VIRY.CZ

combofix sa pripajal na microsoft stranku a stahoval odtial fu nejake okno uz som aj zabudol co to bolo daco co bude pri starte cervene


ComboFix 12-12-25.02 - JST CORP . 12. 2012 19:59:11.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.503 [GMT 1:00]
Spuštěný z: c:\documents and settings\JST CORP\Plocha\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET901.tmp
c:\windows\system32\SET907.tmp
c:\windows\system32\SET911.tmp
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-26 do 2012-12-26 )))))))))))))))))))))))))))))))
.
.
2012-12-26 14:28 . 2012-12-26 14:28 -------- d-----w- c:\documents and settings\JST CORP\Data aplikací\Malwarebytes
2012-12-26 14:27 . 2012-12-26 14:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2012-12-26 14:27 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-26 14:27 . 2012-12-26 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-26 11:20 . 2012-12-26 15:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SecTaskMan
2012-12-26 11:20 . 2012-12-26 11:20 -------- d-----w- c:\program files\Security Task Manager
2012-12-24 17:44 . 2012-12-26 08:16 -------- d-----w- c:\program files\trend micro
2012-12-24 17:44 . 2012-12-24 17:44 -------- d-----w- C:\rsit
2012-12-16 04:42 . 2012-12-16 04:42 16363960 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-25 12:58 . 2012-01-14 17:56 60416 ----a-w- c:\windows\ALCFDRTM.VER
2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 04:42 . 2012-04-21 08:41 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 04:42 . 2012-01-15 14:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 11:55 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:12 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:12 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2012-10-08 07:21 . 2012-03-14 06:40 62512 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2012-10-08 07:21 . 2012-03-14 06:40 40376 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2012-10-08 07:21 . 2012-03-14 06:40 149568 ----a-w- c:\windows\system32\drivers\epfw.sys
2012-10-08 07:21 . 2012-03-14 06:40 121216 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-10-08 07:21 . 2012-03-14 06:40 159832 ----a-w- c:\windows\system32\drivers\eamon.sys
2012-10-02 18:04 . 2006-03-02 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-12-16 11:38 . 2012-12-16 11:37 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\JST CORP\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\JST CORP\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\JST CORP\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 ----a-w- c:\documents and settings\JST CORP\Data aplikací\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 77824]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-09-06 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-10-23 5074384]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 07:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\JST CORP\\Data aplikací\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3. 4. 2012 19:21 691696]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14. 3. 2012 7:40 121216]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [23. 10. 2012 17:38 1329304]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26. 12. 2012 15:27 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26. 12. 2012 15:27 22856]
R3 Razerlow;Razer Copperhead Driver;c:\windows\system32\drivers\Razerlow.sys [14. 1. 2012 19:06 19020]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [5. 9. 2012 16:56 234776]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 04:42]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{DA396696-FD5D-4165-8D2F-FBF602EEBD72}: NameServer = 195.80.175.66 195.80.171.4
FF - ProfilePath - c:\documents and settings\JST CORP\Data aplikací\Mozilla\Firefox\Profiles\xnjccw8e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-26 20:06
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-861567501-484061587-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2012-12-26 20:09:30
ComboFix-quarantined-files.txt 2012-12-26 19:09
.
Před spuštěním: Volných bajtů: 32 409 583 616
Po spuštění: Volných bajtů: 32 453 128 192
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B536322ACAA2600E1F9B4C0E6178B0AF

z toho mbam kde najdem vypisy aby som to sem dal???

mne to je jasne ze ste odbornik od fachu a viete viac ako ja , ze vam tam daco nesedi, mohlo sa stat vsetko ale prisaham ze za celych 6 rokov sa mi to okno o nepravom OS neobjavilo nikdy, aj teraz to combo stahovalo daco z ms a nezablokovalo sa to tak neviem

Ad CF: Něco bylo smazáno, zbytek logu vypadá čistý.
Ad MBAM: zde je kompletní návod http://forum.viry.cz/viewtopic.php?f=29&t=115222 .

