Zdravím, prosím o kontrolu logu. Počítač je zpomalený a občas zamrzá. Děkuji.
Logfile of random's system information tool 1.09 (written by random/random)
Run by Zdeněk at 2012-04-05 14:22:59
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 232 GB (49%) free of 477 GB
Total RAM: 3071 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:23:07, on 5.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
c:\program files (x86)\mozilla firefox\firefox.exe
C:\Program Files\trend micro\Zdeněk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={312F12D4-3 ... 2012-03-24 10:23:28&v=10.2.0.3&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Task Menu] C:\Users\Zdeněk\Documents\task.exe
O4 - HKCU\..\Run: [Console Window Host] C:\Users\Zdeněk\Documents\conhost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra button: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O9 - Extra 'Tools' menuitem: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O9 - Extra button: Royal Vegas Online Casino - {01C61389-5B7E-47C9-8EB2-A432A22291C0} - C:\Microgaming\Casino\RoyalVegas\casinogame.exe (HKCU)
O9 - Extra button: Ladbrokes Poker - {67D36390-D902-4B8B-8D79-931EC196C91F} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10568 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" -D "C:/Program Files (x86)/PostgreSQL/8.3/data"
\??\C:\Windows\system32\conhost.exe "65739894-496901517-1246831809-1336772859-1180482360687809389565067951744119182
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forklog" "876" "872"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "900" "-x3"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "904" "-x4"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkavlauncher" "900"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkcol" "904"
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe"
"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 2140
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-b5d22c60-a22b-415e-858f-981ebc082f2b -SystemEventPortName:HostProcess-56d6c311-7141-470b-b4f4-ead6d530b44a -IoCancelEventPortName:HostProcess-c0c85df9-1103-45ff-987b-7eb0b71937ec -NonStateChangingEventPortName:HostProcess-02ea7a3b-e4b1-4b0a-a4bb-8a5c89f12745 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:6094446a-bbaf-44fa-9206-c15ae6d2abde
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
taskeng.exe {9E327850-3CF1-4729-B0DC-1F2FCC6147B0}
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe" -boot
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\Steam\Steam.exe" -silent
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\msiexec.exe /V
taskeng.exe {8BF54C4B-6CE2-4A46-B1B3-EA92F082622F}
"c:\program files (x86)\mozilla firefox\firefox.exe" http://ui.skype.com/ui/0/5.8.0.158/cs/g ... Error=1603
"C:\Users\Zdeněk\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\SlimDrivers Startup.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default
prefs.js - "browser.startup.homepage" - "http://seznam.cz/"
prefs.js - "extensions.enabledItems" - "toolbar@ask.com:3.14.1.100010, wrc@avast.com:6.0.1367, battlefieldplay4free@ea.com:1.0.66.2, firefox@tvunetworks.com:2, 5, 3, 1, avg@toolbar:10.2.0.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5"
prefs.js - "keyword.URL" - "http://isearch.avg.com/search?cid=%7B9b ... &sap=ku&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer]
"Description"=TVU Web Player Plugin
"Path"=C:\Windows\system32\TVUAx\npTVUAx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files (x86)\Mozilla Firefox\plugins\
npnul32.dll
NPOFFICE.DLL
nppdf32.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\extensions\
battlefieldplay4free@ea.com
firefox@tvunetworks.com
toolbar@ask.com
C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\searchplugins\
askcom.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-24 1869152]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll [2012-03-24 1869152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2000-01-01 190536]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2000-01-01 13374568]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2011-11-20 1242448]
"Task Menu"=C:\Users\Zdeněk\Documents\task.exe [2011-05-30 547649]
"Console Window Host"=C:\Users\Zdeněk\Documents\conhost.exe [2011-05-30 547649]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2009-07-01 37888]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-12-05 343168]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-01-03 1391272]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2012-03-24 982880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-04-05 14:23:00 ----D---- C:\Program Files\trend micro
2012-04-05 14:22:59 ----D---- C:\rsit
2012-04-02 18:30:50 ----D---- C:\Program Files\CCleaner
2012-04-02 18:15:34 ----D---- C:\Users\Zdeněk\AppData\Roaming\Skype
2012-04-02 18:15:31 ----D---- C:\Program Files (x86)\Skype
2012-04-02 17:54:39 ----D---- C:\ProgramData\Skype
2012-04-01 21:46:01 ----D---- C:\Users\Zdeněk\AppData\Roaming\Nseries
2012-03-28 14:23:29 ----D---- C:\Program Files (x86)\THQ
2012-03-27 13:04:47 ----D---- C:\Program Files\Codemasters
2012-03-26 09:52:46 ----D---- C:\Program Files (x86)\Deep Silver
2012-03-25 19:16:07 ----D---- C:\Program Files (x86)\Cenega Czech
2012-03-24 11:23:27 ----D---- C:\ProgramData\AVG Secure Search
2012-03-24 11:23:25 ----D---- C:\Program Files (x86)\AVG Secure Search
2012-03-24 11:22:46 ----HD---- C:\ProgramData\Common Files
2012-03-22 17:08:15 ----D---- C:\ProgramData\Casino
2012-03-15 11:01:42 ----D---- C:\ProgramData\IsolatedStorage
2012-03-14 20:14:07 ----A---- C:\Windows\system32\win32k.sys
2012-03-14 20:14:03 ----A---- C:\Windows\system32\DWrite.dll
2012-03-14 20:14:02 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-14 12:49:42 ----D---- C:\ProgramData\TrackMania
2012-03-14 12:44:41 ----D---- C:\Program Files (x86)\TmUnitedForever
2012-03-14 12:18:45 ----D---- C:\ProgramData\TrackMania United
2012-03-14 12:14:17 ----D---- C:\Program Files (x86)\TrackMania United
2012-03-14 10:50:16 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-14 10:50:16 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-14 10:50:15 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-14 10:50:15 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-14 10:50:13 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-14 10:50:13 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-14 10:50:13 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-11 12:44:33 ----D---- C:\HM2Archive
2012-03-11 12:44:25 ----D---- C:\Users\Zdeněk\AppData\Roaming\HEM Data
2012-03-11 12:43:08 ----D---- C:\Program Files (x86)\Holdem Manager 2
2012-03-11 12:37:53 ----D---- C:\Users\Zdeněk\AppData\Roaming\postgresql
2012-03-11 12:31:22 ----D---- C:\ProgramData\XHEO INC
2012-03-11 12:31:10 ----D---- C:\Users\Zdeněk\AppData\Roaming\HoldemManager
2012-03-11 12:28:38 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-03-11 12:20:56 ----D---- C:\Program Files (x86)\PSQLINSTALL
2012-03-11 11:07:26 ----D---- C:\Program Files (x86)\PostgreSQL
2012-03-11 11:02:11 ----D---- C:\Program Files (x86)\PokerTracker 3
======List of files/folders modified in the last 1 month======
2012-04-05 14:23:03 ----D---- C:\Windows\Temp
2012-04-05 14:23:00 ----RD---- C:\Program Files
2012-04-05 14:21:08 ----SHD---- C:\Windows\Installer
2012-04-05 14:21:08 ----D---- C:\Windows\system32\Tasks
2012-04-05 14:04:17 ----D---- C:\Windows\Prefetch
2012-04-05 12:07:07 ----D---- C:\Windows\system32\config
2012-04-05 11:54:05 ----D---- C:\Program Files (x86)\Steam
2012-04-05 11:53:44 ----D---- C:\Windows\system32\drivers
2012-04-03 10:56:32 ----SHD---- C:\System Volume Information
2012-04-02 21:28:05 ----D---- C:\Windows\inf
2012-04-02 21:26:09 ----D---- C:\Windows
2012-04-02 19:20:28 ----D---- C:\Users\Zdeněk\AppData\Roaming\Winamp
2012-04-02 18:32:11 ----D---- C:\Users\Zdeněk\AppData\Roaming\DAEMON Tools Lite
2012-04-02 18:32:07 ----D---- C:\Users\Zdeněk\AppData\Roaming\uTorrent
2012-04-02 18:31:44 ----D---- C:\Windows\Panther
2012-04-02 18:31:44 ----D---- C:\Windows\ModemLogs
2012-04-02 18:31:41 ----D---- C:\Windows\Logs
2012-04-02 18:31:41 ----D---- C:\Windows\debug
2012-04-02 18:15:31 ----RD---- C:\Program Files (x86)
2012-04-02 17:59:24 ----D---- C:\Windows\system32\catroot2
2012-04-02 17:54:39 ----HD---- C:\ProgramData
2012-04-02 12:00:41 ----D---- C:\Windows\System32
2012-04-02 12:00:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-01 21:50:46 ----SD---- C:\Users\Zdeněk\AppData\Roaming\Microsoft
2012-03-28 14:33:27 ----RSD---- C:\Windows\assembly
2012-03-27 16:47:14 ----RD---- C:\Users
2012-03-27 15:56:12 ----D---- C:\Program Files (x86)\ParadisePoker
2012-03-26 14:24:18 ----SHD---- C:\Config.Msi
2012-03-26 14:20:33 ----D---- C:\Program Files (x86)\EA Games
2012-03-26 14:19:13 ----D---- C:\Windows\winsxs
2012-03-24 11:26:10 ----D---- C:\Program Files (x86)\Microsoft Office
2012-03-24 11:23:26 ----D---- C:\Program Files (x86)\Common Files
2012-03-24 11:22:40 ----D---- C:\Program Files (x86)\SlimDrivers
2012-03-23 16:45:02 ----D---- C:\ProgramData\boost_interprocess
2012-03-16 16:33:29 ----D---- C:\Users\Zdeněk\AppData\Roaming\Mozilla-Cache
2012-03-16 16:33:19 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-03-16 16:32:38 ----D---- C:\Programs
2012-03-15 21:55:26 ----D---- C:\Poker
2012-03-15 15:56:34 ----D---- C:\Program Files (x86)\EA Sports
2012-03-15 09:13:45 ----D---- C:\Windows\SysWOW64
2012-03-14 21:51:27 ----A---- C:\Windows\system32\MRT.exe
2012-03-14 21:51:13 ----D---- C:\Windows\system32\catroot
2012-03-13 13:56:16 ----D---- C:\Users\Zdeněk\AppData\Roaming\Microgaming
2012-03-13 10:34:35 ----D---- C:\Windows\Microsoft.NET
2012-03-12 18:25:12 ----D---- C:\Program Files (x86)\Everest Poker
2012-03-12 16:40:20 ----D---- C:\bwinPoker JPC
2012-03-11 12:29:21 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-03-11 12:29:21 ----D---- C:\Windows\system32\cs-CZ
2012-03-11 12:24:47 ----D---- C:\Windows\SYSWOW64\en-US
2012-03-11 12:24:47 ----D---- C:\Windows\system32\en-US
2012-03-11 12:24:41 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-03-11 12:22:06 ----D---- C:\Windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 42328]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 591192]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 304472]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 58712]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-19 279616]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2000-01-01 115216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2000-01-01 4716904]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 452200]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2000-01-01 26440]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2000-01-01 43976]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2000-01-01 16200]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2000-01-01 77512]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 MSICDSetup;MSICDSetup; \??\D:\CDriver64.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2009-02-09 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2009-02-09 18944]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2012-04-05 13920]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2009-02-09 8192]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2009-02-09 8192]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-12-06 235520]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-29 935208]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-01-10 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2012-03-05 214520]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-24 918880]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-03-21 489256]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Moc prosím o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Moc prosím o kontrolu logu
Zdravím. 
Vydž minutku, na logu se intenzivně pracuje.
Vydž minutku, na logu se intenzivně pracuje.
-
-
- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Moc prosím o kontrolu logu
Zdendo, mno budeme čistiti, až se z nás (hlavně tedy z Tebe) bude kouřiti. 
Nejprve aktualizuj MS Internet Explorer na poslední verzi. I když používáš prohlížeč Mozilla Firefox, aktualizace řeší spoustu problémů i v systému samotném. Dále, pokud je tam najdeš, tak v nabídce Přidat nebo odebrat programy odinstaluj tyto toolbary: Ask Toolbar a AVG Security Toolbar.
Jsou to veliká "zdržovadla" systému a v případě například Ask.com Toolbar, Conduit Engine a dalších se dá hovořit už i o havěti. SlimDrivers prosim Tě odeber v jejich nastaveních ze spouštění při startu systému - je to zdržovačka a hlavně úplná kravina!
Tento program C:\Users\Zdeněk\Documents\task.exe znáš, máš tam úmyslně? Jestli ne, projeď mi ho na stránkách VirusTotal. Následující soubory otestuj na stránkách VirusTotal.
- C:\Users\Zdeněk\Documents\task.exe
- Klikni na [Choose File].
- Soubor nehledej, jen vlož cestu souboru, který chci otestovat.
- Klikni na [Scan it!].
- Pokud na Tebe vyskočí obrazovka podobná té, co je níže, klikni na [Reanalyse]!
- Výsledek analýzy mi sem vlož (jako odkaz).
Až to všechno provedeš, tak fixni v HJT níže uvedené položky.
- Fixnout znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek.
- Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
- Položky, které v seznamu nenajdeš, prostě přeskoč.
- HJT najdeš zde: C:\Program Files\trend micro\Zdeněk.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra button: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O9 - Extra 'Tools' menuitem: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O9 - Extra button: Royal Vegas Online Casino - {01C61389-5B7E-47C9-8EB2-A432A22291C0} - C:\Microgaming\Casino\RoyalVegas\casinogame.exe (HKCU)
O9 - Extra button: Ladbrokes Poker - {67D36390-D902-4B8B-8D79-931EC196C91F} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe (HKCU)
Proveď pečlivě zatím tohle, hoď sem výsledky a případné odezvy a pak budeme pokračovat, ještě nemáme zdaleka hotovo. 
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Moc prosím o kontrolu logu
Tak sem udělal, co jsi mi psal nebo spíš zkusil.
1) aktualizace internetu exploreru na verzi 9 mi nešla, psalo mi to, že instalace nebyla dokončena a zkoušel jsem to několikrát
2)Toolbary jsou odinstalovány
3)SlimDrivers už se nespouští při zapnutí.
