- D:\Plocha\TeamViewer 9.lnk
[2014.05.31 11:00:43 | 000,000,713 | ---- | M] () -- D:\Plocha\TeamSpeak 3 Client.lnk
[2014.05.31 10:51:27 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\pocitac\Plocha\EVEREST Home Edition.lnk
[2014.05.24 12:34:30 | 000,005,544 | ---- | M] () -- D:\Oblíbené položky\Dokumenty\Těžba SV.Hubert1
[2014.05.22 14:55:34 | 001,557,017 | ---- | M] (TeamExtreme) -- C:\Documents and Settings\pocitac\Plocha\Minecraft-1.7.2.exe
[2014.05.14 15:37:00 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014.05.14 15:37:00 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014.05.14 15:13:21 | 000,001,300 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2014.05.14 15:01:22 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2014.05.14 15:00:54 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[19 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.06.03 16:32:44 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.06.03 16:20:27 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\pocitac\Plocha\RSIT.exe
[2014.06.02 15:52:53 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\pocitac\Plocha\Zástupce - ComboFix.exe.lnk
[2014.06.02 15:49:28 | 000,001,693 | ---- | C] () -- D:\Plocha\Google Chrome.lnk
[2014.06.01 20:45:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014.06.01 20:45:37 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2014.06.01 20:37:33 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014.06.01 20:37:33 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014.06.01 20:37:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014.06.01 20:37:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014.06.01 20:37:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014.05.31 21:52:12 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\TrueSight.sys
[2014.05.31 11:30:04 | 000,000,699 | ---- | C] () -- D:\Plocha\TeamViewer 9.lnk
[2014.05.31 11:00:43 | 000,000,713 | ---- | C] () -- D:\Plocha\TeamSpeak 3 Client.lnk
[2014.05.31 10:51:27 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\pocitac\Plocha\EVEREST Home Edition.lnk
[2014.05.30 22:14:42 | 000,005,544 | ---- | C] () -- D:\Oblíbené položky\Dokumenty\Těžba SV.Hubert1
[2014.05.05 17:16:52 | 011,102,655 | ---- | C] ( ) -- C:\Documents and Settings\pocitac\Plocha\Minecraft-1.7.2(1).exe
[2014.05.04 17:05:46 | 000,000,003 | ---- | C] () -- C:\Documents and Settings\pocitac\stut
[2014.05.04 17:03:26 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\pocitac\rgut
[2014.05.03 13:41:19 | 000,100,864 | --S- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2014.05.03 13:41:18 | 000,192,512 | --S- | C] () -- C:\WINDOWS\System32\libidn-11.dll
[2014.05.03 13:41:18 | 000,133,632 | --S- | C] () -- C:\WINDOWS\System32\librtmp.dll
[2014.05.03 13:41:17 | 000,538,126 | --S- | C] () -- C:\WINDOWS\System32\libcurl-4.dll
[2014.03.09 19:39:31 | 000,138,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2014.03.09 19:39:31 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\pocitac\Data aplikací\PnkBstrK.sys
[2014.03.09 19:39:13 | 000,111,928 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2014.03.09 19:39:09 | 000,682,280 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe
[2014.03.09 19:39:09 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2014.02.27 21:51:16 | 000,001,300 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2014.02.13 10:55:31 | 000,127,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2013.05.24 15:19:39 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2013.05.14 17:35:22 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013.05.14 17:35:22 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013.05.14 17:35:22 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013.02.08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2013.01.25 18:08:42 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2012.06.28 22:32:24 | 000,000,382 | ---- | C] () -- C:\Program Files\Zástupce - Program Files.lnk
[2011.10.10 22:08:03 | 002,053,902 | ---- | C] () -- C:\Documents and Settings\pocitac\Data aplikací\mdbu.bin
[2009.05.31 18:54:21 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\pocitac\Data aplikací\$_hpcst$.hpc
[2007.10.24 16:00:25 | 000,005,289 | ---- | C] () -- C:\Documents and Settings\pocitac\Data aplikací\froggy_scorebox
[2007.10.24 16:00:25 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\pocitac\Data aplikací\pl_accounts.pl_acc
[2007.10.24 16:00:25 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\pocitac\Data aplikací\Troll.options
[2007.07.29 12:50:33 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\pocitac\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.07.16 17:08:47 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\pocitac\Local Settings\Data aplikací\fusioncache.dat