1. vykonal som skor rychlu kontrolu:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.12.26.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
JST CORP :: JST [administrátor]

Ochrana: Povolena

26. 12. 2012 15:32:58
mbam-log-2012-12-26 (15-32-58).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 215974
Uplynulý čas: 4 minut, 11 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

2. uplnu
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.12.26.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
JST CORP :: JST [administrátor]

Ochrana: Povolena

26. 12. 2012 15:42:17
mbam-log-2012-12-26 (15-42-17).txt

Typ: Úplná kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 409344
Uplynulý čas: 56 minut, 13 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
D:\Downloads\crack\Autodesk AutoCAD 2009\xf-acad9-32-BITS.exe (RiskWare.Tool.HCK) -> Umístnění do karantény a smazání se zdařilo.
D:\Downloads\crack\Autodesk AutoCAD 2009\xf-acad9-64-BITS.exe (RiskWare.Tool.CK) -> Umístnění do karantény a smazání se zdařilo.

(konec)

3. este raz uplnu
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.12.26.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
JST CORP :: JST [administrátor]

Ochrana: Povolena

26. 12. 2012 17:03:28
mbam-log-2012-12-26 (17-03-28).txt

Typ: Úplná kontrola (C:\|D:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 409762
Uplynulý čas: 2 hodin, 19 minut, 26 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
D:\System Volume Information\_restore{6D56F5B5-926A-48E4-AB16-20C9B0D422C1}\RP91\A0029346.exe (RiskWare.Tool.HCK) -> Umístnění do karantény a smazání se zdařilo.
D:\System Volume Information\_restore{6D56F5B5-926A-48E4-AB16-20C9B0D422C1}\RP91\A0029345.exe (RiskWare.Tool.CK) -> Umístnění do karantény a smazání se zdařilo.

(konec)


hlbkova kontrola esetom nic nenasla

restartujem pc uviidm co sa bude diat

takze ziadna zmena, nemyslim si ze to bude nieco s virmi a havetami. najlepsie je to vidno na tom obrazku od security task manger co sa spusta po tej hluchej minutovej chvile. Neviem ci nebude dobre fakt natocit videjko ulozit ho niekam aby ste to lepsie videl a pochopil co to robi. sledoval som aj ten subor Wgatray v spravcovi uloh on po tej hluchej chvile vybehne na 80% zatazenia procesoru a pootm zmizne odtial.

Pc som preinstalovaval 15. januara tohto roku, hovorim neni tam nic v tom pc ,zakaldne programy len , hdd su defragmentovane pc cisteny. ale od urcitej doby to proste robi tento problem aj ked ako som psial v pribehu dna to islo chvilu spustat aj normalne bez cakania. NEVIEM TEDA V COM JE PROBLEM , asi pomoze len preinstalovanie neviem Vas napad????

CF něco smazal a MBAM cracky AutoCADu a jeho kopie v záloze systému. Virový problém to tedy určitě nebude. Možná by pomohlo, kdybyste se rozpoměl, co jste instaloval těsně před tím, než se problém projevil (program, aktualizaci, apod.).

takto ja by som povedal ze sa to prejavilo ako sa postupne nabalovali vsetky aktualizacie do winu , ale neviem odpovedat presne na vasu otazku ze co a kedy to sposobilo, ja ten pc moc nepouzivam sedim tam vacsinov brat a kresli v tych cadoch, su tam fakt nainstalovane len zakaldne veci, takze neviem len ma kuart to hneva ze ked si tam sadnem a chem daco rychlo kuknut tak proste nereaguje ten pc ako by mal

takze otazka znie viete mi aj tak poradit alebo to neham tak a casom to opat preinstalujem, resp to dam do toho videa aby to bolo pre predsatvu lepsie. ci viete o aky problem sa jedna ze ste sa uz s tym stretli???

dakujem

Vím pouze, že problém není způsoben virem. Pokud tvrdíte, že PC byl pravidelně čištěn a defragmentován, pak už zbývá jen možnost nějaké kolize dvou, čí více programů. Proto se vás ptám na ty instalace.

hm pozeram cc cleaner co bolo kedy nainstalovane lebo takto vam nepoviem kedy presne to zacalo, ale tipol by som si na