4)projel jsem ten soubor, odkaz: https://www.virustotal.com/file/1fe620f ... 333651918/#
5)fixnul jsem v Hjt ty položky, snad to je dobře:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:23:07, on 5.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
c:\program files (x86)\mozilla firefox\firefox.exe
C:\Program Files\trend micro\Zdeněk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={312F12D4-3 ... 2012-03-24 10:23:28&v=10.2.0.3&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Task Menu] C:\Users\Zdeněk\Documents\task.exe
O4 - HKCU\..\Run: [Console Window Host] C:\Users\Zdeněk\Documents\conhost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra button: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O9 - Extra 'Tools' menuitem: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O9 - Extra button: Royal Vegas Online Casino - {01C61389-5B7E-47C9-8EB2-A432A22291C0} - C:\Microgaming\Casino\RoyalVegas\casinogame.exe (HKCU)
O9 - Extra button: Ladbrokes Poker - {67D36390-D902-4B8B-8D79-931EC196C91F} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
1) aktualizace internetu exploreru na verzi 9 mi nešla, psalo mi to, že instalace nebyla dokončena a zkoušel jsem to několikrát
2)Toolbary jsou odinstalovány
3)SlimDrivers už se nespouští při zapnutí.
4)projel jsem ten soubor, odkaz: https://www.virustotal.com/file/1fe620f ... 333651918/#
5)fixnul jsem v Hjt ty položky, snad to je dobře:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:23:07, on 5.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
c:\program files (x86)\mozilla firefox\firefox.exe
C:\Program Files\trend micro\Zdeněk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={312F12D4-3 ... 2012-03-24 10:23:28&v=10.2.0.3&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Task Menu] C:\Users\Zdeněk\Documents\task.exe
O4 - HKCU\..\Run: [Console Window Host] C:\Users\Zdeněk\Documents\conhost.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra button: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O9 - Extra 'Tools' menuitem: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O9 - Extra button: Royal Vegas Online Casino - {01C61389-5B7E-47C9-8EB2-A432A22291C0} - C:\Microgaming\Casino\RoyalVegas\casinogame.exe (HKCU)
O9 - Extra button: Ladbrokes Poker - {67D36390-D902-4B8B-8D79-931EC196C91F} - C:\Microgaming\Poker\LadbrokesMPP\MPPoker.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Moc prosím o kontrolu logu
1) aktualizace internetu exploreru na verzi 9 mi nešla, psalo mi to, že instalace nebyla dokončena a zkoušel jsem to několikrát
To je divné. Potom na to mrkneme. Napřed vyčistíme, protože máš v PC havěť.
4) projel jsem ten soubor, odkaz: https://www.virustotal.com/file/1fe620f ... 333651918/#
Jak jsi sám viděl, je pěkně zaliskaný, musíme vyčistit.
5) fixnul jsem v Hjt ty položky, snad to je dobře:
Možná ano, ale to nevím, protože jsi mi dal stejný log jako ten první. 
Ale na to se teď vyprdni.
Stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.
To je divné. Potom na to mrkneme. Napřed vyčistíme, protože máš v PC havěť.4) projel jsem ten soubor, odkaz: https://www.virustotal.com/file/1fe620f ... 333651918/#
Jak jsi sám viděl, je pěkně zaliskaný, musíme vyčistit.5) fixnul jsem v Hjt ty položky, snad to je dobře:
Možná ano, ale to nevím, protože jsi mi dal stejný log jako ten první. Ale na to se teď vyprdni. Stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.
- Proveď aktualizaci virové databáze.
- V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
- Předem nic nemaž!!
- MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Moc prosím o kontrolu logu
Tak projeto a zde je log:
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.1.1000
www.malwarebytes.org
Verze databáze: v2012.04.06.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Zdeněk :: KROKY [administrátor]
Ochrana: Povolena
6.4.2012 14:21:53
mbam-log-2012-04-06 (15-17-53).txt
Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 444748
Uplynulý čas: 55 minut, 31 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\royalvegas (PUP.Casino.Gen) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ladbrokes (Poker) (PUP.Casino.Gen) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Expekt Poker (PUP.Casino) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770 (PUP.Casino) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (PUP.Casino) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winnerpoker (PUP.Casino) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 6
C:\Microgaming\Casino\RoyalVegas\install.exe (PUP.Casino.Gen) -> Žádná instrukce nebyla provedena.
C:\Microgaming\Poker\LadbrokesMPP\install.exe (PUP.Casino.Gen) -> Žádná instrukce nebyla provedena.
C:\Poker\Expekt Poker\_SetupPoker_d43d1e.exe (PUP.Casino) -> Žádná instrukce nebyla provedena.
C:\Poker\Poker 770\_SetupCasino_cf77a2.exe (PUP.Casino) -> Žádná instrukce nebyla provedena.
C:\Poker\Titan Poker\_TitanBSetup_681e8.exe (PUP.Casino) -> Žádná instrukce nebyla provedena.
C:\Poker\Winner Poker\_WinnerPSetup_4aa9a6.exe (PUP.Casino) -> Žádná instrukce nebyla provedena.
(konec)
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.60.1.1000
www.malwarebytes.org
Verze databáze: v2012.04.06.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Zdeněk :: KROKY [administrátor]
Ochrana: Povolena
6.4.2012 14:21:53
mbam-log-2012-04-06 (15-17-53).txt
Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 444748
Uplynulý čas: 55 minut, 31 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 6
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\royalvegas (PUP.Casino.Gen) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ladbrokes (Poker) (PUP.Casino.Gen) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Expekt Poker (PUP.Casino) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Poker 770 (PUP.Casino) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Titan Poker (PUP.Casino) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winnerpoker (PUP.Casino) -> Žádná instrukce nebyla provedena.
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 6
C:\Microgaming\Casino\RoyalVegas\install.exe (PUP.Casino.Gen) -> Žádná instrukce nebyla provedena.
C:\Microgaming\Poker\LadbrokesMPP\install.exe (PUP.Casino.Gen) -> Žádná instrukce nebyla provedena.
C:\Poker\Expekt Poker\_SetupPoker_d43d1e.exe (PUP.Casino) -> Žádná instrukce nebyla provedena.
C:\Poker\Poker 770\_SetupCasino_cf77a2.exe (PUP.Casino) -> Žádná instrukce nebyla provedena.
C:\Poker\Titan Poker\_TitanBSetup_681e8.exe (PUP.Casino) -> Žádná instrukce nebyla provedena.
C:\Poker\Winner Poker\_WinnerPSetup_4aa9a6.exe (PUP.Casino) -> Žádná instrukce nebyla provedena.
(konec)
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Moc prosím o kontrolu logu
OK, všechny nálezy MBAMu jsou havěť, takže je nech opravit/smazat. MBAM poté odinstaluj. A pak mi sem hoď aktuální a kompletní log ze RSITu k další analýze.--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Moc prosím o kontrolu logu
Tak havěť vymazána a zde je nový kompletní log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Zdeněk at 2012-04-06 16:38:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 231 GB (49%) free of 477 GB
Total RAM: 3071 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:38:05, on 6.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Zdeněk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Console Window Host] C:\Users\Zdeněk\Documents\conhost.exe
O4 - HKCU\..\Run: [Task Menu] C:\Users\Zdeněk\Documents\task.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra button: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O9 - Extra 'Tools' menuitem: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9005 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\Explorer.EXE
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"taskhost.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles
"C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" -D "C:/Program Files (x86)/PostgreSQL/8.3/data"
\??\C:\Windows\system32\conhost.exe "204005750-820225195129111373834100912-262124142-15798473371322449165-1712468550
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forklog" "876" "872"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "900" "-x3"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "916" "-x4"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkavlauncher" "900"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkcol" "916"
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2796
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-33b77bce-8b57-444a-9773-388070230bba -SystemEventPortName:HostProcess-cd66d7bf-1203-4d1e-9e19-832797263673 -IoCancelEventPortName:HostProcess-97f1143b-1ff7-449e-bc08-a0744891bfbd -NonStateChangingEventPortName:HostProcess-3893569d-b607-4292-8e62-642a134cf283 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:6a0ee57f-d18a-4923-a65f-4abfd7b35dda
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2444 CREDAT:71937
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
taskeng.exe {C4F279E7-6B91-4B2F-925B-6D9E03E6E199}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Zdeněk\Downloads\RSITx64(2).exe"
C:\Windows\system32\wbem\wmiprvse.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default
prefs.js - "browser.startup.homepage" - "http://seznam.cz/"
prefs.js - "extensions.enabledItems" - "toolbar@ask.com:3.14.1.100010, wrc@avast.com:6.0.1367, battlefieldplay4free@ea.com:1.0.66.2, firefox@tvunetworks.com:2, 5, 3, 1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... YYYYCZ&&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer]
"Description"=TVU Web Player Plugin
"Path"=C:\Windows\system32\TVUAx\npTVUAx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files (x86)\Mozilla Firefox\plugins\
npnul32.dll
NPOFFICE.DLL
nppdf32.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\extensions\
battlefieldplay4free@ea.com
firefox@tvunetworks.com
toolbar@ask.com
C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\searchplugins\
askcom.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2000-01-01 190536]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2000-01-01 13374568]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2011-11-20 1242448]
"Console Window Host"=C:\Users\Zdeněk\Documents\conhost.exe [2011-05-30 547649]
"Task Menu"=C:\Users\Zdeněk\Documents\task.exe [2011-05-30 547649]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2009-07-01 37888]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-12-05 343168]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-01-03 1391272]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-04-06 14:19:48 ----D---- C:\Users\Zdeněk\AppData\Roaming\Malwarebytes
2012-04-06 14:19:40 ----D---- C:\ProgramData\Malwarebytes
2012-04-05 14:23:00 ----D---- C:\Program Files\trend micro
2012-04-05 14:22:59 ----D---- C:\rsit
2012-04-02 18:30:50 ----D---- C:\Program Files\CCleaner
2012-04-02 18:15:34 ----D---- C:\Users\Zdeněk\AppData\Roaming\Skype
2012-04-02 18:15:31 ----D---- C:\Program Files (x86)\Skype
2012-04-02 17:54:39 ----D---- C:\ProgramData\Skype
2012-04-01 21:46:01 ----D---- C:\Users\Zdeněk\AppData\Roaming\Nseries
2012-03-28 14:23:29 ----D---- C:\Program Files (x86)\THQ
2012-03-27 13:04:47 ----D---- C:\Program Files\Codemasters
2012-03-26 09:52:46 ----D---- C:\Program Files (x86)\Deep Silver
2012-03-25 19:16:07 ----D---- C:\Program Files (x86)\Cenega Czech
2012-03-24 11:23:25 ----D---- C:\Program Files (x86)\AVG Secure Search
2012-03-24 11:22:46 ----HD---- C:\ProgramData\Common Files
2012-03-22 17:08:15 ----D---- C:\ProgramData\Casino
2012-03-15 11:01:42 ----D---- C:\ProgramData\IsolatedStorage
2012-03-14 20:14:07 ----A---- C:\Windows\system32\win32k.sys
2012-03-14 20:14:03 ----A---- C:\Windows\system32\DWrite.dll
2012-03-14 20:14:02 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-14 12:49:42 ----D---- C:\ProgramData\TrackMania
2012-03-14 12:44:41 ----D---- C:\Program Files (x86)\TmUnitedForever
2012-03-14 12:18:45 ----D---- C:\ProgramData\TrackMania United
2012-03-14 12:14:17 ----D---- C:\Program Files (x86)\TrackMania United
2012-03-14 10:50:16 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-14 10:50:16 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-14 10:50:15 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-14 10:50:15 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-14 10:50:13 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-14 10:50:13 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-14 10:50:13 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-11 12:44:33 ----D---- C:\HM2Archive
2012-03-11 12:44:25 ----D---- C:\Users\Zdeněk\AppData\Roaming\HEM Data
2012-03-11 12:43:08 ----D---- C:\Program Files (x86)\Holdem Manager 2
2012-03-11 12:37:53 ----D---- C:\Users\Zdeněk\AppData\Roaming\postgresql
2012-03-11 12:31:22 ----D---- C:\ProgramData\XHEO INC
2012-03-11 12:31:10 ----D---- C:\Users\Zdeněk\AppData\Roaming\HoldemManager
2012-03-11 12:28:38 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-03-11 12:20:56 ----D---- C:\Program Files (x86)\PSQLINSTALL
2012-03-11 11:07:26 ----D---- C:\Program Files (x86)\PostgreSQL
2012-03-11 11:02:11 ----D---- C:\Program Files (x86)\PokerTracker 3
======List of files/folders modified in the last 1 month======
2012-04-06 16:36:33 ----SHD---- C:\Windows\Installer
2012-04-06 16:35:59 ----D---- C:\Windows\system32\config
2012-04-06 16:35:54 ----D---- C:\Windows\Logs
2012-04-06 16:35:54 ----D---- C:\Program Files\Internet Explorer
2012-04-06 16:35:52 ----D---- C:\Windows\System32
2012-04-06 16:35:52 ----D---- C:\Windows\servicing
2012-04-06 16:35:52 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-06 16:34:30 ----D---- C:\Windows\Temp
2012-04-06 16:33:27 ----D---- C:\Program Files (x86)\Steam
2012-04-06 16:33:03 ----RD---- C:\Program Files (x86)
2012-04-06 16:32:09 ----D---- C:\Windows\system32\drivers
2012-04-06 14:19:40 ----HD---- C:\ProgramData
2012-04-06 14:16:39 ----SHD---- C:\System Volume Information
2012-04-06 08:09:38 ----D---- C:\Windows
2012-04-05 20:35:03 ----D---- C:\Program Files (x86)\Common Files
2012-04-05 20:34:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-04-05 20:34:49 ----D---- C:\Windows\Prefetch
2012-04-05 17:53:46 ----D---- C:\Windows\Tasks
2012-04-05 14:23:00 ----RD---- C:\Program Files
2012-04-05 14:21:08 ----D---- C:\Windows\system32\Tasks
2012-04-02 21:28:05 ----D---- C:\Windows\inf
2012-04-02 19:20:28 ----D---- C:\Users\Zdeněk\AppData\Roaming\Winamp
2012-04-02 18:32:11 ----D---- C:\Users\Zdeněk\AppData\Roaming\DAEMON Tools Lite
2012-04-02 18:32:07 ----D---- C:\Users\Zdeněk\AppData\Roaming\uTorrent
2012-04-02 18:31:44 ----D---- C:\Windows\Panther
2012-04-02 18:31:44 ----D---- C:\Windows\ModemLogs
2012-04-02 18:31:41 ----D---- C:\Windows\debug
2012-04-02 17:59:24 ----D---- C:\Windows\system32\catroot2
2012-04-02 12:00:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-01 21:50:46 ----SD---- C:\Users\Zdeněk\AppData\Roaming\Microsoft
2012-03-28 14:33:27 ----RSD---- C:\Windows\assembly
2012-03-27 16:47:14 ----RD---- C:\Users
2012-03-27 15:56:12 ----D---- C:\Program Files (x86)\ParadisePoker
2012-03-26 14:24:18 ----SHD---- C:\Config.Msi
2012-03-26 14:20:33 ----D---- C:\Program Files (x86)\EA Games
2012-03-26 14:19:13 ----D---- C:\Windows\winsxs
2012-03-24 11:26:10 ----D---- C:\Program Files (x86)\Microsoft Office