========== ZeroAccess Check ==========

[2007.07.16 17:07:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 05:21:55 | 001,499,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:56:05 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 05:22:05 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.03.15 19:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Disney Interactive
[2013.05.12 13:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2012.08.09 15:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\HF Designer
[2014.05.31 12:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2008.10.03 14:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Meridian93
[2012.05.17 20:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2010.08.29 17:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
[2010.08.29 15:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NokiaMusic
[2010.08.29 17:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2012.01.14 17:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PhotoGenie
[2014.05.31 21:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\RogueKiller
[2014.06.01 20:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2014.03.03 17:53:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\tmp
[2012.09.18 16:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Vivendi Universal Games
[2014.06.03 16:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\.minecraft
[2013.03.16 08:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\.techniclauncher
[2007.10.25 15:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Alawar
[2008.09.19 19:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\ESET
[2009.03.21 14:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\FashionCrazeChech
[2013.09.22 10:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Friday's games
[2011.03.13 22:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\ICQ
[2008.05.29 09:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\ICQ Toolbar
[2008.05.14 18:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\ICQLite
[2007.07.23 18:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\InterVideo
[2013.10.27 11:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\KB-ext
[2007.07.26 15:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Leadertech
[2012.05.17 20:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Nokia
[2008.07.27 21:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Opera
[2012.05.17 21:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\PC Suite
[2014.05.31 17:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Seznam.cz
[2013.09.22 10:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\SprillBermudeChech
[2014.05.31 11:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\TS3Client
[2013.05.11 11:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Unity
[2012.12.27 00:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Wargaming.net

========== Purity Check ==========

========== Custom Scans ==========

< >
[2007.07.15 22:37:06 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2007.07.15 22:39:00 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2011.03.13 18:09:01 | 000,000,938 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2011.03.13 18:09:01 | 000,000,942 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.03 09:19:04 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2014.03.10 10:51:00 | 000,000,220 | ---- | C] () -- C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job