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

ci toto nevadi ze tam je dvakrat to iste len ina verzia alebo pootm nejaky net framewrok (Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 SP1 , Microsoft .NET Framework 3.0 Service Pack 2 ) ale to by to nemalo robit, z programov neviem to su miny programy na vypocty co pouziva brat a maju max 20 mb.
skusim este pokukat v xp managerovi co osm stiahol ci neico neobjavim

Oba uvedené softy potřebují některé programy ke své činnosti. Zkuste je reinstalovat, v PC být musí.

este ma napada neviem v tom defragleri ked defragmentujem C disk stale mi tam ostava oblast s 26 fragmentovanymi stvorcami v rade schovava sa pod nimi nejaky subor $MFT cize ako so msa docital je to master file table a suvisi s diskom. nemoze to to spomalovat?? fakt uz neviem este ksuism par veci odinstalovat a uviidm

Některé soubory nejsou přesouvatelné. Tenhle mezi ně patří.

hm upratal som to aj tym xp manazerom, zafixoval problemy vycistil veci vsetko co som vedel nepomohlo VZDAVAM SA vyhral nado mnou, mozno aj ako som registre cistil sa mohlo daco pokazit ale ekd neveim kedy presne to zacalo asi nepohnem tym, a mylsim ze ani VY

aj ked nechapem preco to chvilu ficalo hm , este ma naapda ze predtym som vypol v ccclenerovi to kontextove menu pri starte a slapalo to tiez par dni ale potom to zase islo tak ako teraz

Pak už je jediná možnost, poškozený systém. Zkuste opravu z instalačky, pokud se nezdaří ani ta, pak už jen reinstal.

hodim este log na kontrolu:

Logfile of random's system information tool 1.09 (written by random/random)
Run by JST CORP at 2012-12-29 17:31:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (62%) free of 50 GB
Total RAM: 1023 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:31:50, on 29. 12. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
D:\Downloads\programy\RSIT.exe
C:\Program Files\trend micro\JST CORP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6234333765
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA396696-FD5D-4165-8D2F-FBF602EEBD72}: NameServer = 195.80.175.66 195.80.171.4
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 6151 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\JST CORP\Data aplikací\Mozilla\Firefox\Profiles\xnjccw8e.default

prefs.js - "browser.startup.homepage" - "http://www.google.sk/"

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2011-10-08 16744256]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit -login []
"nwiz"=C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2011-10-08 1632360]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"razer"=C:\Program Files\Razer\Copperhead\razerhid.exe [2005-09-06 155648]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-10-23 5074384]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan Plus.lnk]
C:\PROGRA~1\MCAFEE~1\30D80A~1.285\SSSCHE~1.EXE [2012-09-05 271808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"="C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Documents and Settings\JST CORP\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\JST CORP\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.FFDS"=C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