2012-03-24 11:22:40 ----D---- C:\Program Files (x86)\SlimDrivers
2012-03-23 16:45:02 ----D---- C:\ProgramData\boost_interprocess
2012-03-16 16:33:29 ----D---- C:\Users\Zdeněk\AppData\Roaming\Mozilla-Cache
2012-03-16 16:32:38 ----D---- C:\Programs
2012-03-15 21:55:26 ----D---- C:\Poker
2012-03-15 15:56:34 ----D---- C:\Program Files (x86)\EA Sports
2012-03-15 09:13:45 ----D---- C:\Windows\SysWOW64
2012-03-14 21:51:27 ----A---- C:\Windows\system32\MRT.exe
2012-03-14 21:51:13 ----D---- C:\Windows\system32\catroot
2012-03-13 13:56:16 ----D---- C:\Users\Zdeněk\AppData\Roaming\Microgaming
2012-03-13 10:34:35 ----D---- C:\Windows\Microsoft.NET
2012-03-12 18:25:12 ----D---- C:\Program Files (x86)\Everest Poker
2012-03-12 16:40:20 ----D---- C:\bwinPoker JPC
2012-03-11 12:29:21 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-03-11 12:29:21 ----D---- C:\Windows\system32\cs-CZ
2012-03-11 12:24:47 ----D---- C:\Windows\SYSWOW64\en-US
2012-03-11 12:24:47 ----D---- C:\Windows\system32\en-US
2012-03-11 12:24:41 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-03-11 12:22:06 ----D---- C:\Windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 42328]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 591192]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 304472]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 58712]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-19 279616]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2000-01-01 115216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2000-01-01 4716904]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 452200]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2000-01-01 26440]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2000-01-01 43976]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2000-01-01 16200]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2000-01-01 77512]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 MSICDSetup;MSICDSetup; \??\D:\CDriver64.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2009-02-09 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2009-02-09 18944]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2012-04-05 13920]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2009-02-09 8192]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2009-02-09 8192]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-12-06 235520]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-29 935208]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-01-10 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2012-03-05 214520]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-03-21 489256]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Zdeněk at 2012-04-06 16:38:03
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 231 GB (49%) free of 477 GB
Total RAM: 3071 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:38:05, on 6.4.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Zdeněk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Console Window Host] C:\Users\Zdeněk\Documents\conhost.exe
O4 - HKCU\..\Run: [Task Menu] C:\Users\Zdeněk\Documents\task.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-21-3237278501-2197267037-3624102315-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk (file missing)
O9 - Extra button: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O9 - Extra 'Tools' menuitem: WPT Poker - {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9005 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\Explorer.EXE
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\Logitech\Gaming Software\LWEMon.exe" /noui
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"taskhost.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe" /watchfiles
"C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Program Files (x86)\PostgreSQL\8.3\data\"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" -D "C:/Program Files (x86)/PostgreSQL/8.3/data"
\??\C:\Windows\system32\conhost.exe "204005750-820225195129111373834100912-262124142-15798473371322449165-1712468550
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forklog" "876" "872"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "900" "-x3"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkboot" "916" "-x4"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkavlauncher" "900"
"C:/Program Files (x86)/PostgreSQL/8.3/bin/postgres.exe" "--forkcol" "916"
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2796
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-33b77bce-8b57-444a-9773-388070230bba -SystemEventPortName:HostProcess-cd66d7bf-1203-4d1e-9e19-832797263673 -IoCancelEventPortName:HostProcess-97f1143b-1ff7-449e-bc08-a0744891bfbd -NonStateChangingEventPortName:HostProcess-3893569d-b607-4292-8e62-642a134cf283 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:6a0ee57f-d18a-4923-a65f-4abfd7b35dda
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -Embedding
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:2444 CREDAT:71937
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\sppsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
taskeng.exe {C4F279E7-6B91-4B2F-925B-6D9E03E6E199}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Zdeněk\Downloads\RSITx64(2).exe"
C:\Windows\system32\wbem\wmiprvse.exe
=========Mozilla firefox=========
ProfilePath - C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default
prefs.js - "browser.startup.homepage" - "http://seznam.cz/"
prefs.js - "extensions.enabledItems" - "toolbar@ask.com:3.14.1.100010, wrc@avast.com:6.0.1367, battlefieldplay4free@ea.com:1.0.66.2, firefox@tvunetworks.com:2, 5, 3, 1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... YYYYCZ&&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pages.tvunetworks.com/WebPlayer]
"Description"=TVU Web Player Plugin
"Path"=C:\Windows\system32\TVUAx\npTVUAx.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
aboutCertError.js
aboutPrivateBrowsing.js
aboutRights.js
aboutRobots.js
aboutSessionRestore.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
C:\Program Files (x86)\Mozilla Firefox\plugins\
npnul32.dll
NPOFFICE.DLL
nppdf32.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg-secure-search.xml
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\extensions\
battlefieldplay4free@ea.com
firefox@tvunetworks.com
toolbar@ask.com
C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\searchplugins\
askcom.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2011-11-28 963064]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-11-28 809040]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2012-01-03 1514152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2000-01-01 190536]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2000-01-01 13374568]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2011-11-20 1242448]
"Console Window Host"=C:\Users\Zdeněk\Documents\conhost.exe [2011-05-30 547649]
"Task Menu"=C:\Users\Zdeněk\Documents\task.exe [2011-05-30 547649]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2009-07-01 37888]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-11-28 3744552]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-12-05 343168]
""= []
"ApnUpdater"=C:\Program Files (x86)\Ask.com\Updater\Updater.exe [2012-01-03 1391272]
"NokiaMServer"=C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-04-06 14:19:48 ----D---- C:\Users\Zdeněk\AppData\Roaming\Malwarebytes
2012-04-06 14:19:40 ----D---- C:\ProgramData\Malwarebytes
2012-04-05 14:23:00 ----D---- C:\Program Files\trend micro
2012-04-05 14:22:59 ----D---- C:\rsit
2012-04-02 18:30:50 ----D---- C:\Program Files\CCleaner
2012-04-02 18:15:34 ----D---- C:\Users\Zdeněk\AppData\Roaming\Skype
2012-04-02 18:15:31 ----D---- C:\Program Files (x86)\Skype
2012-04-02 17:54:39 ----D---- C:\ProgramData\Skype
2012-04-01 21:46:01 ----D---- C:\Users\Zdeněk\AppData\Roaming\Nseries
2012-03-28 14:23:29 ----D---- C:\Program Files (x86)\THQ
2012-03-27 13:04:47 ----D---- C:\Program Files\Codemasters
2012-03-26 09:52:46 ----D---- C:\Program Files (x86)\Deep Silver
2012-03-25 19:16:07 ----D---- C:\Program Files (x86)\Cenega Czech
2012-03-24 11:23:25 ----D---- C:\Program Files (x86)\AVG Secure Search
2012-03-24 11:22:46 ----HD---- C:\ProgramData\Common Files
2012-03-22 17:08:15 ----D---- C:\ProgramData\Casino
2012-03-15 11:01:42 ----D---- C:\ProgramData\IsolatedStorage
2012-03-14 20:14:07 ----A---- C:\Windows\system32\win32k.sys
2012-03-14 20:14:03 ----A---- C:\Windows\system32\DWrite.dll
2012-03-14 20:14:02 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2012-03-14 12:49:42 ----D---- C:\ProgramData\TrackMania
2012-03-14 12:44:41 ----D---- C:\Program Files (x86)\TmUnitedForever
2012-03-14 12:18:45 ----D---- C:\ProgramData\TrackMania United
2012-03-14 12:14:17 ----D---- C:\Program Files (x86)\TrackMania United
2012-03-14 10:50:16 ----A---- C:\Windows\SYSWOW64\rdpcore.dll
2012-03-14 10:50:16 ----A---- C:\Windows\system32\rdpcore.dll
2012-03-14 10:50:15 ----A---- C:\Windows\system32\drivers\tdtcp.sys
2012-03-14 10:50:15 ----A---- C:\Windows\system32\drivers\rdpwd.sys
2012-03-14 10:50:13 ----A---- C:\Windows\system32\rdrmemptylst.exe
2012-03-14 10:50:13 ----A---- C:\Windows\system32\rdpwsx.dll
2012-03-14 10:50:13 ----A---- C:\Windows\system32\rdpcorekmts.dll
2012-03-11 12:44:33 ----D---- C:\HM2Archive
2012-03-11 12:44:25 ----D---- C:\Users\Zdeněk\AppData\Roaming\HEM Data
2012-03-11 12:43:08 ----D---- C:\Program Files (x86)\Holdem Manager 2
2012-03-11 12:37:53 ----D---- C:\Users\Zdeněk\AppData\Roaming\postgresql
2012-03-11 12:31:22 ----D---- C:\ProgramData\XHEO INC
2012-03-11 12:31:10 ----D---- C:\Users\Zdeněk\AppData\Roaming\HoldemManager
2012-03-11 12:28:38 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-03-11 12:20:56 ----D---- C:\Program Files (x86)\PSQLINSTALL
2012-03-11 11:07:26 ----D---- C:\Program Files (x86)\PostgreSQL
2012-03-11 11:02:11 ----D---- C:\Program Files (x86)\PokerTracker 3
======List of files/folders modified in the last 1 month======
2012-04-06 16:36:33 ----SHD---- C:\Windows\Installer
2012-04-06 16:35:59 ----D---- C:\Windows\system32\config
2012-04-06 16:35:54 ----D---- C:\Windows\Logs
2012-04-06 16:35:54 ----D---- C:\Program Files\Internet Explorer
2012-04-06 16:35:52 ----D---- C:\Windows\System32
2012-04-06 16:35:52 ----D---- C:\Windows\servicing
2012-04-06 16:35:52 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-06 16:34:30 ----D---- C:\Windows\Temp
2012-04-06 16:33:27 ----D---- C:\Program Files (x86)\Steam
2012-04-06 16:33:03 ----RD---- C:\Program Files (x86)
2012-04-06 16:32:09 ----D---- C:\Windows\system32\drivers
2012-04-06 14:19:40 ----HD---- C:\ProgramData
2012-04-06 14:16:39 ----SHD---- C:\System Volume Information
2012-04-06 08:09:38 ----D---- C:\Windows
2012-04-05 20:35:03 ----D---- C:\Program Files (x86)\Common Files
2012-04-05 20:34:55 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-04-05 20:34:49 ----D---- C:\Windows\Prefetch
2012-04-05 17:53:46 ----D---- C:\Windows\Tasks
2012-04-05 14:23:00 ----RD---- C:\Program Files
2012-04-05 14:21:08 ----D---- C:\Windows\system32\Tasks
2012-04-02 21:28:05 ----D---- C:\Windows\inf
2012-04-02 19:20:28 ----D---- C:\Users\Zdeněk\AppData\Roaming\Winamp
2012-04-02 18:32:11 ----D---- C:\Users\Zdeněk\AppData\Roaming\DAEMON Tools Lite
2012-04-02 18:32:07 ----D---- C:\Users\Zdeněk\AppData\Roaming\uTorrent
2012-04-02 18:31:44 ----D---- C:\Windows\Panther
2012-04-02 18:31:44 ----D---- C:\Windows\ModemLogs
2012-04-02 18:31:41 ----D---- C:\Windows\debug
2012-04-02 17:59:24 ----D---- C:\Windows\system32\catroot2
2012-04-02 12:00:41 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-01 21:50:46 ----SD---- C:\Users\Zdeněk\AppData\Roaming\Microsoft
2012-03-28 14:33:27 ----RSD---- C:\Windows\assembly
2012-03-27 16:47:14 ----RD---- C:\Users
2012-03-27 15:56:12 ----D---- C:\Program Files (x86)\ParadisePoker
2012-03-26 14:24:18 ----SHD---- C:\Config.Msi
2012-03-26 14:20:33 ----D---- C:\Program Files (x86)\EA Games
2012-03-26 14:19:13 ----D---- C:\Windows\winsxs
2012-03-24 11:26:10 ----D---- C:\Program Files (x86)\Microsoft Office
2012-03-24 11:22:40 ----D---- C:\Program Files (x86)\SlimDrivers
2012-03-23 16:45:02 ----D---- C:\ProgramData\boost_interprocess
2012-03-16 16:33:29 ----D---- C:\Users\Zdeněk\AppData\Roaming\Mozilla-Cache
2012-03-16 16:32:38 ----D---- C:\Programs
2012-03-15 21:55:26 ----D---- C:\Poker
2012-03-15 15:56:34 ----D---- C:\Program Files (x86)\EA Sports
2012-03-15 09:13:45 ----D---- C:\Windows\SysWOW64
2012-03-14 21:51:27 ----A---- C:\Windows\system32\MRT.exe
2012-03-14 21:51:13 ----D---- C:\Windows\system32\catroot
2012-03-13 13:56:16 ----D---- C:\Users\Zdeněk\AppData\Roaming\Microgaming
2012-03-13 10:34:35 ----D---- C:\Windows\Microsoft.NET
2012-03-12 18:25:12 ----D---- C:\Program Files (x86)\Everest Poker
2012-03-12 16:40:20 ----D---- C:\bwinPoker JPC
2012-03-11 12:29:21 ----D---- C:\Windows\SYSWOW64\cs-CZ
2012-03-11 12:29:21 ----D---- C:\Windows\system32\cs-CZ
2012-03-11 12:24:47 ----D---- C:\Windows\SYSWOW64\en-US
2012-03-11 12:24:47 ----D---- C:\Windows\system32\en-US
2012-03-11 12:24:41 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-03-11 12:22:06 ----D---- C:\Windows\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2011-11-28 42328]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2011-11-28 591192]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2011-11-28 304472]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2011-11-28 58712]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-19 279616]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2011-11-28 24408]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-12-06 327168]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2000-01-01 115216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2000-01-01 4716904]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2000-01-01 452200]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2000-01-01 26440]
R3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2000-01-01 43976]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2000-01-01 16200]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2000-01-01 77512]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-12-06 10720256]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 MSICDSetup;MSICDSetup; \??\D:\CDriver64.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2009-02-09 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2009-02-09 18944]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 SWDUMon;SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [2012-04-05 13920]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2009-02-09 8192]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2009-02-09 8192]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-12-06 235520]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-28 44768]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-29 935208]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-01-10 75064]
R2 PnkBstrB;PnkBstrB; C:\Windows\syswow64\PnkBstrB.exe [2012-03-05 214520]
R2 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-03-21 489256]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-19 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Moc prosím o kontrolu logu
Takže tam máme ještě spoustu breberek, takže si dáme těžší nástroje.