< >

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\erdnt\cache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.03 22:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: ISAPNP.SYS >
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.04.06 11:37:08 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\erdnt\cache\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\erdnt\cache\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006.08.14 08:51:28 | 000,105,344 | R--- | M] (NVIDIA Corporation) MD5=947C4A0E7B25BCECC3B40F0F1070378B -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\erdnt\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\erdnt\cache\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[29 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\WINDOWS\Globalization\*.tmp files -> C:\WINDOWS\Globalization\*.tmp -> ]
[3 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\06620c7b1db9765396cb9665461ee743\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\06620c7b1db9765396cb9665461ee743\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\111513dc05eb541ecc5e6b3b1828572b\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\111513dc05eb541ecc5e6b3b1828572b\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\19dbc9ddb70fd9c4ebcebff519e945a6\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\19dbc9ddb70fd9c4ebcebff519e945a6\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\25c9064b7f6c54426934bec83d91c7fa\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\25c9064b7f6c54426934bec83d91c7fa\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2e08f215e20e73d0029fbbcc34710bb8\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2e08f215e20e73d0029fbbcc34710bb8\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2e388494bddf17e38d98d1636abe38c5\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2e388494bddf17e38d98d1636abe38c5\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\30ac3e25776f287599e730665baf9314\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\30ac3e25776f287599e730665baf9314\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\31cdb2744333b76b9c05de01d88e9723\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\31cdb2744333b76b9c05de01d88e9723\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\4714635eedfab2ea52e0ae109642cf08\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4714635eedfab2ea52e0ae109642cf08\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\4a6ebf52efbec44d28d5c0135c216a55\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\4a6ebf52efbec44d28d5c0135c216a55\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5bb95c58dabd9a23775b7de0f3523176\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5bb95c58dabd9a23775b7de0f3523176\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\741de8ed746d624fbf64b4b2dfcc6b20\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\741de8ed746d624fbf64b4b2dfcc6b20\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\749a50d8acbc46b72e35cabcff87e207\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\749a50d8acbc46b72e35cabcff87e207\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\7c4ef551e9870b02a2c4f2ccdb0f1681\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\7c4ef551e9870b02a2c4f2ccdb0f1681\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\7f66daa47a40dc41b0d7fb589e125ac2\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\7f66daa47a40dc41b0d7fb589e125ac2\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\9500ee49543bc5a0500280fd21265403\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\9500ee49543bc5a0500280fd21265403\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\ad6d3a2b5d58e4a2aa3165693404efb8\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\ad6d3a2b5d58e4a2aa3165693404efb8\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\b4ccf90cba244e6dadbae18938ad1aee\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\b4ccf90cba244e6dadbae18938ad1aee\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\bf374b2d169e42120c7c1270e9577152\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\bf374b2d169e42120c7c1270e9577152\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\f0e463b1bba7747ae839cdace6593161\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\f0e463b1bba7747ae839cdace6593161\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\f2eb137e9f93ae1346cdad7b147c0149\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\f2eb137e9f93ae1346cdad7b147c0149\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\fd674b0793556498419dc6d88ead9cda\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\fd674b0793556498419dc6d88ead9cda\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\fe61c629c8f74ff0b36cb17d266219b9\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\fe61c629c8f74ff0b36cb17d266219b9\*.tmp -> ]
[19 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2014.06.03 16:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\.minecraft
[2013.03.16 08:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\.techniclauncher
[2013.07.22 09:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Adobe
[2008.12.17 11:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\AdobeUM
[2007.10.21 21:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Ahead
[2007.10.25 15:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Alawar
[2007.10.10 17:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Apple Computer
[2012.06.09 19:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\dvdcss
[2008.09.19 19:33:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\ESET
[2009.03.21 14:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\FashionCrazeChech
[2013.09.22 10:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Friday's games
[2008.10.25 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Google
[2007.10.23 21:12:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Help
[2008.06.24 09:01:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\HP
[2011.03.13 22:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\ICQ
[2008.05.29 09:07:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\ICQ Toolbar
[2008.05.14 18:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\ICQLite
[2007.07.15 22:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Identities
[2009.03.15 19:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\InstallShield
[2007.07.23 18:00:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\InterVideo
[2013.10.27 11:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\KB-ext
[2007.07.26 15:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Leadertech
[2008.02.25 10:17:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Macromedia
[2014.05.31 12:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Malwarebytes
[2012.01.28 22:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Media Player Classic
[2014.02.01 15:25:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\pocitac\Data aplikací\Microsoft
[2009.08.11 22:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Mozilla
[2009.04.17 22:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\MSN6
[2012.05.17 20:47:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Nokia
[2013.11.23 22:19:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\NVIDIA
[2008.07.27 21:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Opera
[2012.05.17 21:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\PC Suite
[2010.03.07 16:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Real
[2008.04.23 16:01:29 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\pocitac\Data aplikací\SecuROM
[2014.05.31 17:38:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Seznam.cz
[2014.06.02 17:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Skype
[2012.01.26 16:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\skypePM
[2013.09.22 10:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\SprillBermudeChech
[2009.06.07 11:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Sun
[2014.05.31 11:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\TS3Client
[2013.05.11 11:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Unity
[2014.04.27 10:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\vlc
[2012.12.27 00:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Wargaming.net
[2013.07.28 14:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\Winamp
[2010.05.23 11:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pocitac\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2012.08.12 15:21:56 | 000,617,969 | ---- | M] () -- C:\Documents and Settings\pocitac\Data aplikací\.techniclauncher\tekkit_launcher_cracked.exe
[2013.03.09 17:34:14 | 000,733,685 | ---- | M] () -- C:\Documents and Settings\pocitac\Data aplikací\.techniclauncher\unins000.exe
[2013.10.27 11:36:24 | 001,175,960 | ---- | M] () -- C:\Documents and Settings\pocitac\Data aplikací\KB-ext\lib\unins000.exe
[2013.05.16 15:25:04 | 001,062,472 | ---- | M] () -- C:\Documents and Settings\pocitac\Data aplikací\Seznam.cz\szninstall.exe
[2013.05.16 15:26:24 | 002,589,256 | ---- | M] () -- C:\Documents and Settings\pocitac\Data aplikací\Seznam.cz\sznsetup.exe
[2013.04.16 13:52:34 | 000,055,808 | ---- | M] () -- C:\Documents and Settings\pocitac\Data aplikací\Seznam.cz\bin\ffkill.exe
[2013.04.29 12:53:34 | 000,045,560 | ---- | M] () -- C:\Documents and Settings\pocitac\Data aplikací\Seznam.cz\bin\listicka-x64.exe
[2013.04.12 10:13:24 | 000,457,208 | ---- | M] () -- C:\Documents and Settings\pocitac\Data aplikací\Seznam.cz\bin\szndesktop.exe
[2013.04.12 10:10:22 | 000,092,664 | ---- | M] () -- C:\Documents and Settings\pocitac\Data aplikací\Seznam.cz\bin\wszndesktop.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[19 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.07.16 00:21:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007.07.16 00:21:31 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007.07.16 00:21:31 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[19 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >
[2014.06.01 12:12:38 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\drivers\TrueSight.sys