======List of files/folders created in the last 3 months======

2012-12-29 17:30:29 ----AD---- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZZZZ....Z....Z
2012-12-29 17:25:43 ----AD---- C:\3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ
2012-12-29 17:06:35 ----ASH---- C:\pagefile.sys
2012-12-29 16:50:17 ----A---- C:\WINDOWS\UPGRADE.TXT
2012-12-28 15:30:47 ----D---- C:\WINDOWS\Prefetch
2012-12-28 09:57:30 ----D---- C:\Program Files\Yamicsoft
2012-12-28 09:32:31 ----SHD---- C:\RECYCLER
2012-12-26 20:09:31 ----A---- C:\ComboFix.txt
2012-12-26 19:57:39 ----A---- C:\Boot.bak
2012-12-26 19:57:36 ----RASHD---- C:\cmdcons
2012-12-26 19:55:31 ----A---- C:\WINDOWS\zip.exe
2012-12-26 19:55:31 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-12-26 19:55:31 ----A---- C:\WINDOWS\SWSC.exe
2012-12-26 19:55:31 ----A---- C:\WINDOWS\SWREG.exe
2012-12-26 19:55:31 ----A---- C:\WINDOWS\sed.exe
2012-12-26 19:55:31 ----A---- C:\WINDOWS\PEV.exe
2012-12-26 19:55:31 ----A---- C:\WINDOWS\NIRCMD.exe
2012-12-26 19:55:31 ----A---- C:\WINDOWS\MBR.exe
2012-12-26 19:55:31 ----A---- C:\WINDOWS\grep.exe
2012-12-26 19:55:19 ----D---- C:\Qoobox
2012-12-26 19:55:07 ----D---- C:\WINDOWS\erdnt
2012-12-26 15:28:01 ----D---- C:\Documents and Settings\JST CORP\Data aplikací\Malwarebytes
2012-12-26 15:27:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2012-12-26 15:27:51 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-12-26 15:27:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-12-26 12:20:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\SecTaskMan
2012-12-26 12:20:11 ----D---- C:\Program Files\Security Task Manager
2012-12-24 18:44:19 ----D---- C:\Program Files\trend micro
2012-12-24 18:44:18 ----D---- C:\rsit
2012-12-22 21:12:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842-v2$
2012-12-16 12:44:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2012-12-16 12:44:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2779030$
2012-12-16 12:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2779562$
2012-12-16 12:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2753842$
2012-12-16 12:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2012-12-16 12:37:38 ----D---- C:\Program Files\Mozilla Firefox
2012-12-16 05:42:41 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2012-12-01 08:54:49 ----D---- C:\WINDOWS\pss
2012-11-24 14:07:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\McAfee Security Scan
2012-11-24 14:07:36 ----D---- C:\Program Files\McAfee Security Scan
2012-11-17 12:54:25 ----D---- C:\Program Files\ESET
2012-11-17 12:54:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2012-11-17 09:31:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2012-11-17 09:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2761226$
2012-11-01 12:55:22 ----D---- C:\Documents and Settings\JST CORP\Data aplikací\TeamViewer
2012-11-01 12:51:26 ----D---- C:\Program Files\TeamViewer
2012-10-13 11:20:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2724197$
2012-10-13 11:17:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2756822$
2012-10-13 11:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2012-10-13 11:16:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2661254-v2$