Nejprve poprosím o log z DDS.
PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK
Po scanu DDS stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Nejprve poprosím o log z DDS.
- Stáhni DDS z tohoto odkazu a ulož jej na Plochu.
- Spusť ho a poté klikni na [Start].
- Po chvíli vyskočí log, ten mi sem vlož.
PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK Po scanu DDS stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypni všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary apod.
- Vypni všechny běžící aplikace - ICQ, Skype, browsery, prostě všechny programy, ať běží pouze ComboFix.
- Pokud máš Win XP, spusť pod účtem Správce/Administrator.
- Pokud máš Win Vista či Win 7, klikni na ComboFix pravým myšítkem a dej Run As Administrator či Spustit jako správce.
- Ihned po startu se zobrazí stránka s licenčním ujednáním - pokračuj kliknutím na [Ano].
- Pokud Ti ComboFix nabídne instalaci Konzoly pro zotavení, tak souhlas.
- Dále postupuj dle pokynů. Během scanu nech PC naprosto v klidu - nespouštěj žádné aplikace a neklikej do zobrazujícího se okna!
- Scan by měl trvat cca 10 min, ale pokud bude PC hodne zaneseno, může se čas samozřejmě prodloužit.
- Po dokončení scanu a případném restartu ComboFix zobrazí log, který případně najdeš v C:\ComboFix.txt. Jeho obsah mi sem vlož.
- Detailní postup včetně obrázků najdeš zde: http://www.bleepingcomputer.com/combofi ... t-combofix
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Moc prosím o kontrolu logu
Tak zde je zatim log z dds:
DDS (Ver_2011-09-30.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Zdeněk at 17:31:38 on 2012-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.1742 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Zdeněk\Desktop\dds.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Console Window Host] C:\Users\Zdeněk\Documents\conhost.exe
uRun: [Task Menu] C:\Users\Zdeněk\Documents\task.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk
IE: {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.103.30.1 217.117.216.7
TCP: Interfaces\{B6C90149-78C8-44BD-8CC0-255B2F73B949} : DHCPNameServer = 10.103.30.1 217.117.216.7
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-11-19 591192]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-11-19 304472]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-11-19 279616]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-6 235520]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-11-19 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-19 66904]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-1 44768]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-12-6 10720256]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-12-6 327168]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-6 115216]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-6 452200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2009-2-9 25088]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2009-2-9 18944]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-2-6 13920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-20 59392]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-19 1255736]
.
=============== Created Last 30 ================
.
2012-04-06 15:31:39 -------- d-----w- C:\Users\Zdenýk\AppData\Local\Microsoft
2012-04-06 12:19:48 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\Malwarebytes
2012-04-06 12:19:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-06 12:17:04 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7A73AB7-9120-4DED-BF8A-202D205A3A89}\mpengine.dll
2012-04-05 12:23:00 -------- d-----w- C:\Program Files\trend micro
2012-04-02 16:30:50 -------- d-----w- C:\Program Files\CCleaner
2012-04-02 16:15:34 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\Skype
2012-04-02 16:15:31 -------- d-----w- C:\Program Files (x86)\Skype
2012-04-01 19:46:01 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\Nseries
2012-03-28 12:23:29 -------- d-----w- C:\Program Files (x86)\THQ
2012-03-27 11:04:47 -------- d-----w- C:\Program Files\Codemasters
2012-03-26 07:52:46 -------- d-----w- C:\Program Files (x86)\Deep Silver
2012-03-25 17:16:07 -------- d-----w- C:\Program Files (x86)\Cenega Czech
2012-03-24 09:23:25 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-03-24 09:22:46 -------- d--h--w- C:\ProgramData\Common Files
2012-03-22 15:08:15 -------- d-----w- C:\ProgramData\Casino
2012-03-15 09:01:42 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-03-14 18:14:07 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 18:14:03 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 18:14:02 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 10:44:41 -------- d-----w- C:\Program Files (x86)\TmUnitedForever
2012-03-14 10:14:17 -------- d-----w- C:\Program Files (x86)\TrackMania United
2012-03-14 08:50:16 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 08:50:16 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 08:50:15 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 08:50:15 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 08:50:13 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 08:50:13 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 08:50:13 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-11 10:44:33 -------- d-----w- C:\HM2Archive
2012-03-11 10:44:25 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\HEM Data
2012-03-11 10:43:08 -------- d-----w- C:\Program Files (x86)\Holdem Manager 2
2012-03-11 10:37:53 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\postgresql
2012-03-11 10:31:22 -------- d-----w- C:\ProgramData\XHEO INC
2012-03-11 10:31:10 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\HoldemManager
2012-03-11 10:20:56 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL
2012-03-11 09:07:26 -------- d-----w- C:\Program Files (x86)\PostgreSQL
2012-03-11 09:02:11 -------- d-----w- C:\Program Files (x86)\PokerTracker 3
.
==================== Find3M ====================
.
2012-04-05 15:26:34 13920 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-03-05 20:06:31 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-05 20:06:31 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 19:01:47 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-02-15 19:00:17 5174 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2012-01-10 12:17:23 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-01-10 12:17:22 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-01-08 10:03:18 282504 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
.
============= FINISH: 17:34:34,34 ===============
DDS (Ver_2011-09-30.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Zdeněk at 17:31:38 on 2012-04-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.1742 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Zdeněk\Desktop\dds.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Console Window Host] C:\Users\Zdeněk\Documents\conhost.exe
uRun: [Task Menu] C:\Users\Zdeněk\Documents\task.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk
IE: {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.103.30.1 217.117.216.7
TCP: Interfaces\{B6C90149-78C8-44BD-8CC0-255B2F73B949} : DHCPNameServer = 10.103.30.1 217.117.216.7
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-11-19 591192]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-11-19 304472]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-11-19 279616]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-12-6 235520]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-11-19 24408]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-11-19 66904]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-1 44768]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-12-6 10720256]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-12-6 327168]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-6 115216]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-6 452200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2009-2-9 25088]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2009-2-9 18944]
S3 SWDUMon;SWDUMon;C:\Windows\System32\drivers\SWDUMon.sys [2012-2-6 13920]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-20 59392]
S3 WatAdminSvc;Služba Technologie aktivace Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-19 1255736]
.
=============== Created Last 30 ================
.
2012-04-06 15:31:39 -------- d-----w- C:\Users\Zdenýk\AppData\Local\Microsoft
2012-04-06 12:19:48 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\Malwarebytes
2012-04-06 12:19:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-06 12:17:04 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B7A73AB7-9120-4DED-BF8A-202D205A3A89}\mpengine.dll
2012-04-05 12:23:00 -------- d-----w- C:\Program Files\trend micro
2012-04-02 16:30:50 -------- d-----w- C:\Program Files\CCleaner
2012-04-02 16:15:34 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\Skype
2012-04-02 16:15:31 -------- d-----w- C:\Program Files (x86)\Skype
2012-04-01 19:46:01 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\Nseries
2012-03-28 12:23:29 -------- d-----w- C:\Program Files (x86)\THQ
2012-03-27 11:04:47 -------- d-----w- C:\Program Files\Codemasters
2012-03-26 07:52:46 -------- d-----w- C:\Program Files (x86)\Deep Silver
2012-03-25 17:16:07 -------- d-----w- C:\Program Files (x86)\Cenega Czech
2012-03-24 09:23:25 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-03-24 09:22:46 -------- d--h--w- C:\ProgramData\Common Files
2012-03-22 15:08:15 -------- d-----w- C:\ProgramData\Casino
2012-03-15 09:01:42 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-03-14 18:14:07 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 18:14:03 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 18:14:02 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 10:44:41 -------- d-----w- C:\Program Files (x86)\TmUnitedForever
2012-03-14 10:14:17 -------- d-----w- C:\Program Files (x86)\TrackMania United
2012-03-14 08:50:16 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 08:50:16 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 08:50:15 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 08:50:15 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 08:50:13 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 08:50:13 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 08:50:13 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-11 10:44:33 -------- d-----w- C:\HM2Archive
2012-03-11 10:44:25 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\HEM Data
2012-03-11 10:43:08 -------- d-----w- C:\Program Files (x86)\Holdem Manager 2
2012-03-11 10:37:53 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\postgresql
2012-03-11 10:31:22 -------- d-----w- C:\ProgramData\XHEO INC
2012-03-11 10:31:10 -------- d-----w- C:\Users\Zdeněk\AppData\Roaming\HoldemManager
2012-03-11 10:20:56 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL
2012-03-11 09:07:26 -------- d-----w- C:\Program Files (x86)\PostgreSQL
2012-03-11 09:02:11 -------- d-----w- C:\Program Files (x86)\PokerTracker 3
.
==================== Find3M ====================
.
2012-04-05 15:26:34 13920 ----a-w- C:\Windows\System32\drivers\SWDUMon.sys
2012-03-05 20:06:31 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-05 20:06:31 214520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-23 08:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 19:01:47 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-02-15 19:00:17 5174 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2012-01-10 12:17:23 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-01-10 12:17:22 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-01-08 10:03:18 282504 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
.
============= FINISH: 17:34:34,34 ===============
Re: Moc prosím o kontrolu logu
A zde je log z combofixu:
ComboFix 12-04-06.03 - Zdeněk 06.04.2012 17:44:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.1758 [GMT 2:00]
Spuštěný z: c:\users\Zdenýk\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120323085936.484375
c:\windows\iun6002.exe
c:\windows\PFRO.log
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-06 do 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 15:52 . 2012-04-06 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 15:31 . 2012-04-06 15:31 -------- d-----w- c:\users\Zdenýk
2012-04-06 12:19 . 2012-04-06 12:19 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Malwarebytes
2012-04-06 12:19 . 2012-04-06 12:19 -------- d-----w- c:\programdata\Malwarebytes
2012-04-06 12:17 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7A73AB7-9120-4DED-BF8A-202D205A3A89}\mpengine.dll
2012-04-05 12:23 . 2012-04-06 14:38 -------- d-----w- c:\program files\trend micro
2012-04-05 12:22 . 2012-04-05 12:23 -------- d-----w- C:\rsit
2012-04-02 16:30 . 2012-04-02 16:30 -------- d-----w- c:\program files\CCleaner
2012-04-02 16:15 . 2012-04-02 16:33 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Skype
2012-04-02 16:15 . 2012-04-02 16:15 -------- d-----w- c:\program files (x86)\Skype
2012-04-02 15:54 . 2012-04-02 15:54 -------- d-----w- c:\programdata\Skype
2012-04-01 19:46 . 2012-04-01 19:46 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Nseries
2012-03-28 12:23 . 2012-03-28 12:23 -------- d-----w- c:\program files (x86)\THQ
2012-03-27 11:04 . 2012-03-27 11:04 -------- d-----w- c:\program files\Codemasters
2012-03-26 12:27 . 2012-03-26 12:27 -------- d-----w- c:\users\Lolek
2012-03-26 07:52 . 2012-03-26 07:52 -------- d-----w- c:\program files (x86)\Deep Silver
2012-03-25 17:16 . 2012-03-25 17:16 -------- d-----w- c:\program files (x86)\Cenega Czech
2012-03-24 09:23 . 2012-04-05 18:35 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-24 09:22 . 2012-03-24 09:22 -------- d--h--w- c:\programdata\Common Files
2012-03-22 15:08 . 2012-03-22 15:08 -------- d-----w- c:\programdata\Casino
2012-03-15 09:01 . 2012-03-15 09:01 -------- d-----w- c:\users\Zdeněk\AppData\Local\RapidSharing.eu
2012-03-15 09:01 . 2012-03-15 09:01 -------- d-----w- c:\programdata\IsolatedStorage
2012-03-15 09:00 . 2012-03-15 09:01 -------- d-----w- c:\users\Zdeněk\AppData\Local\Deployment
2012-03-15 09:00 . 2012-03-15 09:00 -------- d-----w- c:\users\Zdeněk\AppData\Local\Apps
2012-03-14 18:14 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 18:14 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 18:14 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 10:49 . 2012-03-14 10:51 -------- d-----w- c:\programdata\TrackMania
2012-03-14 10:44 . 2012-03-14 10:49 -------- d-----w- c:\program files (x86)\TmUnitedForever
2012-03-14 10:18 . 2012-03-14 10:19 -------- d-----w- c:\programdata\TrackMania United
2012-03-14 10:14 . 2012-03-14 10:15 -------- d-----w- c:\program files (x86)\TrackMania United
2012-03-14 08:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 08:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 10:54 . 2012-03-11 10:54 -------- d-----w- c:\users\Zdeněk\AppData\Local\Hold'em_Manager
2012-03-11 10:44 . 2012-03-11 10:46 -------- d-----w- C:\HM2Archive
2012-03-11 10:44 . 2012-03-11 10:44 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\HEM Data
2012-03-11 10:43 . 2012-03-11 10:56 -------- d-----w- c:\program files (x86)\Holdem Manager 2
2012-03-11 10:37 . 2012-03-11 10:37 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\postgresql
2012-03-11 10:31 . 2012-03-11 10:31 -------- d-----w- c:\users\Zdeněk\AppData\Local\IsolatedStorage
2012-03-11 10:31 . 2012-03-11 10:31 -------- d-----w- c:\programdata\XHEO INC
2012-03-11 10:31 . 2012-03-11 10:47 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\HoldemManager
2012-03-11 10:20 . 2012-03-11 10:43 -------- d-----w- c:\program files (x86)\PSQLINSTALL
2012-03-11 09:10 . 2012-04-06 14:30 -------- d-----w- c:\users\postgres
2012-03-11 09:07 . 2012-03-11 09:07 -------- d-----w- c:\program files (x86)\PostgreSQL
2012-03-11 09:02 . 2012-03-11 10:03 -------- d-----w- c:\program files (x86)\PokerTracker 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 15:26 . 2012-02-06 11:09 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-03-05 20:06 . 2011-12-02 20:55 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-05 20:06 . 2011-12-02 20:53 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-23 08:18 . 2011-11-19 11:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 19:01 . 2012-02-15 19:01 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-15 19:00 . 2012-02-15 19:00 5174 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2012-01-10 12:17 . 2011-12-02 20:53 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-10 12:17 . 2011-12-02 20:53 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-01-08 10:03 . 2011-12-02 20:53 282504 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-20 1242448]
"Console Window Host"="c:\users\Zdeněk\Documents\conhost.exe" [2011-05-30 547649]
"Task Menu"="c:\users\Zdeněk\Documents\task.exe" [2011-05-30 547649]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2000-01-01 190536]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13374568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - c:\users\Zdeněk\Desktop\WPT Poker.lnk
TCP: DhcpNameServer = 10.103.30.1 217.117.216.7
FF - ProfilePath - c:\users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_EU&apn_uid=d134faf3-a51d-4740-9a4d-55622e2283f5&apn_ptnrs=FV&apn_sauid=D24EED9F-5BDA-4228-899E-DF391270F423&apn_dtid=YYYYYYYYCZ&&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-04-06 18:02:15
ComboFix-quarantined-files.txt 2012-04-06 16:02
.