< %systemroot%\system32\*.* /3 >
[2014.06.01 19:08:11 | 000,000,270 | ---- | M] () -- C:\WINDOWS\system32\AppLog.log
[2036.02.07 03:58:15 | 002,023,957 | R--- | M] (Finalhit Ltd) -- C:\WINDOWS\system32\DUCHOVE.scr
[2014.06.02 18:14:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[19 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"TransClock" = D:\PO FORMATU SYSTEMU WINDOWS XP\Průhledné hodiny\tclock.exe -- [2001.11.15 10:00:16 | 000,245,760 | ---- | M] (rc)
"H/PC Connection Agent" = "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" -- [2006.06.27 12:55:26 | 001,211,176 | ---- | M] (Microsoft Corporation)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.06.03 16:32:44 | 000,000,512 | ---- | M] () MD5=5E528666F2872D82629D65292CD96A5E -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012.08.12 15:21:56 | 000,617,969 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\.techniclauncher\tekkit_launcher_cracked.exe
[2012.06.24 07:01:48 | 000,568,305 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\.techniclauncher\tekkit_launcher_cracked.jar

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2014.04.27 10:41:36 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Documents and Settings\pocitac\Local Settings\Data aplikací\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\loader.gif.vir
[2014.04.27 10:41:36 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Documents and Settings\pocitac\Local Settings\Data aplikací\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\loader.gif.vir
[2014.04.27 10:41:37 | 000,006,331 | ---- | M] () -- \AdwCleaner\Quarantine\C\Documents and Settings\pocitac\Local Settings\Data aplikací\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\loader.gif.vir
[2014.04.27 10:41:37 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Documents and Settings\pocitac\Local Settings\Data aplikací\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\loader.gif.vir
[2014.04.27 10:41:37 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Documents and Settings\pocitac\Local Settings\Data aplikací\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded\loader.gif.vir
[2014.04.27 10:41:38 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Documents and Settings\pocitac\Local Settings\Data aplikací\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square\loader.gif.vir
[2014.04.27 10:41:36 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\loader.gif.vir
[2014.04.27 10:41:36 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files\Mobogenie\templates\web\images\prettyPhoto\dark_square\loader.gif.vir
[2014.04.27 10:41:37 | 000,006,331 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files\Mobogenie\templates\web\images\prettyPhoto\default\loader.gif.vir
[2014.04.27 10:41:37 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files\Mobogenie\templates\web\images\prettyPhoto\facebook\loader.gif.vir
[2014.04.27 10:41:37 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files\Mobogenie\templates\web\images\prettyPhoto\light_rounded\loader.gif.vir
[2014.04.27 10:41:38 | 000,002,545 | ---- | M] () -- \AdwCleaner\Quarantine\C\Program Files\Mobogenie\templates\web\images\prettyPhoto\light_square\loader.gif.vir
[2012.02.29 08:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.02.29 08:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2012.08.12 15:55:08 | 000,001,980 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\.techniclauncher\tekkit\mods\ComputerCraft\org\luaj\vm2\luajc\JavaLoader.class
[2012.08.12 15:59:16 | 000,004,966 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\.techniclauncher\voxelmodpack\ModLoader.txt
[2012.08.12 15:59:10 | 000,000,250 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\.techniclauncher\voxelmodpack\config\ModLoader.cfg
[2012.08.12 15:57:36 | 000,000,833 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\.techniclauncher\yogbox\config\ModLoader.cfg
[2012.08.12 15:57:30 | 000,000,047 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\.techniclauncher\yogbox\config\mod_ModLoaderMp.cfg
[2013.03.29 13:37:34 | 000,059,384 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\Seznam.cz\bin\30941libfoxloader.dll
[2013.04.15 13:32:10 | 000,060,416 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\Seznam.cz\bin\30945libfoxloader-x64.dll
[2014.02.10 20:17:42 | 000,000,165 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\Seznam.cz\conf\szndesktop.d\libfoxloader.conf
[2013.01.09 12:41:56 | 000,030,608 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\Seznam.cz\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2013.03.25 16:27:20 | 000,000,665 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.install.bat
[2013.03.25 16:27:26 | 000,000,117 | ---- | M] () -- \Documents and Settings\pocitac\Data aplikací\Seznam.cz\uninstall\cz_seznam_software_libfoxloader_3_1_2.uninstall.bat
[2005.06.06 23:02:16 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Photoshop Album Starter Edition\3.0\Shared_Assets\combined_bitmaps\main_window\C_LoadError.png
[2001.01.16 06:55:36 | 000,053,248 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.DLL
[2001.01.16 04:22:34 | 000,002,560 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.TLB
[2011.09.01 12:13:30 | 000,112,128 | ---- | M] () -- \Program Files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2012.05.16 07:50:40 | 000,342,528 | ---- | M] () -- \Program Files\Fotolab\Fotolab Fotosvet\CWImageLoader0.dll
[2012.04.04 10:12:16 | 000,001,538 | ---- | M] () -- \Program Files\HF Designer\Loader.elf
[2014.01.29 11:26:58 | 000,924,736 | ---- | M] () -- \Program Files\HF Designer\Loader.exe
[2013.01.09 12:41:56 | 000,030,608 | ---- | M] () -- \Program Files\Seznam.cz\distribution\install\cz.seznam.software.libfoxloader-3.0.0-win32.zip
[2010.02.10 18:10:14 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2004.08.17 15:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2004.08.03 22:59:38 | 000,230,400 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.exe
[2004.08.03 22:59:38 | 000,278,016 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.ntd
[2008.04.14 05:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 20:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 20:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 05:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[19 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2013.12.05 09:32:02 | 000,012,532 | ---- | M] () -- \WINDOWS\system32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2013.12.05 09:32:02 | 000,012,532 | ---- | M] () -- \WINDOWS\system32\Adobe\Shockwave 12\shockwave_Projector_Loader.dcr