======List of files/folders modified in the last 3 months======

2012-12-29 17:24:00 ----D---- C:\WINDOWS\Temp
2012-12-29 16:58:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-12-29 16:58:18 ----D---- C:\WINDOWS
2012-12-29 16:39:13 ----D---- C:\WINDOWS\system32\CatRoot2
2012-12-28 15:29:23 ----D---- C:\WINDOWS\system32\config
2012-12-28 14:48:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-12-28 14:14:15 ----D---- C:\WINDOWS\system32
2012-12-28 12:51:46 ----RD---- C:\WINDOWS\Web
2012-12-28 12:51:46 ----RD---- C:\Program Files
2012-12-28 12:49:14 ----A---- C:\WINDOWS\ODBCINST.INI
2012-12-28 12:45:46 ----D---- C:\WINDOWS\system32\CatRoot
2012-12-28 12:43:08 ----D---- C:\WINDOWS\system32\ias
2012-12-28 12:42:26 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2012-12-28 12:08:31 ----D---- C:\WINDOWS\system32\drivers
2012-12-28 11:16:13 ----D---- C:\Program Files\WinRAR
2012-12-28 10:44:55 ----D---- C:\WINDOWS\SoftwareDistribution
2012-12-28 10:37:50 ----D---- C:\Documents and Settings\JST CORP\Data aplikací\Dropbox
2012-12-28 09:57:36 ----SHD---- C:\WINDOWS\Installer
2012-12-27 20:51:37 ----RASH---- C:\boot.ini
2012-12-27 20:51:37 ----A---- C:\WINDOWS\win.ini
2012-12-27 20:51:37 ----A---- C:\WINDOWS\system.ini
2012-12-26 20:06:13 ----D---- C:\WINDOWS\system32\drivers\etc
2012-12-26 20:03:29 ----D---- C:\WINDOWS\AppPatch
2012-12-26 20:03:28 ----D---- C:\Program Files\Common Files
2012-12-26 19:28:21 ----D---- C:\WINDOWS\SHELLNEW
2012-12-25 11:01:19 ----D---- C:\Program Files\CCleaner
2012-12-25 10:22:59 ----HD---- C:\WINDOWS\inf
2012-12-24 17:24:30 ----D---- C:\Program Files\Defraggler
2012-12-22 21:12:48 ----HD---- C:\WINDOWS\$hf_mig$
2012-12-18 14:31:46 ----D---- C:\Documents and Settings\JST CORP\Data aplikací\Media Player Classic
2012-12-18 14:31:46 ----D---- C:\Documents and Settings\JST CORP\Data aplikací\CoreFTP
2012-12-18 14:29:38 ----D---- C:\WINDOWS\Debug
2012-12-18 14:20:18 ----D---- C:\Documents and Settings\JST CORP\Data aplikací\Canon
2012-12-18 13:24:37 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-12-16 13:23:59 ----A---- C:\WINDOWS\system32\atmfd.dll
2012-12-16 12:43:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-12-16 12:40:29 ----D---- C:\Program Files\Internet Explorer
2012-12-16 05:42:50 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-12-13 23:49:28 ----A---- C:\WINDOWS\system32\MRT.exe
2012-11-24 14:10:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2012-11-17 15:13:52 ----D---- C:\WINDOWS\Microsoft.NET
2012-11-17 15:13:47 ----RSD---- C:\WINDOWS\assembly
2012-11-17 09:29:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-11-17 09:29:16 ----D---- C:\WINDOWS\WinSxS
2012-11-12 20:52:35 ----A---- C:\WINDOWS\system32\mshtml.dll
2012-11-10 01:39:07 ----N---- C:\WINDOWS\system32\tzchange.exe
2012-11-02 03:03:56 ----A---- C:\WINDOWS\system32\dpnet.dll
2012-11-01 17:42:26 ----A---- C:\WINDOWS\system32\ieframe.dll
2012-11-01 13:12:24 ----N---- C:\WINDOWS\system32\occache.dll
2012-11-01 13:12:24 ----N---- C:\WINDOWS\system32\mstime.dll
2012-11-01 13:12:24 ----N---- C:\WINDOWS\system32\licmgr10.dll
2012-11-01 13:12:24 ----N---- C:\WINDOWS\system32\jsproxy.dll
2012-11-01 13:12:24 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2012-11-01 13:12:24 ----A---- C:\WINDOWS\system32\wininet.dll
2012-11-01 13:12:24 ----A---- C:\WINDOWS\system32\urlmon.dll
2012-11-01 13:12:24 ----A---- C:\WINDOWS\system32\url.dll
2012-11-01 13:12:24 ----A---- C:\WINDOWS\system32\mshtmled.dll
2012-11-01 13:12:24 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2012-11-01 13:12:24 ----A---- C:\WINDOWS\system32\msfeeds.dll
2012-11-01 13:12:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2012-11-01 13:12:24 ----A---- C:\WINDOWS\system32\iepeers.dll
2012-11-01 01:35:49 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2012-10-03 05:58:09 ----A---- C:\WINDOWS\system32\kernel32.dll
2012-10-02 19:04:39 ----A---- C:\WINDOWS\system32\synceng.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-11-03 86144]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2012-04-03 691696]
R1 AmdK8;Ovladač procesoru AMD Athlon64; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38400]
R1 AsIO;AsIO; \??\C:\WINDOWS\system32\drivers\AsIO.sys []
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2012-10-08 159832]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2012-10-08 62512]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 ASInsHelp;ASInsHelp; \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys []
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2012-10-08 149568]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2007-04-27 90688]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2012-10-08 40376]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2011-10-08 12791488]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-11-11 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-11-11 12928]
R3 Razerlow;Razer Copperhead Driver; C:\WINDOWS\System32\Drivers\Razerlow.sys [2005-08-12 19020]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 catchme;catchme; \??\C:\DOCUME~1\JSTCOR~1\LOCALS~1\Temp\catchme.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-10-23 1329304]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2011-10-08 298304]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-08 2253120]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-16 250808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2012-01-21 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-12-16 115168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------