Před spuštěním: Volných bajtů: 241 164 931 072
Po spuštění: Volných bajtů: 240 856 633 344
.
- - End Of File - - D667F9766D59CAA1F5062E6ABC87EA09
ComboFix 12-04-06.03 - Zdeněk 06.04.2012 17:44:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.1758 [GMT 2:00]
Spuštěný z: c:\users\Zdenýk\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\boost_interprocess\20120323085936.484375
c:\windows\iun6002.exe
c:\windows\PFRO.log
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-06 do 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-04-06 15:52 . 2012-04-06 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 15:31 . 2012-04-06 15:31 -------- d-----w- c:\users\Zdenýk
2012-04-06 12:19 . 2012-04-06 12:19 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Malwarebytes
2012-04-06 12:19 . 2012-04-06 12:19 -------- d-----w- c:\programdata\Malwarebytes
2012-04-06 12:17 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7A73AB7-9120-4DED-BF8A-202D205A3A89}\mpengine.dll
2012-04-05 12:23 . 2012-04-06 14:38 -------- d-----w- c:\program files\trend micro
2012-04-05 12:22 . 2012-04-05 12:23 -------- d-----w- C:\rsit
2012-04-02 16:30 . 2012-04-02 16:30 -------- d-----w- c:\program files\CCleaner
2012-04-02 16:15 . 2012-04-02 16:33 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Skype
2012-04-02 16:15 . 2012-04-02 16:15 -------- d-----w- c:\program files (x86)\Skype
2012-04-02 15:54 . 2012-04-02 15:54 -------- d-----w- c:\programdata\Skype
2012-04-01 19:46 . 2012-04-01 19:46 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Nseries
2012-03-28 12:23 . 2012-03-28 12:23 -------- d-----w- c:\program files (x86)\THQ
2012-03-27 11:04 . 2012-03-27 11:04 -------- d-----w- c:\program files\Codemasters
2012-03-26 12:27 . 2012-03-26 12:27 -------- d-----w- c:\users\Lolek
2012-03-26 07:52 . 2012-03-26 07:52 -------- d-----w- c:\program files (x86)\Deep Silver
2012-03-25 17:16 . 2012-03-25 17:16 -------- d-----w- c:\program files (x86)\Cenega Czech
2012-03-24 09:23 . 2012-04-05 18:35 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-03-24 09:22 . 2012-03-24 09:22 -------- d--h--w- c:\programdata\Common Files
2012-03-22 15:08 . 2012-03-22 15:08 -------- d-----w- c:\programdata\Casino
2012-03-15 09:01 . 2012-03-15 09:01 -------- d-----w- c:\users\Zdeněk\AppData\Local\RapidSharing.eu
2012-03-15 09:01 . 2012-03-15 09:01 -------- d-----w- c:\programdata\IsolatedStorage
2012-03-15 09:00 . 2012-03-15 09:01 -------- d-----w- c:\users\Zdeněk\AppData\Local\Deployment
2012-03-15 09:00 . 2012-03-15 09:00 -------- d-----w- c:\users\Zdeněk\AppData\Local\Apps
2012-03-14 18:14 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 18:14 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 18:14 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 10:49 . 2012-03-14 10:51 -------- d-----w- c:\programdata\TrackMania
2012-03-14 10:44 . 2012-03-14 10:49 -------- d-----w- c:\program files (x86)\TmUnitedForever
2012-03-14 10:18 . 2012-03-14 10:19 -------- d-----w- c:\programdata\TrackMania United
2012-03-14 10:14 . 2012-03-14 10:15 -------- d-----w- c:\program files (x86)\TrackMania United
2012-03-14 08:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 08:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 10:54 . 2012-03-11 10:54 -------- d-----w- c:\users\Zdeněk\AppData\Local\Hold'em_Manager
2012-03-11 10:44 . 2012-03-11 10:46 -------- d-----w- C:\HM2Archive
2012-03-11 10:44 . 2012-03-11 10:44 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\HEM Data
2012-03-11 10:43 . 2012-03-11 10:56 -------- d-----w- c:\program files (x86)\Holdem Manager 2
2012-03-11 10:37 . 2012-03-11 10:37 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\postgresql
2012-03-11 10:31 . 2012-03-11 10:31 -------- d-----w- c:\users\Zdeněk\AppData\Local\IsolatedStorage
2012-03-11 10:31 . 2012-03-11 10:31 -------- d-----w- c:\programdata\XHEO INC
2012-03-11 10:31 . 2012-03-11 10:47 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\HoldemManager
2012-03-11 10:20 . 2012-03-11 10:43 -------- d-----w- c:\program files (x86)\PSQLINSTALL
2012-03-11 09:10 . 2012-04-06 14:30 -------- d-----w- c:\users\postgres
2012-03-11 09:07 . 2012-03-11 09:07 -------- d-----w- c:\program files (x86)\PostgreSQL
2012-03-11 09:02 . 2012-03-11 10:03 -------- d-----w- c:\program files (x86)\PokerTracker 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 15:26 . 2012-02-06 11:09 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-03-05 20:06 . 2011-12-02 20:55 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-05 20:06 . 2011-12-02 20:53 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-23 08:18 . 2011-11-19 11:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 19:01 . 2012-02-15 19:01 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-15 19:00 . 2012-02-15 19:00 5174 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2012-01-10 12:17 . 2011-12-02 20:53 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-10 12:17 . 2011-12-02 20:53 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-01-08 10:03 . 2011-12-02 20:53 282504 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-11-20 1242448]
"Console Window Host"="c:\users\Zdeněk\Documents\conhost.exe" [2011-05-30 547649]
"Task Menu"="c:\users\Zdeněk\Documents\task.exe" [2011-05-30 547649]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2009-07-01 37888]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-12-05 343168]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2000-01-01 190536]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13374568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - c:\users\Zdeněk\Desktop\WPT Poker.lnk
TCP: DhcpNameServer = 10.103.30.1 217.117.216.7
FF - ProfilePath - c:\users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_EU&apn_uid=d134faf3-a51d-4740-9a4d-55622e2283f5&apn_ptnrs=FV&apn_sauid=D24EED9F-5BDA-4228-899E-DF391270F423&apn_dtid=YYYYYYYYCZ&&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-Flashpoint - c:\program files\Codemasters\UnInstall.exe
AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-04-06 18:02:15
ComboFix-quarantined-files.txt 2012-04-06 16:02
.
Před spuštěním: Volných bajtů: 241 164 931 072
Po spuštění: Volných bajtů: 240 856 633 344
.
- - End Of File - - D667F9766D59CAA1F5062E6ABC87EA09
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Moc prosím o kontrolu logu
Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.
- Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
- Zkopíruj do něj tento script:
Kód: Vybrat vše
KillAll::
Collect::
c:\users\Zdeněk\Documents\task.exe
c:\users\Zdeněk\Documents\conhost.exe
Driver::
AdobeARMservice
DDS::
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Zdeněk\Desktop\PartyPoker.lnk
IE: {D85B4BE2-07C3-422f-ADE9-B1A2C7D25224} - C:\Users\Zdeněk\Desktop\WPT Poker.lnk
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-SSODL: WebCheck - <orphaned>
FF - ProfilePath - c:\users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... YYYYCZ&&q=
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
Folder::
C:\Users\Zdeněk\AppData\Roaming\Malwarebytes
C:\ProgramData\Malwarebytes
C:\Program Files (x86)\AVG Secure Search
c:\program files (x86)\Ask.com
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"=-
"Console Window Host"=-
"Task Menu"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=-
"Adobe ARM"=-
"StartCCC"=-
"ApnUpdater"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"=-
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
ClearJavaCache::
AtJob::
Reboot::- Ulož vytvořený TXT jako CFScript.txt
- Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
- Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.
Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Moc prosím o kontrolu logu
Tak zde je další log z combofixu:
ComboFix 12-04-07.04 - Zdeněk 08.04.2012 20:25:22.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.1902 [GMT 2:00]
Spuštěný z: c:\users\Zdeněk\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zdeněk\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG Secure Search
c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
c:\program files (x86)\PokerStars\PokerStarsUpdate.exe
c:\programdata\Malwarebytes
c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-04-06.txt
c:\program files\AVAST Software\Avast\aswWebRepIE.dll . . . . nemohl být smazán
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeARMservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-08 do 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 18:34 . 2012-04-08 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 15:31 . 2012-04-06 15:31 -------- d-----w- c:\users\Zdenýk
2012-04-06 12:19 . 2012-04-06 12:19 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Malwarebytes
2012-04-06 12:17 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7A73AB7-9120-4DED-BF8A-202D205A3A89}\mpengine.dll
2012-04-05 12:23 . 2012-04-06 14:38 -------- d-----w- c:\program files\trend micro
2012-04-05 12:22 . 2012-04-05 12:23 -------- d-----w- C:\rsit
2012-04-02 16:30 . 2012-04-02 16:30 -------- d-----w- c:\program files\CCleaner
2012-04-02 16:15 . 2012-04-02 16:33 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Skype
2012-04-02 16:15 . 2012-04-02 16:15 -------- d-----w- c:\program files (x86)\Skype
2012-04-02 15:54 . 2012-04-02 15:54 -------- d-----w- c:\programdata\Skype
2012-04-01 19:46 . 2012-04-01 19:46 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Nseries
2012-03-28 12:23 . 2012-03-28 12:23 -------- d-----w- c:\program files (x86)\THQ
2012-03-27 11:04 . 2012-03-27 11:04 -------- d-----w- c:\program files\Codemasters
2012-03-26 12:27 . 2012-04-06 16:02 -------- d-----w- c:\users\Lolek
2012-03-26 07:52 . 2012-03-26 07:52 -------- d-----w- c:\program files (x86)\Deep Silver
2012-03-25 17:16 . 2012-03-25 17:16 -------- d-----w- c:\program files (x86)\Cenega Czech
2012-03-24 09:22 . 2012-03-24 09:22 -------- d--h--w- c:\programdata\Common Files
2012-03-22 15:08 . 2012-03-22 15:08 -------- d-----w- c:\programdata\Casino
2012-03-15 09:01 . 2012-03-15 09:01 -------- d-----w- c:\users\Zdeněk\AppData\Local\RapidSharing.eu
2012-03-15 09:01 . 2012-03-15 09:01 -------- d-----w- c:\programdata\IsolatedStorage
2012-03-15 09:00 . 2012-03-15 09:01 -------- d-----w- c:\users\Zdeněk\AppData\Local\Deployment
2012-03-15 09:00 . 2012-03-15 09:00 -------- d-----w- c:\users\Zdeněk\AppData\Local\Apps
2012-03-14 18:14 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 18:14 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 18:14 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 10:49 . 2012-03-14 10:51 -------- d-----w- c:\programdata\TrackMania
2012-03-14 10:44 . 2012-03-14 10:49 -------- d-----w- c:\program files (x86)\TmUnitedForever
2012-03-14 10:18 . 2012-03-14 10:19 -------- d-----w- c:\programdata\TrackMania United
2012-03-14 10:14 . 2012-03-14 10:15 -------- d-----w- c:\program files (x86)\TrackMania United
2012-03-14 08:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 08:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 10:54 . 2012-03-11 10:54 -------- d-----w- c:\users\Zdeněk\AppData\Local\Hold'em_Manager
2012-03-11 10:44 . 2012-03-11 10:46 -------- d-----w- C:\HM2Archive
2012-03-11 10:44 . 2012-03-11 10:44 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\HEM Data
2012-03-11 10:43 . 2012-03-11 10:56 -------- d-----w- c:\program files (x86)\Holdem Manager 2
2012-03-11 10:37 . 2012-03-11 10:37 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\postgresql
2012-03-11 10:31 . 2012-03-11 10:31 -------- d-----w- c:\users\Zdeněk\AppData\Local\IsolatedStorage
2012-03-11 10:31 . 2012-03-11 10:31 -------- d-----w- c:\programdata\XHEO INC
2012-03-11 10:31 . 2012-03-11 10:47 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\HoldemManager
2012-03-11 10:20 . 2012-03-11 10:43 -------- d-----w- c:\program files (x86)\PSQLINSTALL
2012-03-11 09:10 . 2012-04-08 18:36 -------- d-----w- c:\users\postgres
2012-03-11 09:07 . 2012-03-11 09:07 -------- d-----w- c:\program files (x86)\PostgreSQL
2012-03-11 09:02 . 2012-03-11 10:03 -------- d-----w- c:\program files (x86)\PokerTracker 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 15:26 . 2012-02-06 11:09 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-03-05 20:06 . 2011-12-02 20:55 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-05 20:06 . 2011-12-02 20:53 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-23 08:18 . 2011-11-19 11:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 19:01 . 2012-02-15 19:01 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-15 19:00 . 2012-02-15 19:00 5174 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2012-01-10 12:17 . 2011-12-02 20:53 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-10 12:17 . 2011-12-02 20:53 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_15.53.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-06 14:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-08 18:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-08 18:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 14:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 18:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 14:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-18 21:47 . 2012-04-08 18:07 32526 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-08 18:07 33218 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-18 21:44 . 2012-04-08 18:07 10532 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3237278501-2197267037-3624102315-1000_UserData.bin
+ 2011-01-07 13:02 . 2011-01-07 13:02 57168 c:\windows\system32\vcomp100.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 57168 c:\windows\system32\vcomp100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 91472 c:\windows\system32\mfcm100u.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 91472 c:\windows\system32\mfcm100u.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 91472 c:\windows\system32\mfcm100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 91472 c:\windows\system32\mfcm100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 60752 c:\windows\system32\mfc100rus.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 60752 c:\windows\system32\mfc100rus.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 43344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 43344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 62288 c:\windows\system32\mfc100ita.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 62288 c:\windows\system32\mfc100ita.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 36176 c:\windows\system32\mfc100cht.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 36176 c:\windows\system32\mfc100cht.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 36176 c:\windows\system32\mfc100chs.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 36176 c:\windows\system32\mfc100chs.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 64336 c:\windows\system32\mfc100fra.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 64336 c:\windows\system32\mfc100fra.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 63824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 63824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 55120 c:\windows\system32\mfc100enu.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 55120 c:\windows\system32\mfc100enu.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 64336 c:\windows\system32\mfc100deu.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 64336 c:\windows\system32\mfc100deu.dll
- 2011-11-18 23:09 . 2012-04-06 14:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-18 23:09 . 2012-04-08 18:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-18 23:09 . 2012-04-08 18:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-18 23:09 . 2012-04-06 14:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-18 23:09 . 2012-04-06 14:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-18 23:09 . 2012-04-08 18:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-18 23:09 . 2012-04-08 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-18 23:09 . 2012-04-06 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-18 23:09 . 2012-04-08 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-18 23:09 . 2012-04-06 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-06 14:33 . 2012-04-06 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 18:35 . 2012-04-08 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 18:35 . 2012-04-08 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-06 14:33 . 2012-04-06 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-18 08:36 . 2010-03-18 08:36 827728 c:\windows\system32\msvcr100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 827728 c:\windows\system32\msvcr100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 608080 c:\windows\system32\msvcp100.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 158536 c:\windows\system32\atl100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 158536 c:\windows\system32\atl100.dll
- 2009-07-14 05:01 . 2012-04-06 14:32 328132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-08 18:35 328132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-20 21:45 . 2012-04-08 18:35 655988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3237278501-2197267037-3624102315-1000-8192.dat
- 2011-11-20 21:45 . 2012-04-06 14:32 655988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3237278501-2197267037-3624102315-1000-8192.dat
+ 2011-01-07 13:02 . 2011-01-07 13:02 5523280 c:\windows\system32\mfc100u.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 5493576 c:\windows\system32\mfc100.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 5493576 c:\windows\system32\mfc100.dll
+ 2011-11-26 20:27 . 2012-04-08 18:35 1339112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-26 20:27 . 2012-04-06 14:30 1339112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-01-07 18:05 . 2011-01-07 18:05 4583936 c:\windows\Installer\91e238.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2000-01-01 190536]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13374568]
"combofix"="c:\combofix\CF5298.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.103.30.1 217.117.216.7
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_EU&apn_uid=d134faf3-a51d-4740-9a4d-55622e2283f5&apn_ptnrs=FV&apn_sauid=D24EED9F-5BDA-4228-899E-DF391270F423&apn_dtid=YYYYYYYYCZ&&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
.
**************************************************************************
.
Celkový čas: 2012-04-08 20:45:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-08 18:45
ComboFix2.txt 2012-04-06 16:02
.
Před spuštěním: Volných bajtů: 240 213 069 824
Po spuštění: Volných bajtů: 239 713 611 776
.
- - End Of File - - 70D913EC48264BDBECD267DA5332EA8F
ComboFix 12-04-07.04 - Zdeněk 08.04.2012 20:25:22.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3071.1902 [GMT 2:00]
Spuštěný z: c:\users\Zdeněk\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zdeněk\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG Secure Search
c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
c:\program files (x86)\PokerStars\PokerStarsUpdate.exe
c:\programdata\Malwarebytes
c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\Configuration\local.conf
c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-2012-04-06.txt
c:\program files\AVAST Software\Avast\aswWebRepIE.dll . . . . nemohl být smazán
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeARMservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-03-08 do 2012-04-08 )))))))))))))))))))))))))))))))
.
.
2012-04-08 18:34 . 2012-04-08 18:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-06 15:31 . 2012-04-06 15:31 -------- d-----w- c:\users\Zdenýk
2012-04-06 12:19 . 2012-04-06 12:19 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Malwarebytes
2012-04-06 12:17 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B7A73AB7-9120-4DED-BF8A-202D205A3A89}\mpengine.dll
2012-04-05 12:23 . 2012-04-06 14:38 -------- d-----w- c:\program files\trend micro
2012-04-05 12:22 . 2012-04-05 12:23 -------- d-----w- C:\rsit
2012-04-02 16:30 . 2012-04-02 16:30 -------- d-----w- c:\program files\CCleaner
2012-04-02 16:15 . 2012-04-02 16:33 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Skype
2012-04-02 16:15 . 2012-04-02 16:15 -------- d-----w- c:\program files (x86)\Skype
2012-04-02 15:54 . 2012-04-02 15:54 -------- d-----w- c:\programdata\Skype
2012-04-01 19:46 . 2012-04-01 19:46 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\Nseries
2012-03-28 12:23 . 2012-03-28 12:23 -------- d-----w- c:\program files (x86)\THQ
2012-03-27 11:04 . 2012-03-27 11:04 -------- d-----w- c:\program files\Codemasters
2012-03-26 12:27 . 2012-04-06 16:02 -------- d-----w- c:\users\Lolek
2012-03-26 07:52 . 2012-03-26 07:52 -------- d-----w- c:\program files (x86)\Deep Silver
2012-03-25 17:16 . 2012-03-25 17:16 -------- d-----w- c:\program files (x86)\Cenega Czech
2012-03-24 09:22 . 2012-03-24 09:22 -------- d--h--w- c:\programdata\Common Files
2012-03-22 15:08 . 2012-03-22 15:08 -------- d-----w- c:\programdata\Casino
2012-03-15 09:01 . 2012-03-15 09:01 -------- d-----w- c:\users\Zdeněk\AppData\Local\RapidSharing.eu
2012-03-15 09:01 . 2012-03-15 09:01 -------- d-----w- c:\programdata\IsolatedStorage
2012-03-15 09:00 . 2012-03-15 09:01 -------- d-----w- c:\users\Zdeněk\AppData\Local\Deployment
2012-03-15 09:00 . 2012-03-15 09:00 -------- d-----w- c:\users\Zdeněk\AppData\Local\Apps
2012-03-14 18:14 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 18:14 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 18:14 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 10:49 . 2012-03-14 10:51 -------- d-----w- c:\programdata\TrackMania
2012-03-14 10:44 . 2012-03-14 10:49 -------- d-----w- c:\program files (x86)\TmUnitedForever
2012-03-14 10:18 . 2012-03-14 10:19 -------- d-----w- c:\programdata\TrackMania United
2012-03-14 10:14 . 2012-03-14 10:15 -------- d-----w- c:\program files (x86)\TrackMania United
2012-03-14 08:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 08:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 08:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 08:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 08:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 08:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 08:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-11 10:54 . 2012-03-11 10:54 -------- d-----w- c:\users\Zdeněk\AppData\Local\Hold'em_Manager
2012-03-11 10:44 . 2012-03-11 10:46 -------- d-----w- C:\HM2Archive
2012-03-11 10:44 . 2012-03-11 10:44 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\HEM Data
2012-03-11 10:43 . 2012-03-11 10:56 -------- d-----w- c:\program files (x86)\Holdem Manager 2
2012-03-11 10:37 . 2012-03-11 10:37 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\postgresql
2012-03-11 10:31 . 2012-03-11 10:31 -------- d-----w- c:\users\Zdeněk\AppData\Local\IsolatedStorage
2012-03-11 10:31 . 2012-03-11 10:31 -------- d-----w- c:\programdata\XHEO INC
2012-03-11 10:31 . 2012-03-11 10:47 -------- d-----w- c:\users\Zdeněk\AppData\Roaming\HoldemManager
2012-03-11 10:20 . 2012-03-11 10:43 -------- d-----w- c:\program files (x86)\PSQLINSTALL
2012-03-11 09:10 . 2012-04-08 18:36 -------- d-----w- c:\users\postgres
2012-03-11 09:07 . 2012-03-11 09:07 -------- d-----w- c:\program files (x86)\PostgreSQL
2012-03-11 09:02 . 2012-03-11 10:03 -------- d-----w- c:\program files (x86)\PokerTracker 3
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 15:26 . 2012-02-06 11:09 13920 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2012-03-05 20:06 . 2011-12-02 20:55 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-05 20:06 . 2011-12-02 20:53 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-02-23 08:18 . 2011-11-19 11:28 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 19:01 . 2012-02-15 19:01 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-15 19:00 . 2012-02-15 19:00 5174 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2012-01-10 12:17 . 2011-12-02 20:53 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-10 12:17 . 2011-12-02 20:53 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-06_15.53.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-06 14:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-08 18:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-08 18:36 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 14:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-08 18:36 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-06 14:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-18 21:47 . 2012-04-08 18:07 32526 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-08 18:07 33218 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-18 21:44 . 2012-04-08 18:07 10532 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3237278501-2197267037-3624102315-1000_UserData.bin
+ 2011-01-07 13:02 . 2011-01-07 13:02 57168 c:\windows\system32\vcomp100.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 57168 c:\windows\system32\vcomp100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 91472 c:\windows\system32\mfcm100u.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 91472 c:\windows\system32\mfcm100u.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 91472 c:\windows\system32\mfcm100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 91472 c:\windows\system32\mfcm100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 60752 c:\windows\system32\mfc100rus.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 60752 c:\windows\system32\mfc100rus.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 43344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 43344 c:\windows\system32\mfc100kor.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 43856 c:\windows\system32\mfc100jpn.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 62288 c:\windows\system32\mfc100ita.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 62288 c:\windows\system32\mfc100ita.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 36176 c:\windows\system32\mfc100cht.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 36176 c:\windows\system32\mfc100cht.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 36176 c:\windows\system32\mfc100chs.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 36176 c:\windows\system32\mfc100chs.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 64336 c:\windows\system32\mfc100fra.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 64336 c:\windows\system32\mfc100fra.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 63824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 63824 c:\windows\system32\mfc100esn.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 55120 c:\windows\system32\mfc100enu.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 55120 c:\windows\system32\mfc100enu.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 64336 c:\windows\system32\mfc100deu.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 64336 c:\windows\system32\mfc100deu.dll
- 2011-11-18 23:09 . 2012-04-06 14:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-18 23:09 . 2012-04-08 18:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-18 23:09 . 2012-04-08 18:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-18 23:09 . 2012-04-06 14:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-11-18 23:09 . 2012-04-06 14:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-18 23:09 . 2012-04-08 18:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-18 23:09 . 2012-04-08 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-11-18 23:09 . 2012-04-06 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-18 23:09 . 2012-04-08 18:08 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-11-18 23:09 . 2012-04-06 15:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-06 14:33 . 2012-04-06 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 18:35 . 2012-04-08 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-08 18:35 . 2012-04-08 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-06 14:33 . 2012-04-06 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-18 08:36 . 2010-03-18 08:36 827728 c:\windows\system32\msvcr100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 827728 c:\windows\system32\msvcr100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 608080 c:\windows\system32\msvcp100.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 158536 c:\windows\system32\atl100.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 158536 c:\windows\system32\atl100.dll
- 2009-07-14 05:01 . 2012-04-06 14:32 328132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-08 18:35 328132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-20 21:45 . 2012-04-08 18:35 655988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3237278501-2197267037-3624102315-1000-8192.dat
- 2011-11-20 21:45 . 2012-04-06 14:32 655988 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3237278501-2197267037-3624102315-1000-8192.dat
+ 2011-01-07 13:02 . 2011-01-07 13:02 5523280 c:\windows\system32\mfc100u.dll
+ 2011-01-07 13:02 . 2011-01-07 13:02 5493576 c:\windows\system32\mfc100.dll
- 2010-03-18 08:36 . 2010-03-18 08:36 5493576 c:\windows\system32\mfc100.dll
+ 2011-11-26 20:27 . 2012-04-08 18:35 1339112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-11-26 20:27 . 2012-04-06 14:30 1339112 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-01-07 18:05 . 2011-01-07 18:05 4583936 c:\windows\Installer\91e238.msp
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files (x86)\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2000-01-01 190536]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13374568]
"combofix"="c:\combofix\CF5298.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.103.30.1 217.117.216.7
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_EU&apn_uid=d134faf3-a51d-4740-9a4d-55622e2283f5&apn_ptnrs=FV&apn_sauid=D24EED9F-5BDA-4228-899E-DF391270F423&apn_dtid=YYYYYYYYCZ&&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.3\bin\postgres.exe
.