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2004.08.17 15:44:16 | 000,030,301 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2012.05.12 18:11:03 | 000,032,768 | ---- | M] () -- \Documents and Settings\pocitac\Local Settings\Data aplikací\HF Designer\{A7E34C75-DBE6-413C-9E64-FED9AD8CB48B}\mdbu\Locations!IX_VolumeSerialNumber_Location.ind
[2012.05.12 18:11:04 | 000,008,192 | ---- | M] () -- \Documents and Settings\pocitac\Local Settings\Data aplikací\HF Designer\{A7E34C75-DBE6-413C-9E64-FED9AD8CB48B}\mdbu\Media!IX_VolumeSerialNumber.ind
[2011.03.10 00:43:26 | 000,413,696 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.dll
[2012.06.29 16:45:42 | 001,186,816 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.ni.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2004.08.17 15:43:56 | 000,028,416 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\grserial.sys
[2004.08.17 15:44:16 | 000,064,640 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2008.05.01 10:18:57 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2007.11.18 21:21:20 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.08.29 14:55:52 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2014.02.13 09:41:01 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.08.29 14:56:01 | 000,090,112 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2013.05.14 18:05:08 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.13 10:43:06 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6c29ee2bedfe88dcd66993f1af135ad8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.13 10:40:52 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9860da66bf0219612908e7412b0a6e2e\System.Runtime.Serialization.ni.dll
[2013.08.15 10:56:23 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a95e0af6fa5d2e8ffd5e0091f6513271\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2013.08.15 10:16:44 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\ba6670610621b25b1608e457ba0ef305\System.Runtime.Serialization.ni.dll
[2004.07.15 15:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 19:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.09.10 17:46:28 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 04:17:25 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 04:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2004.07.19 18:54:20 | 000,131,072 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\system.runtime.serialization.formatters.soap.dll
[2001.10.25 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2001.10.25 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[19 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2001.10.25 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2001.10.25 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 04:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

......................................

cedan · #28 Příspěvek od **cedan** » 03 čer 2014 15:57

........................................