**************************************************************************
.
Celkový čas: 2012-04-08 20:45:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-04-08 18:45
ComboFix2.txt 2012-04-06 16:02
.
Před spuštěním: Volných bajtů: 240 213 069 824
Po spuštění: Volných bajtů: 239 713 611 776
.
- - End Of File - - 70D913EC48264BDBECD267DA5332EA8F
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: Moc prosím o kontrolu logu
Omlouvám se za zpoždění, ale nějak jsem tento thread "zasklil".
Log už vypadá daleko lépe. Jak se chová počítač?
Ještě tam jsou nějaké zbytky po Ask Toolbaru, ty musíme pomazat. Podíváme se na to raději přes OTL.
Pro začátek stáhni OTL z tohoto odkazu a ulož jej na Plochu.
Log už vypadá daleko lépe. Jak se chová počítač?
Ještě tam jsou nějaké zbytky po Ask Toolbaru, ty musíme pomazat. Podíváme se na to raději přes OTL.
Pro začátek stáhni OTL z tohoto odkazu a ulož jej na Plochu.
- Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
- Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
- Zaškrtni okénko Pro všechny uživatele.
- Zaškrtni okénko Kontrola na havěť "LOP".
- Zaškrtni okénko Kontrola na havěť "Purity".
- Stáři souborů změň z 30 dnů na 7 dnů!!
- Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli!):
Kód: Vybrat vše
CREATERESTOREPOINT
netsvc
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
%userprofile%\Plocha\*.*
%userprofile%\Desktop\*.*
%ALLUSERSPROFILE%\Plocha\*.*
%ALLUSERSPROFILE%\Desktop\*.*
*crack* /s
*keygen* /s
*loader* /s
*RemoveWAT* /s
*minodlogin* /s
*tnod* /s
*TemDono* /s
*AutoKMS* /s
*KMSEmulator* /s
*activator* /s
*serial* /s
*w7lxe* /s
*AutoRearm* /s
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s
%SystemDrive%\PhysicalMBR.bin /md5- Klikni na tlačítko [Prohledat].
- Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
- Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: Moc prosím o kontrolu logu
Počítač už je mnohem rychlejší a už vůbec nezamrzá.
Zde je log OTL :
OTL logfile created on: 11.4.2012 9:24:35 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Zdeněk\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,78% Memory free
6,00 Gb Paging File | 4,80 Gb Available in Paging File | 80,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,56 Gb Total Space | 222,33 Gb Free Space | 47,76% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 158,60 Gb Free Space | 34,05% Space Free | Partition Type: NTFS
Computer Name: KROKY | User Name: Zdeněk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.04.11 09:22:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Zdeněk\Desktop\OTL.exe
PRC - [2012.03.05 22:06:31 | 000,214,520 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.01.10 14:17:23 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.11.28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009.12.10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009.12.10 04:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009.11.03 05:26:27 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009.07.29 13:19:00 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.04.14 11:10:30 | 001,032,192 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
========== Modules (No Company Name) ==========
MOD - [2011.11.19 01:35:58 | 006,276,768 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.12.06 05:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.11.28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.03.21 21:52:55 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.03.05 22:06:31 | 000,214,520 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.01.10 14:17:23 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009.07.29 13:19:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.04 12:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.04.05 17:26:34 | 000,013,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2011.12.06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.12.06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.12.06 04:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.11.28 19:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 19:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 19:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 19:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 19:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 19:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.11.19 17:03:50 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.09 08:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009.02.09 08:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009.02.09 08:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009.02.09 08:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2000.01.01 02:00:00 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2000.01.01 02:00:00 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2000.01.01 02:00:00 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2000.01.01 02:00:00 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2000.01.01 02:00:00 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2000.01.01 02:00:00 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={312F ... 2012-03-24 10:23:28&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\..\SearchScopes\{C452AD94-6DA8-4982-968F-CB7C4DC97C70}: "URL" = http://websearch.ask.com/redirect?clien ... 391270F423
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100010
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.66.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?clien ... YYYYCZ&&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.01 17:56:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.19 00:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.27 01:58:07 | 000,000,000 | ---D | M]
[2011.11.19 01:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zdeněk\AppData\Roaming\mozilla\Extensions
[2012.04.11 09:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zdeněk\AppData\Roaming\mozilla\Firefox\Profiles\ruanqapx.default\extensions
[2011.12.08 15:20:13 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Zdeněk\AppData\Roaming\mozilla\Firefox\Profiles\ruanqapx.default\extensions\battlefieldplay4free@ea.com
[2012.02.02 17:35:59 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Zdeněk\AppData\Roaming\mozilla\Firefox\Profiles\ruanqapx.default\extensions\firefox@tvunetworks.com
[2012.02.09 14:23:21 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Zdeněk\AppData\Roaming\mozilla\Firefox\Profiles\ruanqapx.default\extensions\toolbar@ask.com
[2012.04.10 16:17:54 | 000,002,399 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\searchplugins\askcom.xml
[2011.11.19 00:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.01 17:56:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\ZDENěK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RUANQAPX.DEFAULT\EXTENSIONS\BATTLEFIELDPLAY4FREE@EA.COM
File not found (No name found) -- C:\USERS\ZDENěK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RUANQAPX.DEFAULT\EXTENSIONS\FIREFOX@TVUNETWORKS.COM
File not found (No name found) -- C:\USERS\ZDENěK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RUANQAPX.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2012.03.24 11:23:23 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2009.11.03 03:45:38 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2009.11.03 03:45:38 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2009.11.03 03:45:38 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2009.11.03 03:45:38 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2009.11.03 03:45:38 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2012.04.08 20:36:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.103.30.1 217.117.216.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6C90149-78C8-44BD-8CC0-255B2F73B949}: DhcpNameServer = 10.103.30.1 217.117.216.7
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.04.11 09:22:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Zdeněk\Desktop\OTL.exe
[2012.04.10 16:37:28 | 000,000,000 | ---D | C] -- C:\Users\Zdeněk\AppData\Local\PokerStars.NET
[2012.04.10 16:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2012.04.10 16:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2012.04.08 20:50:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.04.08 20:45:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.04.08 20:19:17 | 004,453,488 | R--- | C] (Swearware) -- C:\Users\Zdeněk\Desktop\ComboFix.exe
[2012.04.06 17:42:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.04.06 17:42:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.04.06 17:42:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.04.06 17:42:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.04.06 17:42:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.06 14:19:48 | 000,000,000 | ---D | C] -- C:\Users\Zdeněk\AppData\Roaming\Malwarebytes
[2012.04.05 14:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.04.05 14:22:59 | 000,000,000 | ---D | C] -- C:\rsit
========== Files - Modified Within 7 Days ==========
[2012.04.11 09:26:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.04.11 09:22:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Zdeněk\Desktop\OTL.exe
[2012.04.11 09:21:36 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 09:21:36 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 09:14:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.11 09:14:02 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.10 16:37:28 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012.04.08 20:54:11 | 000,000,134 | ---- | M] () -- C:\Users\Zdeněk\Desktop\Poradce při potížích s aplikací Internet Explorer.url
[2012.04.08 20:36:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.04.08 20:19:35 | 004,453,488 | R--- | M] (Swearware) -- C:\Users\Zdeněk\Desktop\ComboFix.exe
[2012.04.06 18:21:28 | 000,001,024 | ---- | M] () -- C:\Users\Zdeněk\AppData\Local\SRDownloader.nast
[2012.04.05 17:26:34 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
========== Files Created - No Company Name ==========
[2012.04.11 09:26:18 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.04.10 16:37:28 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012.04.08 20:54:11 | 000,000,134 | ---- | C] () -- C:\Users\Zdeněk\Desktop\Poradce při potížích s aplikací Internet Explorer.url
[2012.04.06 17:42:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.06 17:42:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.06 17:42:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.06 17:42:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.06 17:42:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.01 21:48:47 | 000,003,584 | ---- | C] () -- C:\Users\Zdeněk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.11 12:28:38 | 001,554,160 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.11 11:02:49 | 000,005,084 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.12.06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.12.06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.12.02 22:53:40 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.02 22:53:38 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.02 22:53:37 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.11.30 16:51:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.11.19 16:26:08 | 000,004,068 | ---- | C] () -- C:\Users\Zdeněk\AppData\Local\SRDownloader.err
[2011.11.19 15:20:32 | 000,001,024 | ---- | C] () -- C:\Users\Zdeněk\AppData\Local\SRDownloader.nast
[2011.11.19 02:05:11 | 000,000,175 | ---- | C] () -- C:\Users\Zdeněk\AppData\Roaming\default.rss
[2011.11.18 23:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
========== LOP Check ==========
[2011.12.05 23:44:37 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\BSplayer
[2011.11.19 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\BSplayer Pro
[2012.04.02 18:32:11 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\DAEMON Tools Lite
[2012.03.11 12:44:25 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\HEM Data
[2012.03.11 12:47:02 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\HoldemManager
[2011.12.08 14:46:06 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Leadertech
[2012.02.10 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\LuckyAcePoker.com
[2012.03.13 13:56:16 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Microgaming
[2012.02.10 13:36:05 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Nokia
[2012.04.01 21:46:01 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Nseries
[2011.11.19 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\OpenCandy
[2012.02.15 19:28:43 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PacificPoker
[2012.02.10 13:37:51 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PC Suite
[2012.03.11 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\postgresql
[2012.01.09 20:41:42 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PunkBuster
[2012.02.27 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Rovio
[2011.12.19 18:02:39 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\TeamViewer
[2012.04.02 18:32:07 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\uTorrent
[2011.11.19 01:37:44 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\wargaming.net
[2012.02.14 14:59:09 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< netsvc >
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Zdeněk\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120206T111251362046\internal_ide_channel\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Zdeněk\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120324T092414042968\internal_ide_channel\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Users\Zdeněk\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120206T111251362046\gencdrom\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Users\Zdeněk\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120324T092414042968\gencdrom\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\ERDNT\cache86\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011.09.29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010.11.20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011.04.25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011.09.29 18:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011.09.29 18:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\ERDNT\cache64\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[12 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.12.10 18:45:57 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Adobe
[2011.11.18 23:50:03 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\ATI
[2011.12.05 23:44:37 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\BSplayer
[2011.11.19 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\BSplayer Pro
[2012.04.02 18:32:11 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\DAEMON Tools Lite
[2012.03.11 12:44:25 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\HEM Data
[2012.03.11 12:47:02 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\HoldemManager
[2011.11.18 23:32:24 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Identities
[2011.12.08 14:46:06 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Leadertech
[2012.02.10 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\LuckyAcePoker.com
[2011.11.19 01:36:02 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Macromedia
[2012.04.06 14:19:48 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Malwarebytes
[2009.07.14 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Media Center Programs
[2012.03.13 13:56:16 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Microgaming
[2012.04.01 21:50:46 | 000,000,000 | --SD | M] -- C:\Users\Zdeněk\AppData\Roaming\Microsoft
[2011.11.19 01:10:17 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Mozilla
[2012.03.16 16:33:29 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Mozilla-Cache
[2011.11.19 02:04:58 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Nero
[2012.02.10 13:36:05 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Nokia
[2012.04.01 21:46:01 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Nseries
[2011.11.19 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\OpenCandy
[2012.02.15 19:28:43 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PacificPoker
[2012.02.10 13:37:51 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PC Suite
[2012.03.11 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\postgresql
[2012.01.09 20:41:42 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PunkBuster
[2012.02.27 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Rovio
[2012.04.02 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Skype
[2011.12.19 18:02:39 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\TeamViewer
[2012.04.02 18:32:07 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\uTorrent
[2011.11.19 01:37:44 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\wargaming.net
[2012.04.02 19:20:28 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Winamp
[2011.11.19 16:56:52 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2009.08.11 22:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 22:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 15:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 18:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 11:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 11:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 11:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 16:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2011.09.23 15:07:18 | 001,005,512 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe
[2011.08.02 00:38:30 | 001,872,896 | ---- | M] (Speedchecker Limited ) -- C:\Users\Zdeněk\AppData\Roaming\OpenCandy\AE7DA04B7D1D41388A77576B110FCFA9\pcspeedup.exe
[2011.02.24 17:07:45 | 000,835,440 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
< %SYSTEMDRIVE%\*.exe >
< %userprofile%\Plocha\*.* >
< %userprofile%\Desktop\*.* >
[2012.04.01 13:26:14 | 977,834,896 | ---- | M] () -- C:\Users\Zdeněk\Desktop\BASTARDI 2 2011 BY ROBISEK.avi
[2012.01.31 22:23:10 | 000,000,753 | ---- | M] () -- C:\Users\Zdeněk\Desktop\bwin Casino.lnk
[2012.04.08 20:19:35 | 004,453,488 | R--- | M] (Swearware) -- C:\Users\Zdeněk\Desktop\ComboFix.exe
[2011.12.05 13:58:04 | 000,000,282 | -HS- | M] () -- C:\Users\Zdeněk\Desktop\desktop.ini
[2012.02.09 13:36:51 | 000,001,202 | ---- | M] () -- C:\Users\Zdeněk\Desktop\Format Factory.lnk
[2012.01.23 14:52:24 | 000,097,577 | ---- | M] () -- C:\Users\Zdeněk\Desktop\foto.JPG
[2012.04.11 09:22:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Zdeněk\Desktop\OTL.exe
[2012.02.06 15:43:47 | 000,010,814 | ---- | M] () -- C:\Users\Zdeněk\Desktop\POKER.jpg
[2012.04.08 20:54:11 | 000,000,134 | ---- | M] () -- C:\Users\Zdeněk\Desktop\Poradce při potížích s aplikací Internet Explorer.url
[2012.03.25 18:12:14 | 000,904,192 | ---- | M] (Share-rapid.com) -- C:\Users\Zdeněk\Desktop\SRDownloader.exe
[2012.01.30 13:32:11 | 000,000,723 | ---- | M] () -- C:\Users\Zdeněk\Desktop\Titan Poker.lnk
[2012.03.14 12:15:53 | 000,001,114 | ---- | M] () -- C:\Users\Zdeněk\Desktop\TmUnited.lnk
[2012.04.03 10:57:35 | 000,022,528 | ---- | M] () -- C:\Users\Zdeněk\Desktop\Výsledky Poker.xls
[2012.03.16 16:33:15 | 000,001,563 | ---- | M] () -- C:\Users\Zdeněk\Desktop\WPT Poker.lnk
< %ALLUSERSPROFILE%\Plocha\*.* >
< %ALLUSERSPROFILE%\Desktop\*.* >
Zde je log OTL :
OTL logfile created on: 11.4.2012 9:24:35 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Zdeněk\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 64,78% Memory free
6,00 Gb Paging File | 4,80 Gb Available in Paging File | 80,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,56 Gb Total Space | 222,33 Gb Free Space | 47,76% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 158,60 Gb Free Space | 34,05% Space Free | Partition Type: NTFS
Computer Name: KROKY | User Name: Zdeněk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2012.04.11 09:22:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Zdeněk\Desktop\OTL.exe
PRC - [2012.03.05 22:06:31 | 000,214,520 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.01.10 14:17:23 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.11.28 20:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.11.28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009.12.10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009.12.10 04:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009.11.03 05:26:27 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009.07.29 13:19:00 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.04.14 11:10:30 | 001,032,192 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
========== Modules (No Company Name) ==========
MOD - [2011.11.19 01:35:58 | 006,276,768 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.12.06 05:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.11.28 20:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012.03.21 21:52:55 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.03.05 22:06:31 | 000,214,520 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.01.10 14:17:23 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009.07.29 13:19:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.04 12:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.04.05 17:26:34 | 000,013,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2011.12.06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.12.06 05:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.12.06 04:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.11.28 19:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011.11.28 19:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011.11.28 19:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011.11.28 19:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011.11.28 19:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.11.28 19:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011.11.19 17:03:50 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.09 08:38:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009.02.09 08:38:34 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009.02.09 08:38:34 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009.02.09 08:38:32 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008.08.28 13:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2000.01.01 02:00:00 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2000.01.01 02:00:00 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2000.01.01 02:00:00 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2000.01.01 02:00:00 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2000.01.01 02:00:00 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2000.01.01 02:00:00 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={312F ... 2012-03-24 10:23:28&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\..\SearchScopes\{C452AD94-6DA8-4982-968F-CB7C4DC97C70}: "URL" = http://websearch.ask.com/redirect?clien ... 391270F423
IE - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.14.1.100010
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1367
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.66.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?clien ... YYYYCZ&&q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.02.01 17:56:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.19 00:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.27 01:58:07 | 000,000,000 | ---D | M]
[2011.11.19 01:10:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zdeněk\AppData\Roaming\mozilla\Extensions
[2012.04.11 09:24:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zdeněk\AppData\Roaming\mozilla\Firefox\Profiles\ruanqapx.default\extensions
[2011.12.08 15:20:13 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Zdeněk\AppData\Roaming\mozilla\Firefox\Profiles\ruanqapx.default\extensions\battlefieldplay4free@ea.com
[2012.02.02 17:35:59 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Zdeněk\AppData\Roaming\mozilla\Firefox\Profiles\ruanqapx.default\extensions\firefox@tvunetworks.com
[2012.02.09 14:23:21 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Zdeněk\AppData\Roaming\mozilla\Firefox\Profiles\ruanqapx.default\extensions\toolbar@ask.com
[2012.04.10 16:17:54 | 000,002,399 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\searchplugins\askcom.xml
[2011.11.19 00:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.01 17:56:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\ZDENěK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RUANQAPX.DEFAULT\EXTENSIONS\BATTLEFIELDPLAY4FREE@EA.COM
File not found (No name found) -- C:\USERS\ZDENěK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RUANQAPX.DEFAULT\EXTENSIONS\FIREFOX@TVUNETWORKS.COM
File not found (No name found) -- C:\USERS\ZDENěK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RUANQAPX.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2012.03.24 11:23:23 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2009.11.03 03:45:38 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2009.11.03 03:45:38 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mall-cz.xml
[2009.11.03 03:45:38 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2009.11.03 03:45:38 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2009.11.03 03:45:38 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2012.04.08 20:36:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3237278501-2197267037-3624102315-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.103.30.1 217.117.216.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6C90149-78C8-44BD-8CC0-255B2F73B949}: DhcpNameServer = 10.103.30.1 217.117.216.7
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 7 Days ==========
[2012.04.11 09:22:13 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Zdeněk\Desktop\OTL.exe
[2012.04.10 16:37:28 | 000,000,000 | ---D | C] -- C:\Users\Zdeněk\AppData\Local\PokerStars.NET
[2012.04.10 16:37:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2012.04.10 16:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2012.04.08 20:50:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.04.08 20:45:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.04.08 20:19:17 | 004,453,488 | R--- | C] (Swearware) -- C:\Users\Zdeněk\Desktop\ComboFix.exe
[2012.04.06 17:42:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.04.06 17:42:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.04.06 17:42:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.04.06 17:42:38 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.04.06 17:42:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.06 14:19:48 | 000,000,000 | ---D | C] -- C:\Users\Zdeněk\AppData\Roaming\Malwarebytes
[2012.04.05 14:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.04.05 14:22:59 | 000,000,000 | ---D | C] -- C:\rsit
========== Files - Modified Within 7 Days ==========
[2012.04.11 09:26:18 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.04.11 09:22:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Zdeněk\Desktop\OTL.exe
[2012.04.11 09:21:36 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 09:21:36 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.11 09:14:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.11 09:14:02 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.10 16:37:28 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012.04.08 20:54:11 | 000,000,134 | ---- | M] () -- C:\Users\Zdeněk\Desktop\Poradce při potížích s aplikací Internet Explorer.url
[2012.04.08 20:36:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.04.08 20:19:35 | 004,453,488 | R--- | M] (Swearware) -- C:\Users\Zdeněk\Desktop\ComboFix.exe
[2012.04.06 18:21:28 | 000,001,024 | ---- | M] () -- C:\Users\Zdeněk\AppData\Local\SRDownloader.nast
[2012.04.05 17:26:34 | 000,013,920 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
========== Files Created - No Company Name ==========
[2012.04.11 09:26:18 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.04.10 16:37:28 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012.04.08 20:54:11 | 000,000,134 | ---- | C] () -- C:\Users\Zdeněk\Desktop\Poradce při potížích s aplikací Internet Explorer.url
[2012.04.06 17:42:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.06 17:42:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.06 17:42:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.06 17:42:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.06 17:42:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.01 21:48:47 | 000,003,584 | ---- | C] () -- C:\Users\Zdeněk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.11 12:28:38 | 001,554,160 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.11 11:02:49 | 000,005,084 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2011.12.06 04:35:10 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.12.06 04:35:10 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.05 23:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.12.05 23:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.12.02 22:53:40 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.02 22:53:38 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.02 22:53:37 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011.11.30 16:51:48 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.11.19 16:26:08 | 000,004,068 | ---- | C] () -- C:\Users\Zdeněk\AppData\Local\SRDownloader.err
[2011.11.19 15:20:32 | 000,001,024 | ---- | C] () -- C:\Users\Zdeněk\AppData\Local\SRDownloader.nast
[2011.11.19 02:05:11 | 000,000,175 | ---- | C] () -- C:\Users\Zdeněk\AppData\Roaming\default.rss
[2011.11.18 23:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
========== LOP Check ==========
[2011.12.05 23:44:37 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\BSplayer
[2011.11.19 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\BSplayer Pro
[2012.04.02 18:32:11 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\DAEMON Tools Lite
[2012.03.11 12:44:25 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\HEM Data
[2012.03.11 12:47:02 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\HoldemManager
[2011.12.08 14:46:06 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Leadertech
[2012.02.10 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\LuckyAcePoker.com
[2012.03.13 13:56:16 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Microgaming
[2012.02.10 13:36:05 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Nokia
[2012.04.01 21:46:01 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Nseries
[2011.11.19 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\OpenCandy
[2012.02.15 19:28:43 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PacificPoker
[2012.02.10 13:37:51 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PC Suite
[2012.03.11 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\postgresql
[2012.01.09 20:41:42 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PunkBuster
[2012.02.27 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Rovio
[2011.12.19 18:02:39 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\TeamViewer
[2012.04.02 18:32:07 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\uTorrent
[2011.11.19 01:37:44 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\wargaming.net
[2012.02.14 14:59:09 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< >
< netsvc >
< >
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Zdeněk\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120206T111251362046\internal_ide_channel\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Users\Zdeněk\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120324T092414042968\internal_ide_channel\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010.11.20 15:24:26 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009.07.14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Users\Zdeněk\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120206T111251362046\gencdrom\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Users\Zdeněk\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Backups\20120324T092414042968\gencdrom\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010.11.20 11:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\ERDNT\cache86\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010.11.20 15:33:34 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: TCPIP.SYS >
[2011.04.25 07:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2011.09.29 19:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010.11.20 15:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011.04.25 07:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011.04.25 07:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011.09.29 18:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2011.04.25 08:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011.09.29 18:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\ERDNT\cache64\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\SysNative\drivers\tcpip.sys
[2011.09.29 18:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< >
< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[5 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[12 C:\Windows\temp\*.tmp files -> C:\Windows\temp\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.12.10 18:45:57 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Adobe
[2011.11.18 23:50:03 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\ATI
[2011.12.05 23:44:37 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\BSplayer
[2011.11.19 13:40:55 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\BSplayer Pro
[2012.04.02 18:32:11 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\DAEMON Tools Lite
[2012.03.11 12:44:25 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\HEM Data
[2012.03.11 12:47:02 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\HoldemManager
[2011.11.18 23:32:24 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Identities
[2011.12.08 14:46:06 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Leadertech
[2012.02.10 19:15:14 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\LuckyAcePoker.com
[2011.11.19 01:36:02 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Macromedia
[2012.04.06 14:19:48 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Malwarebytes
[2009.07.14 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Media Center Programs
[2012.03.13 13:56:16 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Microgaming
[2012.04.01 21:50:46 | 000,000,000 | --SD | M] -- C:\Users\Zdeněk\AppData\Roaming\Microsoft
[2011.11.19 01:10:17 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Mozilla
[2012.03.16 16:33:29 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Mozilla-Cache
[2011.11.19 02:04:58 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Nero
[2012.02.10 13:36:05 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Nokia
[2012.04.01 21:46:01 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Nseries
[2011.11.19 17:04:20 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\OpenCandy
[2012.02.15 19:28:43 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PacificPoker
[2012.02.10 13:37:51 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PC Suite
[2012.03.11 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\postgresql
[2012.01.09 20:41:42 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\PunkBuster
[2012.02.27 18:15:08 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Rovio
[2012.04.02 18:33:04 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Skype
[2011.12.19 18:02:39 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\TeamViewer
[2012.04.02 18:32:07 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\uTorrent
[2011.11.19 01:37:44 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\wargaming.net
[2012.04.02 19:20:28 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\Winamp
[2011.11.19 16:56:52 | 000,000,000 | ---D | M] -- C:\Users\Zdeněk\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2009.08.11 22:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 22:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 15:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 18:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 11:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 11:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 11:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 16:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe
[2011.09.23 15:07:18 | 001,005,512 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Zdeněk\AppData\Roaming\Mozilla\Firefox\Profiles\ruanqapx.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe
[2011.08.02 00:38:30 | 001,872,896 | ---- | M] (Speedchecker Limited ) -- C:\Users\Zdeněk\AppData\Roaming\OpenCandy\AE7DA04B7D1D41388A77576B110FCFA9\pcspeedup.exe
[2011.02.24 17:07:45 | 000,835,440 | ---- | M] () -- C:\Users\Zdeněk\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
< %SYSTEMDRIVE%\*.exe >
< %userprofile%\Plocha\*.* >
< %userprofile%\Desktop\*.* >
[2012.04.01 13:26:14 | 977,834,896 | ---- | M] () -- C:\Users\Zdeněk\Desktop\BASTARDI 2 2011 BY ROBISEK.avi
[2012.01.31 22:23:10 | 000,000,753 | ---- | M] () -- C:\Users\Zdeněk\Desktop\bwin Casino.lnk
[2012.04.08 20:19:35 | 004,453,488 | R--- | M] (Swearware) -- C:\Users\Zdeněk\Desktop\ComboFix.exe
[2011.12.05 13:58:04 | 000,000,282 | -HS- | M] () -- C:\Users\Zdeněk\Desktop\desktop.ini
[2012.02.09 13:36:51 | 000,001,202 | ---- | M] () -- C:\Users\Zdeněk\Desktop\Format Factory.lnk
[2012.01.23 14:52:24 | 000,097,577 | ---- | M] () -- C:\Users\Zdeněk\Desktop\foto.JPG
[2012.04.11 09:22:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Zdeněk\Desktop\OTL.exe
[2012.02.06 15:43:47 | 000,010,814 | ---- | M] () -- C:\Users\Zdeněk\Desktop\POKER.jpg
[2012.04.08 20:54:11 | 000,000,134 | ---- | M] () -- C:\Users\Zdeněk\Desktop\Poradce při potížích s aplikací Internet Explorer.url
[2012.03.25 18:12:14 | 000,904,192 | ---- | M] (Share-rapid.com) -- C:\Users\Zdeněk\Desktop\SRDownloader.exe
[2012.01.30 13:32:11 | 000,000,723 | ---- | M] () -- C:\Users\Zdeněk\Desktop\Titan Poker.lnk
[2012.03.14 12:15:53 | 000,001,114 | ---- | M] () -- C:\Users\Zdeněk\Desktop\TmUnited.lnk
[2012.04.03 10:57:35 | 000,022,528 | ---- | M] () -- C:\Users\Zdeněk\Desktop\Výsledky Poker.xls
[2012.03.16 16:33:15 | 000,001,563 | ---- | M] () -- C:\Users\Zdeněk\Desktop\WPT Poker.lnk
< %ALLUSERSPROFILE%\Plocha\*.* >
< %ALLUSERSPROFILE%\Desktop\*.* >
Přispějete na provoz fóra?