< *w7lxe* /s >

========== Files - Unicode (All) ==========
[2011.03.24 22:25:02 | 000,000,000 | ---D | M](C:\Documents and Settings\pocitac\Data aplikac?) -- C:\Documents and Settings\pocitac\Data aplikac�
[2011.03.24 22:25:02 | 000,000,000 | ---D | M](C:\Documents and Settings\pocitac\Data aplikac?) -- C:\Documents and Settings\pocitac\Data aplikac�
(C:\Documents and Settings\pocitac\Data aplikac?) -- C:\Documents and Settings\pocitac\Data aplikac�

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

< End of report >

#29 Příspěvek od **Márty84** » 03 čer 2014 17:29

Zase jste pouzil to stare RSIT

Dejte mi tu log z te nove verze.

cedan · #30 Příspěvek od **cedan** » 03 čer 2014 18:06

Omlouvam se tak nejak automaticky jdu na tu vasi stranku o te napovede a stahuju to odsud.
Samozrejme zde je novy log z RSIT

Logfile of random's system information tool 1.10 (written by random/random)
Run by pocitac at 2014-06-03 19:03:41
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (19%) free of 52 GB
Total RAM: 959 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:03:46, on 3.6.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\PnkBstrA.exe
D:\PO FORMATU SYSTEMU WINDOWS XP\Průhledné hodiny\tclock.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\pocitac\Plocha\OTL.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\TeamViewer\Version9\TeamViewer.exe
C:\Program Files\TeamViewer\Version9\tv_w32.exe
c:\program files\teamviewer\version9\TeamViewer_Desktop.exe
C:\Documents and Settings\pocitac\Plocha\RSIT.exe
C:\Program Files\trend micro\pocitac.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_24\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.6.0_24\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Printsrv] c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
O4 - HKCU\..\Run: [TransClock] D:\PO FORMATU SYSTEMU WINDOWS XP\Průhledné hodiny\tclock.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlý začátek s aplikací HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_24\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_24\bin\jp2iexp.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
O24 - Desktop Component 0: (no name) - https://www.mojebanka.cz/js/cexi/zoom.js?2402

--
End of file - 7794 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\pocitac\Data aplikací\Mozilla\Firefox\Profiles\ygqnynkr.default-1385666418012

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre1.6.0_24\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448]
"Description"=6.0.12.448
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

C:\Program Files\Mozilla Firefox\components\
nppl3260.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
nprpjplug.dll

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_24\bin\ssv.dll [2012-01-04 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-09-16 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.6.0_24\bin\jp2ssv.dll [2012-01-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre1.6.0_24\lib\deploy\jqs\ie\jqs_plugin.dll [2012-01-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-06 16262656]
"Printsrv"=c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs [2013-05-01 543]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"TransClock"=D:\PO FORMATU SYSTEMU WINDOWS XP\Průhledné hodiny\tclock.exe [2001-11-15 245760]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-27 1211176]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Rychlý začátek s aplikací HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\InterVideo\DVD6\WinDVD.exe"="D:\InterVideo\DVD6\WinDVD.exe:*:Enabled:WinDVD"
"C:\Program Files\Java\jre1.6.0_24\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_24\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\javaw.exe"="C:\WINDOWS\system32\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\TeamViewer\Version9\TeamViewer.exe"="C:\Program Files\TeamViewer\Version9\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"vidc.iv50"=ir50_32.dll
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv41"=ir41_32.ax
"vidc.LEAD"=LCODCCMP.DLL
"MSVideo8"=VfWWDM32.dll
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2014-06-03 19:03:17 ----SHD---- C:\RECYCLER
2014-06-02 18:18:27 ----D---- C:\WINDOWS\temp
2014-06-02 18:18:25 ----A---- C:\ComboFix.txt
2014-06-01 20:45:40 ----A---- C:\Boot.bak
2014-06-01 20:45:31 ----RASHD---- C:\cmdcons
2014-06-01 20:37:33 ----A---- C:\WINDOWS\zip.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\SWSC.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\SWREG.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\sed.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\PEV.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\NIRCMD.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\MBR.exe
2014-06-01 20:37:33 ----A---- C:\WINDOWS\grep.exe
2014-06-01 20:37:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2014-06-01 20:37:09 ----D---- C:\Qoobox
2014-06-01 20:36:20 ----D---- C:\WINDOWS\erdnt
2014-05-31 21:52:12 ----A---- C:\WINDOWS\system32\drivers\TrueSight.sys
2014-05-31 21:52:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\RogueKiller
2014-05-31 12:39:59 ----D---- C:\Documents and Settings\pocitac\Data aplikací\Malwarebytes
2014-05-31 12:39:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-05-31 12:39:38 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-05-31 12:29:47 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-05-31 12:28:21 ----D---- C:\AdwCleaner
2014-05-31 12:21:26 ----D---- C:\rsit
2014-05-31 11:29:54 ----D---- C:\Program Files\TeamViewer
2014-05-31 11:16:16 ----D---- C:\Program Files\trend micro
2014-05-31 11:00:53 ----D---- C:\Documents and Settings\pocitac\Data aplikací\TS3Client
2014-05-31 11:00:30 ----D---- C:\Program Files\TeamSpeak 3 Client
2014-05-31 10:51:23 ----D---- C:\Program Files\Lavalys
2014-05-10 15:27:59 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2014-06-03 16:52:13 ----D---- C:\WINDOWS\Prefetch
2014-06-03 16:05:07 ----D---- C:\Documents and Settings\pocitac\Data aplikací\.minecraft
2014-06-02 18:18:28 ----D---- C:\WINDOWS\system32\drivers
2014-06-02 18:18:27 ----D---- C:\WINDOWS
2014-06-02 18:17:29 ----D---- C:\WINDOWS\system32\CatRoot2
2014-06-02 18:14:20 ----A---- C:\WINDOWS\system.ini
2014-06-02 18:14:04 ----D---- C:\WINDOWS\system32\drivers\etc
2014-06-02 18:13:53 ----D---- C:\Config.Msi
2014-06-02 18:12:51 ----D---- C:\WINDOWS\system32\config
2014-06-02 18:09:18 ----D---- C:\WINDOWS\system32
2014-06-02 18:09:17 ----D---- C:\WINDOWS\AppPatch
2014-06-02 18:09:16 ----D---- C:\Program Files\Common Files
2014-06-02 17:55:18 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-06-02 17:54:34 ----SHD---- C:\WINDOWS\Installer
2014-06-02 17:54:34 ----RD---- C:\Program Files
2014-06-02 17:54:11 ----SD---- C:\WINDOWS\Tasks
2014-06-02 17:50:44 ----D---- C:\WINDOWS\Help
2014-06-02 17:22:16 ----D---- C:\Documents and Settings\pocitac\Data aplikací\Skype
2014-06-01 21:07:47 ----SHD---- C:\System Volume Information
2014-06-01 21:07:47 ----D---- C:\WINDOWS\system32\Restore
2014-06-01 21:04:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-06-01 20:45:40 ----RASH---- C:\boot.ini
2014-06-01 20:32:51 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2014-06-01 20:32:46 ----D---- C:\Program Files\Common Files\PC Tools
2014-05-31 17:38:33 ----D---- C:\Documents and Settings\pocitac\Data aplikací\Seznam.cz
2014-05-31 17:30:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2884256$
2014-05-31 17:26:59 ----HD---- C:\WINDOWS\inf
2014-05-31 17:26:59 ----D---- C:\Program Files\GotClip
2014-05-31 12:30:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2014-05-31 11:30:06 ----RSD---- C:\WINDOWS\Fonts
2014-05-15 14:11:24 ----D---- C:\WINDOWS\system32\MRT
2014-05-15 07:16:45 ----A---- C:\WINDOWS\system32\MRT.exe
2014-05-14 15:37:00 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-14 15:20:19 ----D---- C:\Program Files\Common Files\Adobe
2014-05-14 15:10:14 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-05-05 17:17:42 ----D---- C:\Program Files\Minecraft 1.7.2
2014-05-04 10:37:50 ----D---- C:\WINDOWS\ie8updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 d347bus;d347bus; C:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; C:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 nvata;nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [2006-08-14 105344]
R0 prohlp02;StarForce Protection Helper Driver v2; C:\WINDOWS\System32\drivers\prohlp02.sys [2004-08-09 114016]
R0 prosync1;StarForce Protection Synchronization Driver v1; C:\WINDOWS\System32\drivers\prosync1.sys [2004-07-19 7040]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 sfhlp01;StarForce Protection Helper Driver; C:\WINDOWS\System32\drivers\sfhlp01.sys [2003-12-01 4832]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2013-02-08 12648960]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 K320bus;Sony Ericsson K320 driver (WDM); C:\WINDOWS\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
S3 mbr;mbr; \??\C:\DOCUME~1\pocitac\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-11-01 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2013-07-17 123008]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2014-03-09 66872]
R2 TeamViewer9;TeamViewer 9; C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe [2014-04-25 5024576]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-08-16 155715]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-10 119408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

VIRY.CZ

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu